Method and apparatus to vet an executable program using a model
First Claim
1. A method for supporting download of a executable program to an end-user using a network infrastructure element, comprising:
- in response to detecting an end-user platform seeking to download an executable program, at a network infrastructure element, performing;
determining, by the infrastructure element, that the end-user platform seeks to download the executable program;
receiving by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform;
executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program;
wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform;
using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and
if the vetting of the executable program is acceptable with respect to the policies, permitting by the infrastructure element, the end-user platform to download the executable program.
4 Assignments
0 Petitions
Accused Products
Abstract
A network infrastructure element (300) can be configured to, upon determining (101) that an end-user platform (305) seeks to download an executable program, execute (103) the program to develop a corresponding model that represents corresponding operating system call-based behavior. The network infrastructure element can then use (104) this model to vet the operating system call-based behavior of the program with respect to end-user platform policies. When the operating system call-based behavior vets acceptably with respect to these policies, the end-user platform can then be permitted to download (106) the executable program. If desired, the network infrastructure element can provide (107) the model to the end-user platform to permit vetting of the modeled behavior with respect to locally-maintained policies. The model provided to the end-user platform can comprise a size-reduced sliced model.
26 Citations
19 Claims
-
1. A method for supporting download of a executable program to an end-user using a network infrastructure element, comprising:
-
in response to detecting an end-user platform seeking to download an executable program, at a network infrastructure element, performing; determining, by the infrastructure element, that the end-user platform seeks to download the executable program; receiving by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform; executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program; wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform; using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and if the vetting of the executable program is acceptable with respect to the policies, permitting by the infrastructure element, the end-user platform to download the executable program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network system for supporting download of a executable program to an end-user using a network infrastructure element, comprising:
-
an end-user platform having a plurality of policies regarding acceptable behavior for operation of the executable program on the end-user platform; and a network infrastructure element having a memory and a control circuit operably coupled to the memory, the control circuit in response to detecting an end-user platform seeking to download an executable program, the network infrastructure element being configured to; determine that the end-user platform seeks to download the executable program; receive information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform; execute the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program; use the model of the executable program to vet the operating system call-based behavior of the executable program with respect to the policies corresponding to the end-user platform to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and if the vetting of the executable program is acceptable with respect to the policies, permit the end-user platform to download the executable program, wherein the model formed from the operating system call-based behavior reflects the policies associated with the end-user platform regarding acceptable operation of the executable program when the executable program would be executing within the end-user platform. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for vetting an executable program downloaded from a network infrastructure element, comprising:
-
at an end-user platform, storing a plurality of policies regarding acceptable behavior for operation of the executable program on the end-user platform, communicating, by the end-user platform, to a network infrastructure element information regarding downloading of the executable program; receiving by the end-user platform, from the network infrastructure element; an approval regarding the downloading of the executable program; and
a model of the executable program representing operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, wherein the approval is based on vetting of the operating system call-based behavior of the executable program using a first portion of the plurality of policies to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; andusing by the end-user platform, the model of the executable program to vet the operating system call-based behavior of the executable program with respect to a second portion of the policies regarding operating system calls; wherein network infrastructure generates the model representing operating system call-based behavior by; receiving, responsive to the end-user request for the executable program, by the infrastructure element, information regarding policies associated with the end-user platform, the policies regarding acceptable behavior for operation of the executable program on the end-user platform; executing by the infrastructure element, the executable program to monitor operating system call-based behavior of the executable program when the executable program makes calls to an operating system running on the network infrastructure element, the operating system call-based behavior forming a corresponding model of the executable program; wherein the model reflecting the policies associated with the end-user platform regarding acceptable operation of the executable program running in the context of the end-user operating system; using by the infrastructure element, the model of the executable program to vet the operating system call-based behavior to determine if the executable program will operate within the acceptable behavior if downloaded and executed on the end-user platform; and permitting by the infrastructure element, the end-user platform to download the executable program based on the acceptable result from the vetting. - View Dependent Claims (18, 19)
-
Specification