Solidifying the executable software set of a computer
First Claim
Patent Images
1. A method, comprising:
- receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer;
generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface;
translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated;
receiving a request to execute the translated software program; and
reverse translating the translated software program to obtain a reverse translated software program according to the original interface,wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values.
9 Assignments
0 Petitions
Accused Products
Abstract
System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.
-
Citations
17 Claims
-
1. A method, comprising:
-
receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer; generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated; receiving a request to execute the translated software program; and reverse translating the translated software program to obtain a reverse translated software program according to the original interface, wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system, comprising
a processor; - and
a memory, wherein the computer system is configured for receiving a set of data from an integrity server over a network at the computer system, wherein the integrity server authorizes modifications to a plurality of software programs being executed on the computer system; generating a calling name space translation on the computer system according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated; receiving a request to execute the translated software program and reverse translating the translated software program to obtain a reverse translated software program according to the original interface, wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values. - View Dependent Claims (7, 8, 9, 10)
- and
-
11. Logic encoded in non-transitory tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer; generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; translating, an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated; receiving a request to execute the translated software program; and reverse translating the translated software program to obtain a reverse translated software program according to the original interface, wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification