×

Security system with methodology for interprocess communication control

  • US 8,136,155 B2
  • Filed: 09/12/2003
  • Issued: 03/13/2012
  • Est. Priority Date: 04/01/2003
  • Status: Active Grant
First Claim
Patent Images

1. In a computer system operating under control of an operating system, a method for detecting and preventing indirect access to a computer network by potentially malicious applications already installed and executing on the computer system, the method comprising:

  • defining rules governing access by applications on the computer system to the computer network including rules indicating which system services of the operating system are monitored for detecting and preventing indirect access to the computer network by potentially malicious applications that are already installed and executing on the computer system, but which are capable of obtaining indirect access to the computer network through system services;

    trapping an attempt by a particular application already installed and executing on the computer system to gain indirect access to the computer network through invocation of a particular system service being monitored, wherein said trapping includes rerouting the attempt to invoke the particular system service from a system dispatch table to an interprocess communication controller by replacing an original destination address in the system dispatch table with an address of the interprocess communication controller;

    detecting based on the rules governing access by applications to the computer network if the attempt to invoke the particular system service by the particular application rerouted to the interprocess communication controller constitutes an unauthorized attempt by a potentially malicious application already installed and executing on the computer system to obtain indirect access to the computer network by invoking the particular system service which in turn accesses the computer network on behalf of the potentially malicious application; and

    if the attempt to invoke the particular system service constitutes an unauthorized attempt by a potentially malicious application to access the computer network indirectly, preventing the potentially malicious application from obtaining indirect access to the computer network by blocking the attempt.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×