Data leak prevention from a device with an operating system
First Claim
Patent Images
1. A method comprising:
- capturing a system call issued by an application program, the system call identifying data in relation to which functionality of the system call is requested to be performed by the application program;
determining whether the system call is a potential data leaking system call from an identity of the system call itself regardless of an identity of the application program that issued the system call;
in response to determining that the system call is the potential data leaking system call, determining whether the application program is authorized to request performance of the functionality of the system call;
in response to determining that the system call is the potential leaking system call and that the application program is authorized to request the performance of the functionality of the system call, or in response determining that the system call is not the potential data leaking system call, permitting the system call to continue to an operating system for the functionality thereof to be performed without logging the performance of the functionality;
in response to determining that the application is not authorized to request the performance of the functionality of the system call, modifying the performance of the functionality of the system call by the operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A data leak from a computer can be prevented by intercepting one or more system calls from an unknown application and applying different policies to the intercepted action associated with the system call(s) depending on the data itself and the metadata of a document associated with the system call.
22 Citations
10 Claims
-
1. A method comprising:
-
capturing a system call issued by an application program, the system call identifying data in relation to which functionality of the system call is requested to be performed by the application program; determining whether the system call is a potential data leaking system call from an identity of the system call itself regardless of an identity of the application program that issued the system call; in response to determining that the system call is the potential data leaking system call, determining whether the application program is authorized to request performance of the functionality of the system call; in response to determining that the system call is the potential leaking system call and that the application program is authorized to request the performance of the functionality of the system call, or in response determining that the system call is not the potential data leaking system call, permitting the system call to continue to an operating system for the functionality thereof to be performed without logging the performance of the functionality; in response to determining that the application is not authorized to request the performance of the functionality of the system call, modifying the performance of the functionality of the system call by the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification