Dynamically computing reputation scores for objects
First Claim
Patent Images
1. At least one machine-readable memory comprising machine-readable instructions that, when executed by at least one processor, cause the at least one processor to perform acts comprising:
- receiving, at a current time, at least one request for at least one object, wherein the object comprises at least one of a file stored on a server or a webpage hosted on a website;
determining whether a reputation score for the at least one object exists, and if so, determining whether the reputation score is valid based at least in part on a difference between the current time and a previous time when the reputation score was known to be valid; and
in response to determining that the reputation score does not exist or is not valid, computing the reputation score for the at least one object by;
instantiating a protected virtual environment in which to execute the object,executing the object within the protected virtual environment,suspending execution of the object within the protected virtual environment, andanalyzing at least one aspect of the protected virtual environment to determine the reputation score while the execution of the object is suspended, the reputation score is computed substantially in real time with the at least one request for the file stored on the server or the webpage hosted on the website, the reputation score indicating whether the file stored on the server or the webpage hosted on the website, when loaded into and executed within the protected virtual environment, is associated with an acceptable level of risk.
2 Assignments
0 Petitions
Accused Products
Abstract
Tools and techniques for dynamically computing reputation scores for objects are described herein. The tools may provide machine-readable storage media containing machine-readable instructions for receiving requests to dynamically compute reputation scores for the objects, for instantiating protected virtual environments in which to execute the objects, and for computing the reputation score based on how the object behaves when executing within the virtual environment.
287 Citations
20 Claims
-
1. At least one machine-readable memory comprising machine-readable instructions that, when executed by at least one processor, cause the at least one processor to perform acts comprising:
-
receiving, at a current time, at least one request for at least one object, wherein the object comprises at least one of a file stored on a server or a webpage hosted on a website; determining whether a reputation score for the at least one object exists, and if so, determining whether the reputation score is valid based at least in part on a difference between the current time and a previous time when the reputation score was known to be valid; and in response to determining that the reputation score does not exist or is not valid, computing the reputation score for the at least one object by; instantiating a protected virtual environment in which to execute the object, executing the object within the protected virtual environment, suspending execution of the object within the protected virtual environment, and analyzing at least one aspect of the protected virtual environment to determine the reputation score while the execution of the object is suspended, the reputation score is computed substantially in real time with the at least one request for the file stored on the server or the webpage hosted on the website, the reputation score indicating whether the file stored on the server or the webpage hosted on the website, when loaded into and executed within the protected virtual environment, is associated with an acceptable level of risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
a server coupled to communicate with at least one client device and having one or more processors, memory, and a server-side reputation computation module stored on the memory and executable by the one or more processors to; receive, at a current time, a request for an object from the at least one client device, wherein the object comprises a webpage hosted on a website, determine whether a reputation score for the object exists, and if so, determine whether the reputation score is valid based at least in part on a difference between the current time and a previous time when the reputation score was known to be valid, and in response to determining that the reputation score does not exist or is not valid; instantiate, prior to computing a reputation score for the object, a protected virtual environment in which to execute the object, execute the object within the protected virtual environment, suspend execution of the object within the protected virtual environment, analyze at least one aspect of the protected virtual environment while the execution of the object is suspended, and dynamically compute the reputation score for the object based at least in part on the analysis of the at least one aspect of the protected virtual environment, in which the reputation score is computed substantially in real time with the request for the webpage hosted on the website, the reputation score indicating whether the webpage hosted on the website, when loaded into the protected virtual environment, operates with a level of risk below a threshold. - View Dependent Claims (16)
-
17. A method comprising:
-
receiving, at a first physical computing device and at a current time, at least one request, from a second physical computing device, for at least one object, wherein the object comprises a file stored on a server; determining whether a reputation score for the at least one object exists, and if so, determining whether the reputation score is valid based at least in part on a difference between the current time and a previous time when the reputation score was known to be valid; and in response to determining that the reputation score does not exist or is not valid, determining the reputation score for the at least one object by; instantiating, at the first physical computing device, a protected virtual environment in which to execute the object, executing the object within the protected virtual environment of the first physical computing device, suspending the execution of the object within the protected virtual environment, analyzing, at the first physical computing device, at least one aspect of the protected virtual environment while execution of the object is suspended, and computing by the first physical computing device the reputation score for the at least one object based at least in part on the analysis of the at least one aspect of the protected virtual environment, in which the reputation score is computed substantially in real time with the at least one request for the file stored on the server, the reputation score indicating whether the file stored on the server, when executed within the protected virtual environment by using a processor, operates with an acceptable risk level. - View Dependent Claims (18, 19, 20)
-
Specification