Malicious mobile code runtime monitoring system and methods
DC CAFCFirst Claim
1. A system for determining whether a downloadable is suspicious, comprising:
- at least one processor for accessing elements stored in at least one memory associated with the at least one processor and for executing instructions associated with the elements, the elements including;
a plurality of operating system probes operating substantially in parallel for monitoring a plurality of subsystems of the operating system during runtime for an event caused from a request made by a downloadable;
an interrupter for interrupting processing of the request;
a first comparator coupled to the plurality of operating system probes for comparing information pertaining to the downloadable against a predetermined security policy, wherein the information pertaining to the downloadable includes information pertaining to an operation of the downloadable and distinct from information pertaining to the request; and
a response engine for performing a predetermined responsive action based on the comparison.
6 Assignments
Litigations
1 Petition
Accused Products
Abstract
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.
-
Citations
16 Claims
-
1. A system for determining whether a downloadable is suspicious, comprising:
-
at least one processor for accessing elements stored in at least one memory associated with the at least one processor and for executing instructions associated with the elements, the elements including; a plurality of operating system probes operating substantially in parallel for monitoring a plurality of subsystems of the operating system during runtime for an event caused from a request made by a downloadable; an interrupter for interrupting processing of the request; a first comparator coupled to the plurality of operating system probes for comparing information pertaining to the downloadable against a predetermined security policy, wherein the information pertaining to the downloadable includes information pertaining to an operation of the downloadable and distinct from information pertaining to the request; and a response engine for performing a predetermined responsive action based on the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for reviewing an operating system call issued by a downloadable, comprising:
-
at least one processor for accessing elements stored in at least one memory associated with the at least one processor and for executing instructions associated with the elements, the elements including; a plurality of operating system probes for monitoring substantially in parallel a plurality of subsystems of an operating system during runtime for an event caused from a request made by a Downloadable, wherein the plurality of subsystems includes a network system; an interrupter for interrupting processing of the request; a comparator coupled to the plurality of operating system probes for comparing information pertaining to the Downloadable against a predetermined security policy; and a response engine for performing a predetermined responsive action based on the comparison. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification