Real time lockdown
First Claim
1. A method of managing access to a computer file stored by a computer file system, the computer file comprising file data and file meta data, the method comprising:
- generating, via an electronic processor, a hash based at least in part on the file meta data;
writing the hash to the file meta data;
writing a first indicator to the file meta data in response to detecting an attempt to modify the computer file; and
applying, via an electronic processor, an access policy to the computer file based at least partially on the hash in the file meta data.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.
108 Citations
16 Claims
-
1. A method of managing access to a computer file stored by a computer file system, the computer file comprising file data and file meta data, the method comprising:
-
generating, via an electronic processor, a hash based at least in part on the file meta data; writing the hash to the file meta data; writing a first indicator to the file meta data in response to detecting an attempt to modify the computer file; and applying, via an electronic processor, an access policy to the computer file based at least partially on the hash in the file meta data. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus for managing access to a computer file stored by a computer file system, the computer file comprising file data and file meta data, the apparatus comprising:
-
An electronic processor; a memory, operably connected to the electronic processor, the memory configured to store instructions that configure the processor to; generate a hash based at least in part on the file meta data, write the hash to the file meta data, write a first indicator to the file meta data in response to detecting an attempt to modify the computer file, and apply an access policy to the computer file based at least partially on the hash in the file meta data. - View Dependent Claims (6, 7, 8)
-
-
9. An apparatus for managing access to a computer file stored by a computer file system, the computer file comprising file data and file meta data, the apparatus comprising:
-
an electronic processor; a memory, operably connected to the electronic processor; means for generating a hash based at least in part on the file meta data; means for writing the hash to the file meta data; means for writing a first indicator to the file meta data in response to an attempt to modify the computer file; and means for applying an access policy to the computer file based at least partially on the hash in the file meta data. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium comprising instructions that when executed cause an electronic processor to perform a method of managing access to a computer file stored by a computer file system, the computer file comprising file data and file meta data, the method comprising:
-
generating a hash based at least in part on the file meta data; writing the hash to the file meta data; writing a first indicator to the file meta data in response to detecting an attempt to modify the computer file; and applying an access policy to the computer file based at least partially on the hash in the file meta data. - View Dependent Claims (15, 16)
-
Specification