Object-oriented database for file system emulator
First Claim
Patent Images
1. An object oriented non-relational database system for storing a file system used by a malware emulator, the system comprising:
- a processor;
a memory coupled to the processor;
computer code loaded into the memory for implementing the following functionality;
an object hierarchy represented by relationships among the data objects of the object-oriented non-relational database;
a root object placed on top of the hierarchy, the root object being a parent-object to all database objects within the hierarchy;
a plurality of database objects, wherein;
each database object has a type assigned to it and which is defined by a selected set of data fields;
each database object has at least one data field;
each database object has a unique parent-object; and
each database object has a unique set of index fields,wherein each database object is defined by a combination of object'"'"'s parent-object, object'"'"'s type and object'"'"'s unique set of the index fields, which are used to access the object;
wherein objects can only be accessed using the index fields, andwherein at least some of the data fields are references that refer to other objects within the database regardless of their location;
wherein logical separation of the user types is provided by the hierarchy;
wherein the root object represents the file system and other objects represent files and directories of the file system, and system registry;
wherein fields of the root object have names that are unique and can only be assigned to the root object;
wherein a complete path to any destination object within the hierarchy is a list of objects that need to be passed on the way from the root object to the destination object;
wherein, for any object specified in the path is not found in the database, that object is automatically created as the path is being executed; and
wherein removal of an object includes first removing all references to the object, then removing child-objects together with their respective references to other objects and only then removing the object itself.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and computer program product for implementing an object-oriented hierarchical database architecture that supports functionality of an emulator. The hierarchical data architecture is created for implementing a files system and/or a system registry inside the emulator, where malware components are emulated and tested. The data architecture supports the emulator and provides for effective recovery of a database fragments after modifications of the fragments by the emulated malware. The non-relational object-oriented database consists of database objects. Each of the database objects has various data fields. Special user types are assigned to the database objects. Each user type is defined by a selected set of data fields. The database objects have a parent-child relationship. Each database object has a unique parent object and a unique set of index fields. The unique set of the index fields is a unique set of data fields of an object. The database has a root object which is unique for the database.
-
Citations
17 Claims
-
1. An object oriented non-relational database system for storing a file system used by a malware emulator, the system comprising:
-
a processor; a memory coupled to the processor; computer code loaded into the memory for implementing the following functionality; an object hierarchy represented by relationships among the data objects of the object-oriented non-relational database; a root object placed on top of the hierarchy, the root object being a parent-object to all database objects within the hierarchy; a plurality of database objects, wherein; each database object has a type assigned to it and which is defined by a selected set of data fields; each database object has at least one data field; each database object has a unique parent-object; and each database object has a unique set of index fields, wherein each database object is defined by a combination of object'"'"'s parent-object, object'"'"'s type and object'"'"'s unique set of the index fields, which are used to access the object; wherein objects can only be accessed using the index fields, and wherein at least some of the data fields are references that refer to other objects within the database regardless of their location; wherein logical separation of the user types is provided by the hierarchy; wherein the root object represents the file system and other objects represent files and directories of the file system, and system registry; wherein fields of the root object have names that are unique and can only be assigned to the root object; wherein a complete path to any destination object within the hierarchy is a list of objects that need to be passed on the way from the root object to the destination object; wherein, for any object specified in the path is not found in the database, that object is automatically created as the path is being executed; and wherein removal of an object includes first removing all references to the object, then removing child-objects together with their respective references to other objects and only then removing the object itself. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for using an object-oriented hierarchical non-relational database in a malware emulator, the method comprising:
-
forming an object hierarchy represented by relationships among the data objects of the object-oriented database, the object hierarchy being a proxy for a file system and system registry, each database object having a type assigned to it and which is defined by a selected set of data fields; selecting a branch of the database to be used in the malware emulator; allocating a memory block for the selected database branch; loading the selected database branch into the allocated memory block; creating a backup copy of the loaded database branch; accessing objects in the loaded data base branch by the malware emulator, wherein the database branch is modified by a malware component and wherein each database object is defined by a combination of object'"'"'s parent-object, object'"'"'s type and object'"'"'s unique set of the index fields, which are used to access the object; determining if the allocated memory block is sufficient for malware emulation, wherein if the allocated memory block is insufficient, providing additional memory to the emulator; recording results of malware emulation upon its completion; and restoring the modified database branch to its initial state by overwriting it with the backup copy in the allocated memory block; wherein objects can only be accessed using the index fields; wherein at least some of the data fields are references that refer to other objects within the database regardless of their location; wherein logical separation of the user types is provided by the hierarchy; wherein a complete path to any destination object within the hierarchy is a list of objects that need to be passed on the way from the root object to the destination object; wherein, for any object specified in the path is not found in the database, that object is automatically created as the path is being executed; and wherein removal of an object includes first removing all references to the object, then removing child-objects together with their respective references to other objects and only then removing the object itself. - View Dependent Claims (14, 15, 16, 17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKaspersky Lab ZAO
-
Original AssigneeKaspersky Lab ZAO
-
InventorsKryukov, Andrey V.
-
Primary Examiner(s)Lewis, Cheryl
-
Assistant Examiner(s)Hoffler, Raheem
-
Application NumberUS12/395,654Time in Patent Office1,487 DaysField of SearchNoneUS Class Current707/705CPC Class CodesG06F 21/566 Dynamic detection, i.e. det...
