Method and apparatus to vet an executable program using a model

US 8,484,625 B2
Filed: 04/01/2009
Issued: 07/09/2013
Est. Priority Date: 04/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method for supporting download of a executable program to an end-user using a network infrastructure element, comprising:

in response to detecting an end-user platform seeking to download an executable program, at a network infrastructure element, performing;

determining, by the infrastructure element, that the end-user platform seeks to download the executable program;

receiving by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform;

executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program;

wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform;

using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and

if the vetting of the executable program is acceptable with respect to the policies, permitting by the infrastructure element, the end-user platform to download the executable program.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network infrastructure element (300) can be configured to, upon determining (101) that an end-user platform (305) seeks to download an executable program, execute (103) the program to develop a corresponding model that represents corresponding operating system call-based behavior. The network infrastructure element can then use (104) this model to vet the operating system call-based behavior of the program with respect to end-user platform policies. When the operating system call-based behavior vets acceptably with respect to these policies, the end-user platform can then be permitted to download (106) the executable program. If desired, the network infrastructure element can provide (107) the model to the end-user platform to permit vetting of the modeled behavior with respect to locally-maintained policies. The model provided to the end-user platform can comprise a size-reduced sliced model.

26 Citations

View as Search Results

19 Claims

1. A method for supporting download of a executable program to an end-user using a network infrastructure element, comprising:
- in response to detecting an end-user platform seeking to download an executable program, at a network infrastructure element, performing;
  
  determining, by the infrastructure element, that the end-user platform seeks to download the executable program;
  
  receiving by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform;
  
  executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program;
  
  wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform;
  
  using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and
  
  if the vetting of the executable program is acceptable with respect to the policies, permitting by the infrastructure element, the end-user platform to download the executable program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein determining that the end-user platform seeks to download an executable program comprises receiving a download request sourced by the end-user platform.
  - 3. The method of claim 1 wherein executing the executable program to monitor operating system call-based behavior of the executable program comprises executing the executable program using random input content.
  - 4. The method of claim 1 wherein executing the executable program to monitor operating system call-based behavior of the executable program comprises executing the executable program a plurality of times using automatically generated differing input content.
  - 5. The method of claim 1 further comprising:
    - slicing the model to provide a sliced model; and
      
      wherein permitting the end-user platform to download the executable program also comprises communicating the sliced model to the end-user platform.
  - 6. The method of claim 1 further comprising, when the operating system call-based behavior of the executable program vets acceptably with respect to the policies:
    - computing a message-digest function with respect to the executable program to thereby create a signed version of the executable program, which signed version also comprises, in part, at least one of the policies.
  - 7. The method of claim 6 further comprising:
    - determining that another end-user platform seeks to download the executable program; and
      
      providing to the other end-user platform the signed version of the executable program.
  - 8. The method of claim 1 further comprising if the vetting of the executable program is not acceptable with respect to the policies, not permitting the end-user platform to download the executable program.
  - 9. The method of claim 1 further comprising if the vetting of the executable program is not acceptable with respect to the user-sent policies, outputting an indication the executable program is not acceptable for download.

10. A network system for supporting download of a executable program to an end-user using a network infrastructure element, comprising:
- an end-user platform having a plurality of policies regarding acceptable behavior for operation of the executable program on the end-user platform; and
  
  a network infrastructure element having a memory and a control circuit operably coupled to the memory, the control circuit in response to detecting an end-user platform seeking to download an executable program, the network infrastructure element being configured to;
  
  determine that the end-user platform seeks to download the executable program;
  
  receive information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform;
  
  execute the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program;
  
  use the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and
  
  if the vetting of the executable program is acceptable with respect to the policies, permit the end-user platform to download the executable program,wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The network system of claim 10 wherein the control circuit is further configured to determine that the end-user platform seeks to download the executable program by receiving, via the network interface, a download request sourced by the end-user platform.
  - 12. The network system of claim 10 wherein the control circuit is further configured to execute the executable program to monitor operating system call-based behavior of the executable program by executing the executable program using random input content.
  - 13. The network system of claim 10 wherein the control circuit is further configured to execute the executable program to monitor operating system call-based behavior of the executable program by executing the executable program a plurality of times using automatically generated differing input content.
  - 14. The network system of claim 10 wherein the control circuit is further configured to slice the model to provide a sliced model, and wherein the control circuit is further configured to permit the end-user platform to download the executable program by also communicating the sliced model to the end-user platform.
  - 15. The network system of claim 10 wherein the control circuit is further configured to, if the vetting of the executable program is not acceptable with respect to the policies, not permit the end-user platform to download the executable program.
  - 16. The network system of claim 10 wherein the control circuit is further configured to, if the vetting of the executable program is not acceptable with respect to the user-sent policies, output an indication the executable program is not acceptable for download.

17. A method for vetting an executable program downloaded from a network infrastructure element, comprising:
- at an end-user platform, storing a plurality of policies regarding acceptable behavior for operation of the executable program on the end-user platform,communicating, by the end-user platform, to a network infrastructure element information regarding downloading of the executable program;
  
  receiving by the end-user platform, from the network infrastructure element;
  
  an approval regarding the downloading of the executable program; and
  
  a model of the executable program representing operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, wherein the approval is based on vetting of the operating system call-based behavior of the executable program using a first portion of the plurality of policies to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and
  
  using by the end-user platform, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to a second portion of the policies regarding operating system calls;
  
  wherein network infrastructure generates the model representing operating system call-based behavior by;
  
  receiving, responsive to the end-user request for the executable program, by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform;
  
  executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program;
  
  wherein the model reflecting the policies associated with the end-user platform regarding acceptable operation of the executable program running in the context of the end-user operating system;
  
  using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and
  
  permitting by the infrastructure element, the end-user platform to download the executable program based on the acceptable result from the vetting.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein communicating to a network infrastructure element information further comprises communicating to the network infrastructure element information regarding the first portion of the policies regarding operating system calls to thereby permit the network infrastructure element to vet the second portion of the policies against the operating system call-based behavior of the executable program.
  - 19. The method of claim 17 further comprising:
    - downloading the executable program when the operating system call-based behavior of the executable program vets acceptably.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola Mobility LLC (Lenovo Group Ltd.)
Inventors
Saha, Dipikalyan, Moore, Morris A., Saha, Subir
Primary Examiner(s)
Vu, Tuan A

Application Number

US12/416,657
Publication Number

US 20100257253A1
Time in Patent Office

1,560 Days
Field of Search

726/22, 726/24, 726/26, 714/25, 714/27, 714/46, 714/38.13, 714/703, 714/724, 714/47.2, 370/241, 370/252, 709223-224, 709/220, 709/229, 702/122, 719/328, 717168-178, 717134-135
US Class Current

717/135
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 9/44589   Program code verification, ...

H04L 63/145   the attack involving the pr...

H04L 67/34   involving the movement of s...

Method and apparatus to vet an executable program using a model

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to vet an executable program using a model

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links