System and method for the managed security control of processes on a computer system
DC CAFCFirst Claim
1. A system for managing security of a computing device comprising:
- a pre-execution module operable for receiving notice from the computing device'"'"'s operating system that a new program is being loaded onto the computing device;
a validation module coupled to the pre-execution monitor operable for determining whether the program is valid;
a detection module coupled to the pre-execution monitor operable for intercepting a trigger from the computing device'"'"'s operating system; and
an execution module coupled to the detection module and operable for monitoring, at the operating system kernel of the computing device, the program in response to the trigger intercepted by the detection module.
6 Assignments
Litigations
1 Petition
Reexamination
Accused Products
Abstract
Managing and controlling the execution of software programs with a computing device to protect the computing device from malicious activities. A protector system implements a two-step process to ensure that software programs do not perform malicious activities which may damage the computing device or other computing resources to which the device is coupled. In the first phase, the protector system determines whether a software program has been previously approved and validates that the software program has not been altered. If the software program is validated during the first phase, this will minimize or eliminate security monitoring operations while the software program is executing during the second phase. If the software program cannot be validated, the protector system enters the second phase and detects and observes executing activities at the kernel level of the operating system so that suspicious actions can be anticipated and addressed before they are able to do harm to the computing device.
-
Citations
29 Claims
-
1. A system for managing security of a computing device comprising:
-
a pre-execution module operable for receiving notice from the computing device'"'"'s operating system that a new program is being loaded onto the computing device; a validation module coupled to the pre-execution monitor operable for determining whether the program is valid; a detection module coupled to the pre-execution monitor operable for intercepting a trigger from the computing device'"'"'s operating system; and
an execution module coupled to the detection module and operable for monitoring, at the operating system kernel of the computing device, the program in response to the trigger intercepted by the detection module. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer implemented method for implementing security for a computing device comprising the steps of:
-
interrupting the loading of a new program for operation with the computing device; validating the new program; if the new program is validated, permitting the new program to continue loading and to execute in connection with the computing device; if the new program is not validated, monitoring the new program while it loads and executes in connection with the computing device, wherein the step of monitoring the new program while it executes is performed at the operating system kernel of the computing device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method for implementing security for a computing device, comprising the steps of:
-
identifying an allowed program that is permitted to execute on the computing device; receiving a signal that a new program is going to be executed on the computing device; suspending the execution of the new program on the computing device; determining whether the new program is the same as the allowed program; if the new program is the same as the allowed program, permitting the new program to execute on the computing device; and if the new program is not the same as the allowed program, monitoring the new program while allowing it to execute on the computing device, wherein the step of monitoring the new program while allowing it to execute is performed at the operating system kernel of the computing device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-implemented method for performing security for a computer device during a pre-execution phrase comprising the steps of:
-
identifying an allowed program that is permitted to execute with the computing device; receiving a signal that a new program is being loaded for execution with the computing device; suspending the loading of the new program; comparing the new program to the allowed program; and determining whether the new program is valid; if the new program is valid, permitting the new program to execute on the computing device; and if the new program is not valid, monitoring the new program while allowing it to execute on the computing device, wherein the step of monitoring the new program while allowing it to execute is performed at the operating system kernel of the computing device. - View Dependent Claims (26, 27, 28, 29)
-
Specification