Data leak prevention from a device with an operating system

US 8,978,092 B2
Filed: 02/17/2012
Issued: 03/10/2015
Est. Priority Date: 02/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

capturing a system call issued by an application program, the system call identifying data in relation to which functionality of the system call is requested to be performed by the application program;

determining whether the system call is a potential data leaking system call from an identity of the system call itself regardless of an identity of the application program that issued the system call;

in response to determining that the system call is the potential data leaking system call, determining whether the application program is authorized to request performance of the functionality of the system call;

in response to determining that the system call is the potential leaking system call and that the application program is authorized to request the performance of the functionality of the system call, or in response determining that the system call is not the potential data leaking system call, permitting the system call to continue to an operating system for the functionality thereof to be performed without logging the performance of the functionality;

in response to determining that the application is not authorized to request the performance of the functionality of the system call, modifying the performance of the functionality of the system call by the operating system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data leak from a computer can be prevented by intercepting one or more system calls from an unknown application and applying different policies to the intercepted action associated with the system call(s) depending on the data itself and the metadata of a document associated with the system call.

22 Citations

View as Search Results

10 Claims

1. A method comprising:
- capturing a system call issued by an application program, the system call identifying data in relation to which functionality of the system call is requested to be performed by the application program;
  
  determining whether the system call is a potential data leaking system call from an identity of the system call itself regardless of an identity of the application program that issued the system call;
  
  in response to determining that the system call is the potential data leaking system call, determining whether the application program is authorized to request performance of the functionality of the system call;
  
  in response to determining that the system call is the potential leaking system call and that the application program is authorized to request the performance of the functionality of the system call, or in response determining that the system call is not the potential data leaking system call, permitting the system call to continue to an operating system for the functionality thereof to be performed without logging the performance of the functionality;
  
  in response to determining that the application is not authorized to request the performance of the functionality of the system call, modifying the performance of the functionality of the system call by the operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein permitting the system call to continue to the operating system for the functionality thereof to be performed without logging the performance of the functionality comprises:
    - encrypting the data prior to the functionality of the system call is performed so that the functionality is performed in relation to the data as encrypted.
  - 3. The method of claim 2, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - blocking the system call from continuing to the operating system so that the functionality of the system call is not performed as requested by the application program.
  - 4. The method of claim 1, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - blocking the system call from continuing to the operating system so that the functionality of the system call is not performed as requested by the application program.
  - 5. The method of claim 2, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - permitting the system call to continue to the operating system for the functionality thereof to be performed while logging the performance of the functionality to track the data in relation to which the functionality of the system call is performed.
  - 6. The method of claim 5, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - encrypting the data prior to the functionality of the system call is performed so that the functionality is performed in relation to the data as encrypted.
  - 7. The method of claim 1, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - permitting the system call to continue to the operating system for the functionality thereof to be performed while logging the performance of the functionality to track the data in relation to which the functionality of the system call is performed.
  - 8. The method of claim 7, wherein modifying the performance of the functionality of the system call by the operating system comprises:
    - encrypting the data prior to the functionality of the system call is performed so that the functionality is performed in relation to the data as encrypted.
  - 9. The method of claim 1, wherein the functionality of the system call comprises storing data on a removable external storage device.
  - 10. The method of claim 1, wherein the potential data leaking system call is any transmission or write system call that results in the data being sent or stored external to a computing device on which the application program is running to prevent the data from being purposefully leaked by a user of the application program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Balinsky, Helen, Perez, David Subiros, Simske, Steven J
Primary Examiner(s)
Gee, Jason K

Application Number

US13/398,909
Publication Number

US 20130219453A1
Time in Patent Office

1,117 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/554 involving event detection a...

Data leak prevention from a device with an operating system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Data leak prevention from a device with an operating system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links