Method and system for whitelisting software components
First Claim
Patent Images
1. A method comprising:
- executing a first software component loaded in a first operating environment;
collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component;
communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment;
comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and
sending an alert if the collected runtime information does not match the validated set of information.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed.
-
Citations
14 Claims
-
1. A method comprising:
-
executing a first software component loaded in a first operating environment; collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component; communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment; comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and sending an alert if the collected runtime information does not match the validated set of information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a first software component to execute in a first operating environment; a second software component to execute in the first operating environment, to collect runtime information about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, to store a set of state data for an import address table and export pointers of the first software component, and to communicate the collected runtime information; and a third software component to execute in a second operating environment, the second operating environment isolated from the first operating environment, the third component to receive the collected runtime information, and to compare the collected runtime information with a validated set of information about the first software component, including to compare the state data with the validated set of information about the first software component. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-readable storage medium having stored thereon instructions that, if executed by a processor, cause the processor to perform a method comprising:
-
executing a first software component loaded in a first operating environment; collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component; communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment; comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and sending an alert if the collected runtime information does not match the validated set of information. - View Dependent Claims (13, 14)
-
Specification