Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process
First Claim
Patent Images
1. A method for protecting several programs from unauthorized access by processes, comprising:
- assigning an address space to each program to be protected;
assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space;
forwarding, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
determining in the checking function whether the accessing process is listed in the process file assigned to the program byforming an accessing cryptographic value for each accessing process, andcomparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
1 Assignment
0 Petitions
Accused Products
Abstract
An area and a process file are assigned to each program to be protected. The process or processes that may run in the corresponding area is or are stored in a process file. When the program is running, a process attempting to access the program is checked to confirm whether the accessing process is included in the corresponding process file. The accessing process is executed only if it is included in the process file.
-
Citations
16 Claims
-
1. A method for protecting several programs from unauthorized access by processes, comprising:
-
assigning an address space to each program to be protected; assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space; forwarding, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file; determining in the checking function whether the accessing process is listed in the process file assigned to the program by forming an accessing cryptographic value for each accessing process, and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
2. An array for protecting several programs from unauthorized access by a process, comprising:
a processor programmed to assign an address space and a process file to each program to be protected, where the process file is separate from the program and includes a crypto-graphic value that uniquely identifies each process that may run in the address space;
to forward, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
to determine, during execution of each program to be protected, for each accessing process that attempts to access the address space of the program, whether the accessing process is listed in the process file assigned to the program by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.- View Dependent Claims (12)
-
13. A method for protecting several programs from unauthorized access by processes, comprising:
-
assigning an address space to each program file to be protected; assigning a process file, separate from the program file, to each program file to be protected, where the process includes at least one cryptographic value, each uniquely identifying a process that may run in the address space; forwarding, in a call mechanism for a function of an operating system core with which each program file to be protected is executed, for each accessing process that attempts to access the address space of the program file, a call of the accessing process to a checking function integrated into at least one of the address space of the program file and the process file to be protected as a dynamically integrated file; determining, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file by forming an accessing cryptographic value for each accessing process, and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
-
-
14. An array for protecting several program files from unauthorized access by a process, comprising:
a processor programmed to assign an address space and a process file to each program file to be protected, where the process file is separate from the program file and includes a cryptographic value that uniquely identifies each process that may run in the address space;
to forward, in a call mechanism for a function of an operating system core with which each program file to be protected is executed, for each accessing process that attempts to access the address space of the program file, a call of the accessing process to a checking function integrated into at least one of the address space of the program file and the process file to be protected as a dynamically integrated file;
to determine, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
-
15. A set of several arrays and a server array connected with each of the several arrays, to protect several programs from unauthorized access by a process, comprising
in each of the several arrays a processor programmed to assign an address space and a process file to each program file to be protected, where the process file is separate from the program file and includes a cryptographic value that uniquely identifies each process that may run in the address space; - to forward, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
to determine, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
- to forward, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
-
16. A method for protecting several programs from unauthorized access by processes, comprising:
-
assigning an address space to each program to be protected; assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space; determining, during execution of each program to be protected, for each accessing process that attempts to access the address space of the program, whether the accessing process is listed in the process file assigned to the program by forming an accessing cryptographic value for each accessing process, and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process; and checking, at a predetermined interval of time for each active process that runs along with a program and/or a file to be protected, to confirm whether the active process is contained in the process file that is assigned to the program and/or the file to be protected, and the process is ended if that is not the case.
-
Specification