Monitoring and controlling services

US 7,797,733 B1
Filed: 01/08/2004
Issued: 09/14/2010
Est. Priority Date: 01/08/2004
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for monitoring and controlling services, the method comprising the steps of:

a service manager intercepting calls to service related operations made by acting applications;

the service manager determining which acting application made a specific intercepted call;

the service manager determining a target service of the specific intercepted call made by the acting application;

the service manager identifying a characteristic common to the acting application that made the specific intercepted call and the target service of the specific intercepted call, the common characteristic comprising a hash of content;

the service manager determining whether to block the acting application from making the specific intercepted call based at least in part on the common characteristic; and

responsive at least in part to the service manager determining to block the acting application from making the specific intercepted call, the service manager blocking the acting application from making the specific intercepted call.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service manager (101) monitors and controls services (111), thereby providing protection against associated security vulnerabilities. The service manager (101) intercepts calls (105) to service related operations made by acting applications (103) and determines which acting application (103) made a specific intercepted call (105) to which target service (111). The service manager (101) then determines and executes an appropriate action based on a system policy (113). The appropriate action can comprise blocking the call (105), thereby preventing execution of service (111) based operations that conflict with the system policy (113).

Citations

13 Claims

1. A computer implemented method for monitoring and controlling services, the method comprising the steps of:
- a service manager intercepting calls to service related operations made by acting applications;
  
  the service manager determining which acting application made a specific intercepted call;
  
  the service manager determining a target service of the specific intercepted call made by the acting application;
  
  the service manager identifying a characteristic common to the acting application that made the specific intercepted call and the target service of the specific intercepted call, the common characteristic comprising a hash of content;
  
  the service manager determining whether to block the acting application from making the specific intercepted call based at least in part on the common characteristic; and
  
  responsive at least in part to the service manager determining to block the acting application from making the specific intercepted call, the service manager blocking the acting application from making the specific intercepted call.
- View Dependent Claims (2, 3, 4, 5, 6, 12, 13)
- - 2. The method of claim 1 wherein:
    - the service manager intercepting calls to service related operations made by acting applications comprises intercepting calls to service implementation functions.
  - 3. The method of claim 1 wherein:
    - the service manager intercepting calls to service related operations made by acting applications comprises intercepting calls to service control functions.
  - 4. The method of claim 1 wherein the service manager intercepting calls to service related operations further comprises the steps of:
    - the service manager intercepting calls to service registration functions;
      
      the service manager replacing a callback function being registered with a callback wrapper; and
      
      the callback wrapper intercepting control commands sent to the service.
  - 5. The method of claim 1 wherein:
    - the common characteristic comprises one or more from the set consisting of;
      
      a date of creation;
      
      a length of time since being loaded on a host machine; and
      
      a source of introduction to the host machine.
  - 6. The method of claim 1 wherein:
    - the specific intercepted call is a call to load a service into a secure container.
  - 12. The method of claim 1, wherein the specific intercepted call is a call to start the target service.
  - 13. The method of claim 1, wherein the service manager identifying a characteristic common to the acting application and the target service comprises:
    - the service manager identifying the characteristic common to the acting application and the target service at the time the specific intercepted call was made by the acting application.

7. A computer implemented method for monitoring and controlling services, the method comprising the steps of:
- a service manager intercepting calls to access system resources made by acting applications;
  
  the service manager determining that an intercepted call concerns a service;
  
  the service manager determining which service the intercepted call concerns;
  
  the service manager determining which acting application made the intercepted call;
  
  the service manager identifying a characteristic common to the acting application that made the intercepted call and the service the intercepted call concerns, the common characteristic comprising a hash of content;
  
  the service manager determining whether to block the acting application from making the intercepted call based at least in part on the common characteristic; and
  
  responsive at least in part to the service manager determining to block the acting application from making the intercepted call, the service manager blocking the acting application from making the intercepted call.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 wherein:
    - the service manager determining that an intercepted call concerns a service comprises the service manager determining that the call was made to affect a system resource associated with a service.
  - 9. The method of claim 8 wherein:
    - the service manager determining that the intercepted call was made to affect a system resource associated with a service comprises the service manager determining that the intercepted call was made to affect a system resource comprising one or more from the set consisting of;
      
      a thread owned by the service;
      
      a process owned by the service;
      
      a communication channel owned by the service;
      
      a progeny thread of the service;
      
      a progeny process of the service;
      
      a communication channel owned by a progeny process of the service; and
      
      a communication channel owned by a progeny thread of the service.
  - 10. The method of claim 9 wherein:
    - the specific intercepted call is a call to perform an action affecting the system resource associated with a service, the action being one or more from a set consisting of;
      
      suspending the resource; and
      
      terminating the resource.
  - 11. The method of claim 7 wherein:
    - the common characteristic comprises one or more from the set consisting of;
      
      a date of creation;
      
      a length of time since being loaded on a host machine; and
      
      a source of introduction to a host machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sallam, Ahmed
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Wang; Harris C

Application Number

US10/754,318
Time in Patent Office

2,441 Days
Field of Search

709/223, 726/4
US Class Current

726/4
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 65/1076   Screening of IP real time c...

Monitoring and controlling services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring and controlling services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links