Security system and methodology for providing indirect access control
First Claim
Patent Images
1. A method for control of indirect access to a network, the method comprising:
- detecting an attempt to access a network from a first application;
determining whether at least one other application is attempting indirect network access through said first application;
if at least one other application is determined to be attempting indirect network access, evaluating whether each said at least one other application is approved for network access;
if each said at least one other application is approved for network access, permitting access to the network by said first application; and
otherwise, denying access to the network.
4 Assignments
0 Petitions
Accused Products
Abstract
A system providing methods for indirect access control is described. When an attempt to access a network by a first application is detected, a determination is made as to whether at least one other application is attempting indirect network access through the first application. If at least one other application is determined to be attempting indirect network access, each such other application is evaluated to determine if it is approved for network access. If each such other application is approved for network access, access to the network is permitted. Otherwise, access to the network is denied.
-
Citations
42 Claims
-
1. A method for control of indirect access to a network, the method comprising:
-
detecting an attempt to access a network from a first application;
determining whether at least one other application is attempting indirect network access through said first application;
if at least one other application is determined to be attempting indirect network access, evaluating whether each said at least one other application is approved for network access;
if each said at least one other application is approved for network access, permitting access to the network by said first application; and
otherwise, denying access to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a computer system, a method for controlling indirect access to a network, said indirect access comprising access by a program to a network through at least one other program, the method comprising:
-
in response to launching of a first program by a second program, collecting relationship information about the first program and second program;
in response to an attempt to access a network by a given program, generating a list of programs indirectly accessing the network through the given program based upon the collected relationship information;
determining whether each program on said list is trusted under a security policy governing access to the network; and
if a program on said list is determined not to be trusted, denying access to the network. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A system for regulating indirect access to resources, the system comprising:
-
a security policy governing access to resources;
a driver module for detecting creation of a new process and invoking a supervisor module;
a supervisor module for identifying all parent processes of the newly created process; and
an enforcement module for determining whether to permit access to resources based, at least in part, upon the identified parent processes and the security policy governing access to resources. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification