System and method for protecting a client during runtime from hostile downloadables
CAFC
First Claim
Patent Images
1. A computer-based method, comprising:
- monitoring the operating system during runtime for an event caused from a request made by a Downloadable;
interrupting processing of the request;
comparing information pertaining to the Downloadable against a predetermined security policy; and
performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing results of the comparison in an event log.
5 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A system and method examine execution or interpretation of a Downloadable for operations deemed suspicious or hostile, and respond accordingly. The system includes security rules defining suspicious actions and security policies defining the appropriate responsive actions to rule violations. The system includes an interface for receiving incoming Downloadable and requests made by the Downloadable. The system still further includes a comparator coupled to the interface for examining the Downloadable, requests made by the Downloadable and runtime events to determine whether a security policy has been violated, and a response engine coupled to the comparator for performing a violation-based responsive action.
258 Citations
8 Claims
-
1. A computer-based method, comprising:
-
monitoring the operating system during runtime for an event caused from a request made by a Downloadable; interrupting processing of the request; comparing information pertaining to the Downloadable against a predetermined security policy; and performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing results of the comparison in an event log.
-
-
2. A computer-based method, comprising:
-
monitoring the operating system during runtime for an event caused from a request made by a Downloadable; interrupting processing of the request; comparing information pertaining to the Downloadable against a predetermined security policy; and performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing the Downloadable in a suspicious Downloadable database.
-
-
3. A system, comprising:
-
a security policy; an operating system interface for recognizing a runtime event caused from a request made by a Downloadable; a comparator coupled to the interface for comparing information pertaining to the received Downloadable with the security policy; a response engine coupled to the comparator for performing a predetermined responsive action based on the comparison with the security policy; and an event log coupled to the comparator for storing results of the comparison.
-
-
4. A system, comprising:
-
a security policy; an operating system interface for recognizing a runtime event caused from a request made by a Downloadable; a comparator coupled to the interface for comparing information pertaining to the received Downloadable with the security policy; a response engine coupled to the comparator for performing a predetermined responsive action based on the comparison with the security policy; and a suspicious Downloadable database for storing known and previously-deemed suspicious Downloadables.
-
-
5. A system for determining whether a Downloadable, which is received by a Downloadable engine, is suspicious, comprising:
-
means for monitoring the operating system during runtime for an event caused from a request made by a Downloadable; means for interrupting processing of the request; means for comparing information pertaining to the Downloadable against a predetermined security policy; and means for performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing results of the comparison in an event log.
-
-
6. A system for determining whether a Downloadable, which is received by a Downloadable engine, is suspicious, comprising:
-
means for monitoring the operating system during runtime for an event caused from a request made by a Downloadable; means for interrupting processing of the request; means for comparing information pertaining to the Downloadable against a predetermined security policy; and means for performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing the Downloadable in a suspicious Downloadable database.
-
-
7. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
monitoring the operating system during runtime for an event caused from a request made by a Downloadable; interrupting processing of the request; comparing information pertaining to the Downloadable against a predetermined security policy; and performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing results of the comparison in an event log.
-
-
8. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
monitoring the operating system during runtime for an event caused from a request made by a Downloadable; interrupting processing of the request; comparing information pertaining to the Downloadable against a predetermined security policy; and performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing the Downloadable in a suspicious Downloadable database.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
Litigation Data
-
Current AssigneeFinjan Holdings, Inc. (SoftBank Group Corp.)
-
Original AssigneeFinjan Software, Inc. (SoftBank Group Corp.)
-
InventorsTouboul, Shlomo
-
Primary Examiner(s)LE, DIEU MINH T
-
Application NumberUS08/790,097Time in Patent Office1,427 DaysField of Search395/186, 395/200.55, 395/200.59, 364/222.5, 364/286.4, 364/286.5, 326/8, 711/163, 713/200, 713/201, 380/4, 380/25US Class Current726/23CPC Class CodesG06F 21/51 at application loading time...G06F 21/53 by executing in a restricte...G06F 2211/009 TrustG06F 2221/2119 Authenticating web pages, e...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/145 the attack involving the pr...
