Application-specific re-adjustment of computer security settings

US 8,925,076 B2
Filed: 12/11/2012
Issued: 12/30/2014
Est. Priority Date: 12/11/2012
Status: Active Grant

First Claim

Patent Images

1. In a computing device comprising a plurality of computing resources including computing hardware and an operating system executing on the computing hardware, and a plurality of applications interfaced with the computing resources, a method for rapid automatic re-adjustment of a security application to various application execution scenarios, the method comprising:

storing a plurality of application execution scenario definitions for each of the plurality of applications, each application execution scenario definition representing a specific subset of functionality of a corresponding application, the specific subset of functionality being defined by corresponding operational settings of that application that cause specific operations to be performed in the computing device utilizing specific combinations of the computing resources;

storing a plurality of sets of security application configuration instructions, each set of security application configuration instructions corresponding to at least one of the application execution scenario definitions;

assessing, by the computing device, a current operational situation of the computing device, and determining if the current operational situation includes an application execution scenario being executed that corresponds to any of the stored plurality of application execution scenario definitions;

in response to the determining, executing, by the computing device, a set of security application configuration instructions corresponding to each current application execution scenario being executed, such that in response to the executing of the security application configuration instructions, the security application is adjusted to perform a specific subset of security functionality that is particularized to the current at least one of the application execution scenarios.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for re-adjustment of a security application to various application execution scenarios. Application execution scenarios for each of a set of software applications are created, each representing a specific subset of functionality of a corresponding application. Sets of security application configuration instructions are stored, each corresponding to at least one of the application execution scenarios. A current one or more of the application execution scenarios that is being executed in the computing device is determined and, in response, a set of security application configuration instructions corresponding to each current application execution scenario are carried out, such that the security application is adjusted to perform a specific subset of security functionality that is particularized to the current one or more of the application execution scenarios.

24 Citations

View as Search Results

28 Claims

1. In a computing device comprising a plurality of computing resources including computing hardware and an operating system executing on the computing hardware, and a plurality of applications interfaced with the computing resources, a method for rapid automatic re-adjustment of a security application to various application execution scenarios, the method comprising:
- storing a plurality of application execution scenario definitions for each of the plurality of applications, each application execution scenario definition representing a specific subset of functionality of a corresponding application, the specific subset of functionality being defined by corresponding operational settings of that application that cause specific operations to be performed in the computing device utilizing specific combinations of the computing resources;
  
  storing a plurality of sets of security application configuration instructions, each set of security application configuration instructions corresponding to at least one of the application execution scenario definitions;
  
  assessing, by the computing device, a current operational situation of the computing device, and determining if the current operational situation includes an application execution scenario being executed that corresponds to any of the stored plurality of application execution scenario definitions;
  
  in response to the determining, executing, by the computing device, a set of security application configuration instructions corresponding to each current application execution scenario being executed, such that in response to the executing of the security application configuration instructions, the security application is adjusted to perform a specific subset of security functionality that is particularized to the current at least one of the application execution scenarios.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the security application comprises a plurality of distinct security modules, each of the security modules adapted to provide a corresponding security-related functionality based on one or more adjustable operational parameters when executed via the computing resources, wherein adjustment of the one or more adjustable operational parameters for each of the security modules controls allocation of available computing resources to that module.
  - 3. The method of claim 1, wherein the specific subset of security functionality that is particularized to the current at least one of the application execution scenario definitions preferentially performs security functionality predetermined to be essential for compliance with an assigned security policy for the computing device, and excludes certain other security functionality predetermined to be non-essential for compliance with the security policy, resulting in conservation of computing capacity associated with the certain other security functionality that is excluded.
  - 4. The method of claim 1, wherein storing the plurality of predefined application execution scenario definitions and storing the plurality of sets of security application configuration instructions are performed by the computing device.
  - 5. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its criteria for selection of computing resources that are associated with an application being executed and that are subject to antivirus evaluation.
  - 6. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its threshold criteria defining detection of malware.
  - 7. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its firewall settings.
  - 8. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its data encryption practices.
  - 9. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its application monitoring practices.
  - 10. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change its heuristic analysis algorithm.
  - 11. The method of claim 1, wherein executing the set of security application configuration instructions results in configuring the security application to change an algorithm for determining security risk rating of applications or associated computing resources.
  - 12. The method of claim 1, further comprising:
    - assessing a current availability of computing capacity on the computing device; and
      
      wherein the executing of the set of security application configuration instructions includes taking into account the current availability of computing capacity, wherein for a given application execution scenario being executed, a change in the current availability of the computing capacity results in a change in the outcome of the execution of the application configuration instructions.
  - 13. The method of claim 1, further comprising:
    - receiving, from a remote computing device, the plurality of application execution scenario definitions.
  - 14. The method of claim 1, further comprising:
    - receiving, from a remote computing device, the plurality of application execution scenario definitions, wherein each of the predefined application execution scenario definitions has been determined as a result of automated emulation of the corresponding application in a virtual computing environment that is based on a particular configuration of the computing device; and
      
      receiving, from a remote computing device, the plurality of sets of security application configuration instructions, wherein each set of the security application configuration instructions has been generated based on automated emulation of the security application in the virtual computing environment in conjunction with the automated emulation of the corresponding application, wherein specific security operations associated with execution of the corresponding application are determined based on responsiveness of emulated execution of the security application to events created by emulated execution of the corresponding application.
  - 15. The method of claim 1, further comprising:
    - storing, by the computing device, an application operations log containing events resulting from operations of each of the plurality of applications;
      
      storing by the computing device, a security application operations log containing security operations performed by the security application;
      
      providing the application operations log and the security application operations log to a settings generator module that determines causal associations between the security operations and the events resulting from operations of each of the plurality of applications, and determines the sets of security application configuration instructions based on the causal associations.
  - 16. The method of claim 1, wherein the security functionality includes at least one of a blacklist and a whitelist, and wherein executing the set of security application configuration instructions results in configuring the security application to change its use of the at least one of a blacklist and whitelist.

