Systems and methods for implementing computer security
First Claim
1. A computing device, comprising:
- one or more processing units;
memory; and
a first security control module, wherein the first security control module is stored in the memory and executed by one or more of the processing units to monitor integrity of files and directories, the first security control module including instructions for;
transmitting to a remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to a first operating system running on the computing device and applies to one or more applications running in the first operating system;
receiving from the remote security server a first cryptographic key uniquely associated with the first security control module;
retrieving from the remote security server a first command to collect information about the first security control module according to a set of self-verification factors;
securely transmitting the collected information to the remote security server for evaluation of integrity of the first security control module;
when the remote security server identifies an integrity failure based on the collected information;
(i) retrieving a second command from the remote security server, wherein the second command specifies a corrective action for the first security control module; and
(ii) executing the second command to correct the integrity failure;
receiving from the remote security server a specification of a first set of files and directories that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one of the one or more applications running in the first operating system;
periodically collecting metadata for the first set of files and directories and computing a content signature for each file in the first set; and
using the first cryptographic key to securely transmit the collected metadata and computed content signatures to the remote security server for evaluation of integrity against baseline data for the first set of files and directories, wherein the baseline data is stored at the remote security server.
4 Assignments
0 Petitions
Accused Products
Abstract
A security server transmits a specification of a first set of files and directories to a computing device for monitoring according to a security policy. Each of the files or directories in the first set is associated with the operating system of the computing device or associated with an application running on the computing device. The server securely receiving data collected at the remote computing device, which includes metadata for the files and directories and content signatures computed for each file. The server compares the received metadata and content signatures for each file or directory against corresponding baseline metadata and baseline content signatures. The baseline metadata and baseline content signatures are stored at the security server. When there is a mismatch between the received metadata and corresponding baseline metadata or a mismatch between a received content signature and a corresponding baseline content signature, the server performs a remedial action.
85 Citations
39 Claims
-
1. A computing device, comprising:
-
one or more processing units; memory; and a first security control module, wherein the first security control module is stored in the memory and executed by one or more of the processing units to monitor integrity of files and directories, the first security control module including instructions for; transmitting to a remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to a first operating system running on the computing device and applies to one or more applications running in the first operating system; receiving from the remote security server a first cryptographic key uniquely associated with the first security control module; retrieving from the remote security server a first command to collect information about the first security control module according to a set of self-verification factors; securely transmitting the collected information to the remote security server for evaluation of integrity of the first security control module; when the remote security server identifies an integrity failure based on the collected information; (i) retrieving a second command from the remote security server, wherein the second command specifies a corrective action for the first security control module; and (ii) executing the second command to correct the integrity failure; receiving from the remote security server a specification of a first set of files and directories that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one of the one or more applications running in the first operating system; periodically collecting metadata for the first set of files and directories and computing a content signature for each file in the first set; and using the first cryptographic key to securely transmit the collected metadata and computed content signatures to the remote security server for evaluation of integrity against baseline data for the first set of files and directories, wherein the baseline data is stored at the remote security server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A security server, comprising:
-
one or more processing units; memory; a token generation module, wherein the token generation module is stored in the memory and executed by one or more of the processing units, the token generation module including instructions for; receiving a request from a security control module running within a first operating system on a remote computing device distinct from the security server, wherein the request includes a policy identifier that identifies a security policy; generating a unique agent identity token, which includes a cryptographic key; and transmitting the agent identity token to the security control module; and an integrity validation module, wherein the integrity validation module is stored in the memory and executed by one or more of the processing units, the integrity validation module including instructions for; securely receiving from the security control module data collected about the security control module according to a set of self-verification factors; using the data collected about the security control module to evaluate integrity of the security control module; and when the evaluation identifies an integrity failure, placing one or more corrective commands in a command queue for retrieval and execution by the security control module on the remote computing device; transmitting to the security control module a specification of a first set of files and directories at the remote computing device that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one or more applications running in the first operating system; securely receiving from the security control module data collected at the remote computing device, wherein the received data includes metadata for the first set of files and directories and content signatures computed for each file in the first set; comparing the received metadata and content signatures for each file or directory in the first set against corresponding baseline metadata and baseline content signatures for the first set of files and directories, wherein the baseline metadata and baseline content signatures are stored at the security server; and when there is a mismatch between the received metadata and corresponding baseline metadata or a mismatch between a received content signature and a corresponding baseline content signature, performing a remedial action. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A non-transitory computer readable storage medium storing one or more programs configured for execution by a server system having one or more processors and memory, the one or more programs comprising a token generation module and an integrity validation module, wherein:
-
the token generation module includes instructions for; receiving a request from a security control module running within a first operating system on a remote computing device distinct from the security server, wherein the request includes a policy identifier that identifies a security policy; generating a unique agent identity token, which includes a cryptographic key; and transmitting the agent identity token to the security control module; and the integrity validation module includes instructions for; securely receiving from the security control module data collected about the security control module according to a set of self-verification factors; using the data collected about the security control module to evaluate integrity of the security control module; and when the evaluation identifies an integrity failure, placing one or more corrective commands in a command queue for retrieval and execution by the security control module on the remote computing device; transmitting to the security control module a specification of a first set of files and directories at the remote computing device that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one or more applications running in the first operating system; securely receiving from the security control module data collected at the remote computing device, wherein the received data includes metadata for the first set of files and directories and content signatures computed for each file in the first set; comparing the received metadata and content signatures for each file or directory in the first set against corresponding baseline metadata and baseline content signatures for the first set of files and directories, wherein the baseline metadata and baseline content signatures are stored at the security server; and when there is a mismatch between the received metadata and corresponding baseline metadata or a mismatch between a received content signature and a corresponding baseline content signature, performing a remedial action.
-
Specification