Computer network malicious code scanner method and apparatus
First Claim
1. A method of detecting and preventing execution of problematic instructions in an application program provided from a computer network to a client, comprising:
- providing the application program over the computer network;
determining, prior to downloading the application program to the client, whether the provided application program includes any instructions that are members of a particular set of instructions;
downloading the application program without alteration and executing the application program if it is determined that no members of the set are included in the application program;
if it is determined that an instruction is a member of the set, then downloading the application program to the client along with a security monitoring package, thereby allowing monitoring of execution of the instruction at the client.
0 Assignments
0 Petitions
Accused Products
Abstract
A network scanner for security checking of application programs (e.g. Java applets or Active X controls) received over the Internet or an Intranet has both static (pre-run time) and dynamic (run time) scanning. Static scanning at the HTTP proxy server identifies suspicious instructions and instruments them e.g. a pre-and-post filter instruction sequence or otherwise. The instrumented applet is then transferred to the client (web browser) together with security monitoring code. During run time at the client, the instrumented instructions are thereby monitored for security policy violations, and execution of an instruction is prevented in the event of such a violation.
428 Citations
27 Claims
-
1. A method of detecting and preventing execution of problematic instructions in an application program provided from a computer network to a client, comprising:
-
providing the application program over the computer network;
determining, prior to downloading the application program to the client, whether the provided application program includes any instructions that are members of a particular set of instructions;
downloading the application program without alteration and executing the application program if it is determined that no members of the set are included in the application program;
if it is determined that an instruction is a member of the set, then downloading the application program to the client along with a security monitoring package, thereby allowing monitoring of execution of the instruction at the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
determining if the application program includes an authentication;
verifying the authentication; and
replacing the verified authentication with a second authentication.
-
-
13. The method of claim 1, further comprising:
-
providing all dependency files associated with the application program;
providing a single monitoring package performing the step of determining for the application program and its associated dependency files; and
executing the application program and its associated dependency files.
-
-
14. A scanner for detecting and preventing execution of instructions in an application program provided from a computer network to a client, wherein the scanner determines whether the provided application program includes any instructions that are members of a particular set of instructions, allowing downloading of the application program to the client and execution of the application program if it is determined that no members of the set are included in the application program;
- and comprising
an instrumenter which associates a security monitoring package with the application program at an instruction which is determined to be a member of the set, thereby allowing monitoring of execution of such instruction at the client. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
a verifier which determines if the application program includes an authentication and verifies the authentication; and
a signer which replaces the verified authentication with a second authentication.
- and comprising
-
27. The scanner of claim 14, further comprising:
-
a prefetcher which fetches all dependency files associated with the application program; and
a security policy generator which provides a single security monitoring package for the application program and its associated dependency files.
-
Specification