17. A system for configuring a target computing device to automatically perform rapid automatic re-adjustment of a security application on a target computing device to various application execution scenarios, comprising:
- a set of at least one computing device, including the target computing device, each one of which includes computing hardware and an operating system executing on the computing hardware, and wherein at least the target computing device further includes a plurality of applications interfaced with computing resources of the target computing device and a security application having configurable operational settings;
  
  an application execution scenario evaluation module executable on the set of at least one computing device, the application execution scenario evaluation module configured to define application execution scenarios for each of the plurality of applications, wherein each application execution scenario definition represents a specific subset of functionality of a corresponding application, the specific subset of functionality being defined by corresponding operational settings of that application that cause specific operations to be performed in the target computing device utilizing specific combinations of the computing resources of the target computing device;
  
  a security settings generator module executable on the set of at least one computing device and operatively coupled to the application execution scenario evaluation module, the security settings generator module configured to generate a plurality of sets of security application configuration instructions, each set of security application configuration instructions corresponding to at least one of the application execution scenario definitions and adapted to adjust the security application to perform a specific subset of security functionality that is particularized to a current at least one application execution scenario being currently executed on the target computing device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The system of claim 17, wherein the security application comprises a plurality of distinct security modules, each of the security modules adapted to provide a corresponding security-related functionality based on one or more adjustable operational parameters when executed via the computing resources of the target computing device, wherein adjustment of the one or more adjustable operational parameters for each of the security modules controls allocation of available computing resources to that module.
  - 19. The system of claim 17, wherein the set of at least one computing device further includes at least one server that is remote from the target computing device, wherein the application execution scenario evaluation module and the security settings generator module are executed on the at least one server.
  - 20. The system of claim 17, wherein the application execution scenario evaluation module is adapted to determine security functionality that is essential for compliance with an assigned security policy for the target computing device;
    - andwherein the security settings generator module is configured to generate the plurality of sets of security application configuration instructions such that the specific subset of security functionality that is particularized to the current at least one of the application execution scenarios preferentially excludes certain other security functionality determined to be non-essential for compliance with the security policy, resulting in conservation of computing capacity of the target computing device associated with the certain other security functionality that is excluded.
  - 21. The system of claim 17, wherein the security application configuration instructions are adapted to configure the security application to change its criteria for selection of computing resources that are associated with an application being executed and that are subject to antivirus evaluation.
  - 22. The system of claim 17, wherein the security application configuration instructions are adapted to configure the security application to change its threshold criteria defining detection of malware.
  - 23. The system of claim 17, wherein the security application configuration instructions are adapted to change its application monitoring practices.
  - 24. The system of claim 17, wherein the security application configuration instructions include decision logic that takes into account a current availability of computing capacity on the target computing device, such that, for a given application execution scenario being currently executed, a change in the current availability of the computing capacity results in the security application configuration instructions causing a change in application configuration settings.
  - 25. The system of claim 17, wherein the application execution scenario evaluation module includes a virtual environment that performs automated emulation of each application based on a particular configuration of the computing device;
    - andwherein the virtual environment further performs automated emulation of the security application in conjunction with the automated emulation of the corresponding application, wherein specific security operations associated with execution of the corresponding application are determined based on responsiveness of emulated execution of the security application to events created by emulated execution of the corresponding application.
  - 26. The system of claim 17, further comprising:
    - an application operations log containing events resulting from operations of each of the plurality of applications; and
      
      a security application operations log containing security operations performed by the security application;
      
      wherein the security settings generator module determines causal associations between the security operations and the events resulting from operations of each of the plurality of applications, and determines the sets of security application configuration instructions based on the causal associations.
  - 27. The system of claim 17, wherein the set of at least one computing device includes a plurality of geographically-distributed computing devices including a local group and a greater plurality of computing devices, the local group including the target computing device;
    - andwherein the system further comprises;
      
      a global database module executable on the set of at least one computing device and operatively coupled to the security settings generator module, the global database module containing a plurality of application execution scenario definitions and corresponding sets of security application configuration criteria corresponding to a plurality of applications present on the local group, and on the greater group of computing devices;
      
      a local setup rules database module executable on the set of at least one computing device and operably coupled to the local database module, the local setup rules database module containing a local subset of the plurality of application execution scenario definitions and corresponding sets of security application configuration criteria stored in the global database module, the local subset including only security application configuration criteria corresponding to the local group of computing devices; and
      
      wherein the security settings generator module is configured to generate the plurality of sets of security application configuration instructions for each of the computing devices of the local group based on the local subset of the plurality of application execution scenario definitions and corresponding sets of security application configuration criteria, and on system configuration information for each of the computing devices of the local group.
  - 28. The system of claim 17, wherein the security functionality includes at least one of a blacklist and a whitelist, and wherein the security application configuration instructions are adapted to configure the security application to change its said at least one of the blacklist and whitelist.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Kaspersky Lab ZAO
Inventors
Zaitsev, Oleg V.
Primary Examiner(s)
Gergiso, Techane
Assistant Examiner(s)
Ho, Thomas

Application Number

US13/711,195
Publication Number

US 20140165130A1
Time in Patent Office

749 Days
Field of Search

713/166, 726/22
US Class Current

726/22
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/52   during program execution, e...

G06F 21/554   involving event detection a...

Application-specific re-adjustment of computer security settings

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Application-specific re-adjustment of computer security settings

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links