Disambiguating conflicting content filter rules
First Claim
1. A method of protecting a computing device against exploitation by active content downloaded over a network, comprising:
- instantiating an active content filter (ACF) application in association with the computing device;
associating a risk value to each of a set of content filtering rules implemented by the ACF application;
associating a risk level to the ACF application that implements the content filtering rules;
upon receipt of active content, determining whether applying first and second rules of the set of content filtering rules to the active content results in a content filtering ambiguity;
when applying the first and second rules to the active content results in a content filtering ambiguity, comparing risk values of each of the first and second rules with the risk level of the ACF application and, in response to the comparison, selecting one of the first and second rules whose risk value has a predetermined relationship to the risk level of the ACF application to thereby provide an improved ACF application; and
applying the selected one of the first and second rules to filter the active content to enhance protection of the computing device against exploitation by the active content.
1 Assignment
0 Petitions
Accused Products
Abstract
A content filtering mechanism is enhanced to resolve conflicts in filtering rules (e.g., those created by a whitelist, on the one hand, and a blacklist, on the other hand). Preferably, a conflict between or among content filtering rules is resolved by selecting among conflicting rules based on a notion of “risk” associated with the rules. According to this risk-based approach, when two or more rules conflict with one another, the particular rule whose risk value has a predetermined relationship (e.g., aligns most closely) with a risk level associated with the application (applying the rules) then takes precedence. By selecting among conflicting rules based on risk, the potential or actual conflicts are disambiguated, with the result being that the content is filtered appropriately.
10 Citations
17 Claims
-
1. A method of protecting a computing device against exploitation by active content downloaded over a network, comprising:
-
instantiating an active content filter (ACF) application in association with the computing device; associating a risk value to each of a set of content filtering rules implemented by the ACF application; associating a risk level to the ACF application that implements the content filtering rules; upon receipt of active content, determining whether applying first and second rules of the set of content filtering rules to the active content results in a content filtering ambiguity; when applying the first and second rules to the active content results in a content filtering ambiguity, comparing risk values of each of the first and second rules with the risk level of the ACF application and, in response to the comparison, selecting one of the first and second rules whose risk value has a predetermined relationship to the risk level of the ACF application to thereby provide an improved ACF application; and applying the selected one of the first and second rules to filter the active content to enhance protection of the computing device against exploitation by the active content. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to protect the computer device apparatus against exploitation by active content downloaded over a network by the following operations; instantiating an active content filter (ACF) application in association with the computing device; associating a risk value to each of a set of content filtering rules implemented by the ACF application; associating a risk level to the ACF application that implements the content filtering rules; upon receipt of active content, determining whether applying first and second rules of the set of content filtering rules to the active content results in a content filtering ambiguity; when applying the first and second rules to the active content results in a content filtering ambiguity, comparing risk values of each of the first and second rules with the risk level of the ACF application and, in response to the comparison, selecting one of the first and second rules whose risk value has a predetermined relationship to the risk level of the ACF application to thereby provide an improved ACF application; and applying the selected one of the first and second rules to filter the active content to enhance protection of the computing device against exploitation by the active content. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product in a non-transitory computer readable medium for use in a computing device, the computer program product holding computer program instructions which, when executed by the computing device, perform a method of protecting the computing device against exploitation by active content downloaded over a network, the method comprising:
-
instantiating an active content filter (ACF) application in association with the computer device; associating a risk value to each of a set of content filtering rules implemented by the ACF application; associating a risk level to the ACF application that implements the content filtering rules; upon receipt of active content, determining whether applying first and second rules of the set of content filtering rules to the active content results in a content filtering ambiguity; when applying the first and second rules to the active content results in a content filtering ambiguity, comparing risk values of each of the first and second rules with the risk level of the ACF application and, in response to the comparison, selecting one of the first and second rules whose risk value has a predetermined relationship to the risk level of the ACF application to thereby provide an improved ACF application; and applying the selected one of the first and second rules to filter the active content to enhance protection of the computing device against exploitation by the active content. - View Dependent Claims (14, 15, 16, 17)
-
Specification