Solidifying the executable software set of a computer

US 8,561,051 B2
Filed: 12/22/2010
Issued: 10/15/2013
Est. Priority Date: 09/07/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer;

generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface;

translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated;

receiving a request to execute the translated software program; and

reverse translating the translated software program to obtain a reverse translated software program according to the original interface,wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.

Citations

17 Claims

1. A method, comprising:
- receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer;
  
  generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface;
  
  translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated;
  
  receiving a request to execute the translated software program; and
  
  reverse translating the translated software program to obtain a reverse translated software program according to the original interface,wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the original interface comprises a language interface provided by a language interpreter residing on the first computer, and wherein the original interface comprises a set of one or more system calls provided by an operating system of the first computer.
  - 3. The method of claim 1, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software program, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 4. The method of claim 1. wherein the one or more translated calling names are invalid for calling the original interface.
  - 5. The method of claim 1, wherein at least a portion of the translated calling names are not mapped to a corresponding unique name in an original name space, and wherein the calling name space translation is larger than the original name space.

6. A computer system, comprisinga processor;
- anda memory, wherein the computer system is configured forreceiving a set of data from an integrity server over a network at the computer system, wherein the integrity server authorizes modifications to a plurality of software programs being executed on the computer system;
  
  generating a calling name space translation on the computer system according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface;
  
  translating an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated;
  
  receiving a request to execute the translated software program andreverse translating the translated software program to obtain a reverse translated software program according to the original interface,wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer system of claim 6, wherein the original interface comprises a language interface provided by a language interpreter residing on the integrity server, and wherein the original interface comprises a. set of one or more system calls provided by an operating system of the integrity server.
  - 8. The computer system of claim 6, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software prow am, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 9. The computer system of claim 6, wherein the one or more translated calling names are invalid for calling the original interface.
  - 10. The computer system of claim 6, wherein at least a portion of the translated calling names are not mapped to a corresponding usque name in an original name space, and wherein the calling name space translation is larger than the original name space.

11. Logic encoded in non-transitory tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer;
  
  generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface;
  
  translating, an original software program of the plurality of software programs to obtain a translated software program according to the translated interface, wherein an implementation of a corresponding interface is not translated;
  
  receiving a request to execute the translated software program; and
  
  reverse translating the translated software program to obtain a reverse translated software program according to the original interface,wherein a translation name space of the translated interface includes a subset of at least some of the one or more original calling names, wherein the one or more original calling names in the subset are mapped to null values.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The logic, of claim 11, wherein the original interface comprises a language interface provided by a language interpreter residing, on the first computer, and wherein the original interface comprises a set of one or more system calls provided by an operating system of the first computer.
  - 13. The logic of claim 11, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software program, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 14. The logic of claim 11, wherein the one or more translated calling names are invalid for calling the original interface.
  - 15. The logic, of claim 11, wherein at least a portion of the translated calling names are not mapped to a corresponding unique name in an original name space, and wherein the calling name space translation is larger than the original name space.
  - 16. The logic of claim 11, wherein if the second computer operates in a first operational state, newly installed software in the second computer can be executed.
  - 17. The logic. of claim 16, wherein if the second computer operates in a second operational state, the newly installed software cannot be executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sebes, E. John
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US12/976,159
Publication Number

US 20110093842A1
Time in Patent Office

1,028 Days
Field of Search

717/168
US Class Current

717/168
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2147   Locking files

Solidifying the executable software set of a computer

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Solidifying the executable software set of a computer

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links