Secure system for allowing the execution of authorized computer program code
First Claim
1. A method comprising:
- intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;
selectively authorizing, by the kernel mode driver, the code module by authenticating a content authenticator of the code module with reference to a multi-level whitelist, the multi-level whitelist comprising (i) a global whitelist database remote from the computer system, the global whitelist database containing content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules;
allowing the file system or operating system activity relating to the code module when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist; and
blocking the file system or operating system activity relating to the code module when the content authenticator does not match any of the content authenticators of approved code modules within the multi-level whitelist.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by the kernel mode driver by authenticating a content authenticator of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that contains content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules. The activity relating to the code module is allowed when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist.
109 Citations
20 Claims
-
1. A method comprising:
-
intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; selectively authorizing, by the kernel mode driver, the code module by authenticating a content authenticator of the code module with reference to a multi-level whitelist, the multi-level whitelist comprising (i) a global whitelist database remote from the computer system, the global whitelist database containing content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules; allowing the file system or operating system activity relating to the code module when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist; and blocking the file system or operating system activity relating to the code module when the content authenticator does not match any of the content authenticators of approved code modules within the multi-level whitelist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for authenticating dependent code modules comprising:
-
intercepting, by a kernel mode driver of the computer system, file system or operating system activity relating to a code module; selectively authorizing, by the kernel mode driver, the code module by authenticating a content authenticator of the code module with reference to a multi-level whitelist, the multi-level whitelist comprising (i) a global whitelist database remote from the computer system and maintained by a trusted service provider, the global whitelist database containing content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules; allowing the file system or operating system activity relating to the code module when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist; and blocking the file system or operating system activity relating to the code module when the content authenticator does not match any of the content authenticators of approved code modules within the multi-level whitelist. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification