Peer assembly inspection
First Claim
1. A method for preventing undesirable behavior by an executable code module received from a potentially untrusted source, the executable code module including one or more independent agents, the executable code module being inspected with an assembler utility to ensure that each of the one or more independent agents receives equal resource treatment during execution within a particular node module, the method comprising:
- (i) querying a database to ensure that each independent agent receives equal resource treatment during execution within a particular node module for identifying information corresponding to an executable code module received at a host system;
(ii) when step (i) returns a predetermined result, scanning the code module concerning each independent agent, with the assembler utility for an indication that the code module has a potential to cause undesired behavior in the receiving host when executed, wherein said scanning comprises;
(a) for each type in the code module that is a managed type, enumerating each managed type,(b) for each managed type enumerated in step (a) that contains a member, enumerating each member, and(c) comparing the value of each enumerated managed type and enumerated member to a list of predetermined values and determining the value of at least one of the enumerated managed types and the enumerated member list for the each independent agent as not defined by the assembler utility; and
(iii) when step (ii) finds the indication the code module has the potential to cause undesired behavior in the receiving host when executed, preventing execution of the code module at the receiving host, and otherwise the assembler utility loading executable code for common privilege settings for a set of Application Program Interfaces into the each executable code module.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for preventing undesired behaviors by executable code modules in a peer-to-peer computer system are provided. When a code module is received, an assembly inspection module queries a blacklist for the received code module. When the received code module is found on the blacklist, the computer system prevents execution of the received code module. Each peer includes an assembly inspection module. When the received code module is not found on the blacklist, the assembly inspection module inspects the received executable code module, prior to execution, to determine whether the code module can perform any undesired behaviors. If so, the received code module is added to the blacklist and prevented from executing.
44 Citations
38 Claims
-
1. A method for preventing undesirable behavior by an executable code module received from a potentially untrusted source, the executable code module including one or more independent agents, the executable code module being inspected with an assembler utility to ensure that each of the one or more independent agents receives equal resource treatment during execution within a particular node module, the method comprising:
-
(i) querying a database to ensure that each independent agent receives equal resource treatment during execution within a particular node module for identifying information corresponding to an executable code module received at a host system; (ii) when step (i) returns a predetermined result, scanning the code module concerning each independent agent, with the assembler utility for an indication that the code module has a potential to cause undesired behavior in the receiving host when executed, wherein said scanning comprises; (a) for each type in the code module that is a managed type, enumerating each managed type, (b) for each managed type enumerated in step (a) that contains a member, enumerating each member, and (c) comparing the value of each enumerated managed type and enumerated member to a list of predetermined values and determining the value of at least one of the enumerated managed types and the enumerated member list for the each independent agent as not defined by the assembler utility; and (iii) when step (ii) finds the indication the code module has the potential to cause undesired behavior in the receiving host when executed, preventing execution of the code module at the receiving host, and otherwise the assembler utility loading executable code for common privilege settings for a set of Application Program Interfaces into the each executable code module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system that prevents an executable code module from performing an undesired behavior when executed, comprising:
-
a processor; system memory; a database storing identifying information corresponding to executable code modules that performs undesired behavior when executed on the computer system; an assembly inspection module that scans executable code modules received from peer computer systems to determine whether each executable code module has a potential to perform an undesired behavior when executed on the computer system, and wherein for each type used in the received code module that is a managed type the assembly inspection module enumerates each managed type, and wherein for any enumerated managed type used by a received code module containing a member, enumerates each member of each such enumerated managed type; the system memory storing computer readable instructions that, when executed by the processor, cause the computer system to perform steps comprising; (i) querying the database for identifying information corresponding to the received executable code module; (ii) when step (i) returns a predetermined result, causing the assembly inspection module to scan the received executable code module; and (iii) preventing execution of the received executable code module when the assembly inspection module determines that the received executable code module has the potential to perform an undesired behavior when executed on the computer system. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer architecture, comprising:
a plurality of peer computer systems, each peer comprising an execution shell for running executable code modules, said each execution shell comprising; a discovery module that detects other peer computing systems; an interaction module for communicating with other execution shells of other detected peer computing systems; and an assembly inspection module comprising; a database of blacklisted agent programs; and computer readable instructions that, when executed by a processor of each of the peer computer systems, cause the peer computer systems to perform steps comprising; (i) querying the database for identifying information corresponding to a received executable code module; (ii) preventing the received executable code module from executing when the identifying information corresponding to the received executable code module is found in the database; (iii) scanning the received executable code module when the identifying information corresponding to the received executable code module is not found in the database, wherein said scanning comprises;
(a) for each type in the code module that is a managed type enumerating each such managed type;
(b) for each managed type enumerated in step (a) that contains a member enumerating each member; and
(c) comparing the value of each enumerated managed type and enumerated member to a list of predetermined values; and(iv) adding the identifying information corresponding to the received executable code module when the assembly inspection module determines that the received executable code module has the potential to perform an undesired behavior when executed on the peer computer system.
-
30. A computer storage media for use at computer system, the computer storage media for implementing a method for preventing undesirable behavior by an executable code module received from a potentially untrusted source, the executable code module including one or more independent agents, the executable code module being inspected to ensure that each of the one or more independent agents receives equal resource treatment during execution within a particular node module, the computer storage media having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
-
querying a database to ensure that each independent agent receives equal resource treatment during execution within a particular node module for identifying information corresponding to an executable code module received at a host system; when the query of the database returns a predetermined result, scanning the code module concerning each independent agent for an indication of the code module implementing undesired behavior in the receiving host when executed, scanning the code module including; enumerating each type in the code module to identify managed types included in the code module; enumerating the identified managed types to identify each managed type that contains a member; comparing the value of each identified managed type and identified members to a list of predetermined values; from the comparisons, determining the value of at least one of the enumerated managed types and the enumerated member list for the each independent agent as not defined by the assembler utility; and when scanning the code module concerning each independent agent finds an indication of the code module implementing undesired behavior, preventing execution of the code module at the receiving host, and otherwise the assembler utility loading. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
Specification