Malicious Mobile Code Runtime Monitoring System and Methods
First Claim
1. A processor-based method, comprising:
- receiving, by a server, a file;
detecting, by a code detector, whether the file includes one or more instances of executable code;
generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; and
receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code and the file into a sandboxed package, wherein the bundling does not alter the file.
4 Assignments
0 Petitions
Accused Products
Abstract
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.
53 Citations
16 Claims
-
1. A processor-based method, comprising:
-
receiving, by a server, a file; detecting, by a code detector, whether the file includes one or more instances of executable code; generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; and receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code and the file into a sandboxed package, wherein the bundling does not alter the file. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processor-based method for monitoring for received executables, comprising:
-
detecting, by a first processing device, a received executable; wrapping, by a server, the received executable with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file; the sandbox agent, a security policy related to the received executable and the received executable, and further wherein the bundling does not alter the separate code objects; and sending, by the server, the file to a second processing device. - View Dependent Claims (7, 8, 9)
-
-
10. A processor-based method, comprising:
-
receiving, at a server, a file; detecting, by a detector engine, at least one received executable within the received file; wrapping, by the server, the received file with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file; the sandbox agent, a security policy related to the at least one received executable and the received file, and further wherein the bundling does not alter the separate code objects; and sending, by the server, the sandbox file to a processing device. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer-implemented method, comprising:
-
receiving program code at a first computing device; detecting if the program code contains an executable file; forming a sandbox package including protection code and the program code if it contains an executable file; and sending the sandbox package to a second computing device.
-
Specification