Generic privilege escalation prevention

US 9,197,660 B2
Filed: 03/15/2013
Issued: 11/24/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus for managing an application, comprising:

a memory element coupled to a processing element; and

a protection module, wherein the protection module is configured to;

identify an access token of the application;

determine if the access token is a system token;

responsive to the access token failing to be a system token, enable a runtime module coupled to the processing element;

determine whether the runtime module is enabled, wherein the runtime module is to determine whether the application has the system token;

responsive to determining the application has the system token, terminate the application; and

responsive to determining the application fails to have the system token, allow the application to execute.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module.

Citations

16 Claims

1. An apparatus for managing an application, comprising:
- a memory element coupled to a processing element; and
  
  a protection module, wherein the protection module is configured to;
  
  identify an access token of the application;
  
  determine if the access token is a system token;
  
  responsive to the access token failing to be a system token, enable a runtime module coupled to the processing element;
  
  determine whether the runtime module is enabled, wherein the runtime module is to determine whether the application has the system token;
  
  responsive to determining the application has the system token, terminate the application; and
  
  responsive to determining the application fails to have the system token, allow the application to execute.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the protection module is further configured to:
    - determine whether the application is a protected application and responsive to the application being a protected application, access the application.
  - 3. The apparatus of claim 1, wherein the protection module is further configured to:
    - responsive to the access token being a system token, disable the runtime module.
  - 4. The apparatus of claim 1, wherein the protection module is further configured to:
    - monitor a plurality of API locations with a plurality of hooks;
      
      identify an execution of a hook of the plurality of hooks, wherein determining whether the runtime module is enabled is responsive to the execution of the hook.
  - 5. The apparatus of claim 4, wherein the protection module is further configured to:
    - responsive to the runtime module being disabled, allow the application to execute.
  - 6. The apparatus of claim 1, further comprising:
    - the processing element coupled to the protection module.

7. At least one non-transitory computer readable storage medium that includes code for execution for managing an application, and when executed by a processing element is operable to:
- identify an access token of the application;
  
  determine if the access token is a system token;
  
  responsive to the access token failing to be a system token, enable a runtime module;
  
  determine whether the runtime module is enabled, wherein the runtime module is to determine whether the application has the system token;
  
  responsive to determining the application has the system token, terminate the application; and
  
  responsive to determining the application fails to have the system token, allow the application to execute.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The at least one non-transitory computer readable storage medium of claim 7, wherein the code includes further code for execution and when executed by the processing element is operable to:
    - determine whether the application is a protected application; and
      
      responsive to the application being a protected application, access the application.
  - 9. The at least one non-transitory computer readable storage medium of claim 7, wherein the code includes further code for execution and when executed by the processing element is operable to:
    - responsive to the access token being a system token, disable the runtime module.
  - 10. The at least one non-transitory computer readable storage medium of claim 7, wherein the code further includes code for execution and when executed by the processing element is operable to:
    - monitor a number of API locations for a plurality of hooks;
      
      identify an execution of a hook of the plurality of hooks, wherein determining whether the runtime module is enabled is responsive to the execution of the hook.
  - 11. The at least one non-transitory computer readable storage medium of claim 10, wherein the code further includes code for execution and when executed by the processing element is operable to:
    - responsive to the runtime module being disabled, allow the application to execute.

12. A method for managing an application, comprising:
- identifying an access token of the application;
  
  determining if the access token is a system token; and
  
  responsive to the access token failing to be a system token, enabling a runtime module coupled to a processing element;
  
  determining whether the runtime module is enabled, wherein the runtime module is to determine whether the application has the system token;
  
  responsive to determining the application has the system token, terminating the application; and
  
  responsive to determining the application fails to have the system token, allowing the application to execute.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising:
    - determining whether the application is a protected application; and
      
      responsive to the application being a protected application, accessing the application.
  - 14. The method of claim 12, further comprising:
    - responsive to the access token being a system token, disabling the runtime module.
  - 15. The method of claim 12, further comprising:
    - monitoring a number of API locations for a plurality of hooks;
      
      identifying an execution of a hook of the plurality of hooks, wherein determining whether the runtime module is enabled is responsive to the execution of the hook.
  - 16. The method of claim 15, further comprising:
    - responsive to the runtime module being disabled, allowing the application to execute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sun, Bing, Xu, Chong, Hetzler, Jeff, Bu, Zheng
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
DO, KHANG D

Application Number

US13/977,014
Publication Number

US 20140351930A1
Time in Patent Office

984 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/74   operating in dual or compar...

G06F 2221/033   Test or assess software

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/1441   Countermeasures against mal...

Generic privilege escalation prevention

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Generic privilege escalation prevention

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links