System and method for the managed security control of processes on a computer system

US 7,565,549 B2
Filed: 07/03/2007
Issued: 07/21/2009
Est. Priority Date: 01/04/2002
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method for implementing security for a computing device comprising the steps of:

receiving a notification that a new program is intended for execution on the computing device;

determining automatically whether the new program is substantially the same as a program which was previously approved for execution on the computing device;

permitting the new program to execute on the computing device similarly to the approved program in response to the new program being substantially the same as the approved program; and

monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device in response to the new program not being substantially the same as the approved program, wherein the new program is prevented from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing and controlling the execution of software programs with a computing device to protect the computing device from malicious activities. A protector system implements a two-step process to ensure that software programs do not perform malicious activities which may damage the computing device or other computing resources to which the device is coupled. In the first phase, the protector system determines whether a software program has been previously approved and validates that the software program has not been altered. If the software program is validated during the first phase, this will minimize or eliminate security monitoring operations while the software program is executing during the second phase. If the software program cannot be validated, the protector system enters the second phase and detects and observes executing activities at the kernel level of the operating system so that suspicious actions can be anticipated and addressed before they are able to do harm to the computing device.

311 Citations

12 Claims

1. A computer-implemented method for implementing security for a computing device comprising the steps of:
- receiving a notification that a new program is intended for execution on the computing device;
  
  determining automatically whether the new program is substantially the same as a program which was previously approved for execution on the computing device;
  
  permitting the new program to execute on the computing device similarly to the approved program in response to the new program being substantially the same as the approved program; and
  
  monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device in response to the new program not being substantially the same as the approved program, wherein the new program is prevented from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, further comprising the steps of computing a checksum for the new program;
    - and comparing the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.
  - 3. The computer-implemented method of claim 1, further comprising the step of determining if the new program has been modified.
  - 4. The computer-implemented method of claim 1, further comprising the step of terminating execution of the new program in response to the new program performing suspicious activities.

5. A computer system for implementing security for a computing device, said system comprising:
- a processor, a random access memory, and a storage device;
  
  first program instructions for receiving a notification that a new program is intended for execution on the computing device;
  
  second program instructions for automatically determining whether the new program is substantially the same as a program which was previously approved for execution on the computing device;
  
  third program instructions, responsive to the new program being substantially the same as the approved program, for permitting the new program to execute on the computing device similarly to the approved program;
  
  fourth program instructions, responsive to the new program not being substantially the same as the approved program, for monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and
  
  wherein the first, second, third, and fourth program instructions are stored in the storage device for execution by the processor via the random access memory.
- View Dependent Claims (6, 7, 8)
- - 6. The computer system of claim 5, wherein the second program instructions comprise program instructions for computing a checksum for the new program, and comparing the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.
  - 7. The computer system of claim 5, wherein the second program instructions comprise program instructions for determining if the new program has been modified.
  - 8. The computer system of claim 5, wherein the fourth program instructions comprise program instructions for terminating execution of the new program in response to the new program performing suspicious activities.

9. A computer-readable storage media for implementing security for a computing device, said computer-readable storage media comprising:
- first program instructions to receive a notification that a new program is intended for execution on the computing device;
  
  second program instructions to automatically determine whether the new program is substantially the same as a program which was previously approved for execution on the computing device;
  
  third program instructions, responsive to the new program being substantially the same as the approved program, to permit the new program to execute on the computing device similarly to the approved program; and
  
  fourth program instructions, responsive to the new program not being substantially the same as the approved program, to monitor the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and
  
  wherein said first, second, third and fourth program instructions are stored in said computer-readable storage media.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-readable storage media of claim 9, wherein the second program instructions comprise program instructions to compute a checksum for the new program, and to compare the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.
  - 11. The computer-readable storage media of claim 9, wherein the second program instructions comprise program instructions to determine if the new program has been modified.
  - 12. The computer-readable storage media of claim 9, wherein the fourth program instructions comprise program instructions to terminate execution of the new program in response to the new program performing suspicious activities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Taasera Licensing LLC (Quest Patent Research Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Hackenberger, William Frank, Satterlee, Thomas James
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Jackson; Jenise E

Application Number

US11/824,986
Publication Number

US 20070260880A1
Time in Patent Office

749 Days
Field of Search

726/22, 726/24, 713/164, 713/165, 713/167, 713/187
US Class Current

713/187
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/565   by checking file integrity

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/629   to features or functions of...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

System and method for the managed security control of processes on a computer system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

311 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for the managed security control of processes on a computer system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

311 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links