Real time lockdown
First Claim
1. A method of applying an access policy to a computer file, comprising:
- receiving, via an electronic hardware processor, a request to modify a computer file, the computer file comprising file user data and file meta data associated with the user data;
writing a first indicator to the file meta data in response to the request;
receiving, via an electronic hardware processor, a second request to execute the computer file;
determining, via an electronic hardware processor, in response to receiving the second request, the file meta data includes the first indicator;
selecting, in response to the determining, a first policy from a plurality of policies based on the file meta data including the first indicator; and
applying, via an electronic hardware processor, the selected policy to the second request.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.
-
Citations
20 Claims
-
1. A method of applying an access policy to a computer file, comprising:
-
receiving, via an electronic hardware processor, a request to modify a computer file, the computer file comprising file user data and file meta data associated with the user data; writing a first indicator to the file meta data in response to the request; receiving, via an electronic hardware processor, a second request to execute the computer file; determining, via an electronic hardware processor, in response to receiving the second request, the file meta data includes the first indicator; selecting, in response to the determining, a first policy from a plurality of policies based on the file meta data including the first indicator; and applying, via an electronic hardware processor, the selected policy to the second request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for applying an access policy to a computer file, comprising:
-
an electronic processor; a memory, operably connected to the electronic processor, and storing instructions that configure the electronic processor to; receive a request to modify a computer file, the computer file comprising file user data and file meta data associated with the user data; write a first indicator to the file meta data in response to the request; receive a second request to execute the computer file; determine, in response to receiving the second request, the file meta data includes the first indicator; select, in response to the determining, a first policy from a plurality of policies based on the file meta data including the first indicator; and apply the selected policy to the second request. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium comprising instructions that when executed cause an electronic processor to apply an access policy to a computer file by:
-
receiving a request to modify a computer file, the computer file comprising file user data and file meta data associated with the user data; writing a first indicator to the file meta data in response to the request; receiving a second request to execute the computer file; determining, in response to receiving the second request, the file meta data includes the first indicator; selecting, in response to the determining, a first policy from a plurality of policies based on the file meta data including the first indicator; and applying the selected policy to the second request. - View Dependent Claims (16, 17, 18, 19)
-
-
20. An apparatus for applying an access policy to a computer file comprising:
-
means for receiving a request to modify a computer file, the computer file comprising file user data and file meta data associated with the user data; means for writing a first indicator to the file meta data in response to the request; means for receiving a second request to execute the computer file; means for determining, in response to receiving the second request, the file meta data includes the first indicator; means for selecting, in response to the determining that the file metadata includes the first indicator, a first policy from a plurality of policies based on the file meta data including the first indicator; and means for applying the selected policy to the second request.
-
Specification