System and method for the managed security control of processes on a computer system
First Claim
1. A computer-implemented method for implementing security for a computing device comprising the steps of:
- receiving a notification that a new program is intended for execution on the computing device;
determining automatically whether the new program is substantially the same as a program which was previously approved for execution on the computing device;
permitting the new program to execute on the computing device similarly to the approved program in response to the new program being substantially the same as the approved program; and
monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device in response to the new program not being substantially the same as the approved program, wherein the new program is prevented from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program.
5 Assignments
0 Petitions
Accused Products
Abstract
Managing and controlling the execution of software programs with a computing device to protect the computing device from malicious activities. A protector system implements a two-step process to ensure that software programs do not perform malicious activities which may damage the computing device or other computing resources to which the device is coupled. In the first phase, the protector system determines whether a software program has been previously approved and validates that the software program has not been altered. If the software program is validated during the first phase, this will minimize or eliminate security monitoring operations while the software program is executing during the second phase. If the software program cannot be validated, the protector system enters the second phase and detects and observes executing activities at the kernel level of the operating system so that suspicious actions can be anticipated and addressed before they are able to do harm to the computing device.
-
Citations
12 Claims
-
1. A computer-implemented method for implementing security for a computing device comprising the steps of:
-
receiving a notification that a new program is intended for execution on the computing device; determining automatically whether the new program is substantially the same as a program which was previously approved for execution on the computing device; permitting the new program to execute on the computing device similarly to the approved program in response to the new program being substantially the same as the approved program; and monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device in response to the new program not being substantially the same as the approved program, wherein the new program is prevented from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system for implementing security for a computing device, said system comprising:
-
a processor, a random access memory, and a storage device; first program instructions for receiving a notification that a new program is intended for execution on the computing device; second program instructions for automatically determining whether the new program is substantially the same as a program which was previously approved for execution on the computing device; third program instructions, responsive to the new program being substantially the same as the approved program, for permitting the new program to execute on the computing device similarly to the approved program; fourth program instructions, responsive to the new program not being substantially the same as the approved program, for monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and wherein the first, second, third, and fourth program instructions are stored in the storage device for execution by the processor via the random access memory. - View Dependent Claims (6, 7, 8)
-
-
9. A computer-readable storage media for implementing security for a computing device, said computer-readable storage media comprising:
-
first program instructions to receive a notification that a new program is intended for execution on the computing device; second program instructions to automatically determine whether the new program is substantially the same as a program which was previously approved for execution on the computing device; third program instructions, responsive to the new program being substantially the same as the approved program, to permit the new program to execute on the computing device similarly to the approved program; and fourth program instructions, responsive to the new program not being substantially the same as the approved program, to monitor the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and
wherein said first, second, third and fourth program instructions are stored in said computer-readable storage media. - View Dependent Claims (10, 11, 12)
-
Specification