Systems and methods for controlling an application launch based on a security policy

US 10,747,874 B2
Filed: 05/22/2018
Issued: 08/18/2020
Est. Priority Date: 05/22/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for controlling an application launch based on a security policy, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:

loading, by the computing device, an application launcher into a security sandbox;

monitoring, by the computing device, one or more functions associated with launching an application from the application launcher;

determining, by the computing device, that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device;

querying, by the computing device, a policy manager comprising a security policy to determine whether the application is potentially harmful; and

performing, by the computing device, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox upon determining that the application is potentially harmful.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.

6 Citations

20 Claims

1. A computer-implemented method for controlling an application launch based on a security policy, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:
- loading, by the computing device, an application launcher into a security sandbox;
  
  monitoring, by the computing device, one or more functions associated with launching an application from the application launcher;
  
  determining, by the computing device, that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device;
  
  querying, by the computing device, a policy manager comprising a security policy to determine whether the application is potentially harmful; and
  
  performing, by the computing device, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox upon determining that the application is potentially harmful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, further comprising performing, by the computing device, based on the security policy, a security action allowing the application launcher to launch the application from the security sandbox upon determining that the application is not potentially harmful.
  - 3. The computer-implemented method of claim 1, wherein monitoring, by the computing device, the one or more functions associated with launching an application from the application launcher comprises monitoring an activity manager associated with the application launcher for the initiation function.
  - 4. The computer-implemented method of claim 1, wherein querying, by the computing device, the policy manager comprising the security policy to determine whether the application is potentially harmful comprises scanning the application using the policy manager to determine, based on the security policy, whether the application is potentially harmful.
  - 5. The computer-implemented method of claim 1, wherein querying, by the computing device, the policy manager comprising the security policy to determine whether the application is potentially harmful comprises querying the policy manager for a blacklist to determine whether the application is potentially harmful.
  - 6. The computer-implemented method of claim 1, wherein performing, by the computing device, based on the security policy, the security action to prevent the application launcher from launching the potentially harmful application from the security sandbox upon determining that the application is potentially harmful comprises blocking the application from being executed upon determining, at an application run-time, that the application is potentially harmful.
  - 7. The computer-implemented method of claim 1, wherein the security policy is based on one or more of a time and a location associated with the launching of the application.
  - 8. The computer-implemented method of claim 1, wherein the potentially harmful application comprises at least one of malware and grayware.
  - 9. The computer-implemented method of claim 1, wherein the application launcher comprises a mobile device application launcher.

10. A system for controlling an application launch based on a security policy, the system comprising:
- a loading module, stored in memory, that loads an application launcher into a security sandbox on a computing device;
  
  a monitoring module, stored in the memory, that monitors one or more functions associated with launching an application from the application launcher;
  
  a determining module, stored in the memory, that determines the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device;
  
  a query module, stored in the memory, that queries a policy manager comprising a security policy to determine whether the application is potentially harmful;
  
  a security module, stored in the memory, that performs, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox on the computing device upon determining that the application is potentially harmful; and
  
  at least one physical hardware processor that executes the loading module, the monitoring module, the determining module, the query module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the security module further performs, based on the security policy, a security action allowing the application launcher to launch the application from the security sandbox upon determining that the application is not potentially harmful.
  - 12. The system of claim 10, wherein the monitoring module monitors the one or more functions associated with launching the application from the application launcher by monitoring an activity manager associated with the application launcher for the initiation function.
  - 13. The system of claim 10, wherein the query module queries the policy manager comprising the security policy to determine whether the application is potentially harmful by scanning the application using the policy manager to determine, based on the security policy, whether the application is potentially harmful.
  - 14. The system of claim 10, wherein the query module queries the policy manager comprising the security policy to determine whether the application is potentially harmful by querying the policy manager for a blacklist to determine whether the application is potentially harmful.
  - 15. The system of claim 10, wherein the security module performs, based on the security policy, the security action to prevent the application launcher from launching the potentially harmful application from the security sandbox on the computing device upon determining that the application is potentially harmful by blocking the application from being executed on the computing device upon determining, at an application run-time, that the application is potentially harmful.
  - 16. The system of claim 10, wherein the security policy is based on one or more of a time and a location associated with the launching of the application on the computing device.
  - 17. The system of claim 10, wherein the potentially harmful application comprises at least one of malware and grayware.
  - 18. The system of claim 10, wherein the application launcher comprises a mobile device application launcher.

19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one hardware processor of a computing device, cause the computing device to:
- load an application launcher into a security sandbox on the computing device;
  
  monitor one or more functions associated with launching an application from the application launcher;
  
  determine that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device;
  
  query a policy manager comprising a security policy to determine whether the application is potentially harmful; and
  
  perform, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox on the computing device upon determining that the application is potentially harmful.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the one or more computer-executable instructions further cause the computing device to perform, based on the security policy, a security action allowing the application launcher to launch the application from the security sandbox on the computing device upon determining that the application is not potentially harmful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
NortonLifeLock Inc.
Inventors
Salehpour, Jonathon, Kruayatidee, Somard, Stanev, Rad
Primary Examiner(s)
Chai, Longbit

Application Number

US15/985,734
Publication Number

US 20190362067A1
Time in Patent Office

819 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

Systems and methods for controlling an application launch based on a security policy

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling an application launch based on a security policy

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links