Method and process for virtualizing network interfaces

US 20020065874A1
Filed: 11/29/2000
Published: 05/30/2002
Est. Priority Date: 11/29/2000
Status: Abandoned Application

First Claim

Patent Images

1. A system for securing an application for execution on a computer, the system comprising:

a server computer;

a network; and

a client computer operably connected to the server computer via the network;

wherein the client computer receives an application from the server computer;

wherein the client computer executes the application subsequent to receiving the application; and

wherein the client computer includes an interception module for intercepting at least one network request from the application, wherein the interception module determines whether the destination address is listed in a set of approved addresses, and wherein the interception module notifies a proxy that the request is intercepted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing an application for execution in a computer. In one embodiment, a preprocessor module modifies an application binary such that the application invokes an interception module in response to invoking certain system calls. The interception module prevents the application from adversely affecting the operating of a computer that is executing the application. Furthermore, the interception module protects the contents of the application from improper access by a user of the computer. For example, the interception module transparently encrypts all files that are used by the application such that a user of the computer cannot improperly access these files.

54 Citations

View as Search Results

24 Claims

1. A system for securing an application for execution on a computer, the system comprising:
- a server computer;
  
  a network; and
  
  a client computer operably connected to the server computer via the network;
  
  wherein the client computer receives an application from the server computer;
  
  wherein the client computer executes the application subsequent to receiving the application; and
  
  wherein the client computer includes an interception module for intercepting at least one network request from the application, wherein the interception module determines whether the destination address is listed in a set of approved addresses, and wherein the interception module notifies a proxy that the request is intercepted.

2. A method of securing an application for execution on a computer, the method comprising:
- modifying a binary of the application such that a request from the application to transmit data over the network is intercepted, wherein the request identifies a destination address; and
  
  determining whether the destination address is listed in a set of approved addresses.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 3. The method of claim 2, additionally comprising notifying a proxy that the request is intercepted.
  - 4. The method of claim 2, additionally comprising inserting in an import table a reference to an interception module, wherein the reference is inserted in the import table such that the interception module is invoked in response to loading of the application, and wherein the interception module intercepts the request from the application.
  - 5. The method of claim 2, wherein the network request is an network accept request and wherein the method additionally comprises:
    - determining whether there is an entry in a connection queue;
      
      if there is no entry in the connection queue, blocking until there is an entry in the connection queue.
  - 6. The method of claim 2, wherein the network request is an network accept request and wherein the method additionally comprises:
    - determining whether there is an entry in a connection queue;
      
      if there is no entry in the connection queue, returning a message indicating that there is no entry in the connection queue.
  - 7. The method of claim 2, wherein the network request is a network send request and wherein the method additionally comprises writing the content of a buffer that is provided by the application into a send queue.
  - 8. The method of claim 2, wherein the network request is a network receive request and wherein the method additionally comprises reading the contents of a buffer that is in a proxy table and returning the contents of the buffer to the application.
  - 9. The method of claim 2, wherein the network request is a socket request and wherein the method additionally comprises recording the socket request and transmitting to the application a unique socket identifier.
  - 10. The method of claim 2, wherein the network request is a network bind request and wherein the method additionally comprises obfuscating the network address.
  - 11. The method of claim 2, wherein the network request is a network connect request and wherein the method additionally comprises updating a status flag indicating that a socket that is identified by the network is virtually connected to a selected destination socket.
  - 12. The method of claim 2, wherein the network request is a network listen request and wherein the method additionally comprises updating a status flag indicating that a socket is listening for communications from remote destinations.
  - 13. The method of claim 4, additionally comprising encrypting the data.
  - 15. The system of claim 14, additionally comprising means for notifying a proxy that the request is intercepted.
  - 16. The system of claim 14, wherein the network request is an network accept request and wherein the method additionally comprises:
    - means for determining whether there is an entry in a connection queue; and
      
      means for if there is no entry in the connection queue, blocking until there is an entry in the connection queue.
  - 17. The system of claim 14, wherein the network request is a network send request and wherein the method additionally comprises writing the content of a buffer that is provided by the application into a send queue.
  - 18. The method of claim 14, wherein the network request is a network receive request and wherein the method additionally comprises writing the contents of a buffer that is that is in a proxy table and returning the contents to the application.
  - 19. The system of claim 14, wherein the network request is a socket request and wherein the method additionally comprises recording the socket request and transmitting to the application a unique socket identifier.
  - 20. The system of claim 14, wherein the network request is a network bind request and wherein the method additionally comprises obfuscating the network address.
  - 21. The system of claim 14, wherein the network request is a network connect request and wherein the method additionally comprises updating a status flag indicating that a socket that is identified by the network is virtually connected to a selected destination socket.
  - 22. The system of claim 14, wherein the network request is a network listen request and wherein the method additionally comprises updating a status flag indicating that a socket is listening for communications from remote destinations.
  - 23. The system of claim 14, additionally comprising means for encrypting the data.

14. A system for securing an application for execution on a computer, the system comprising:
- means for modifying a binary of the application such that a request from the application to transmit data over the network is intercepted, wherein the request identifies a destination address; and
  
  means for determining whether the destination address is listed in a set of approved addresses.

24. A system for securing an application for execution on a computer, the system comprising:
- a preprocessor module for modifying the binary of an application such that a request to transmit data over the network is intercepted, wherein the request identifies a destination address, wherein the interception module determines whether the destination address is listed in a set of approved addresses, and wherein the interception module notifies a proxy that the request is intercepted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entropia, Inc. (Ideal Group SA)
Original Assignee
Entropia, Inc. (Ideal Group SA)
Inventors
Gatlin, Kang Su, Marlin, Shawn, Chen, Ying-Hung, Calder, Brad, Chien, Andrew

Application Number

US09/727,108
Publication Number

US 20020065874A1
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

G06F 21/126   Interacting with the operat...

G06F 21/54   by adding security routines...

H04L 63/101   Access control lists [ACL]

H04L 67/289   Intermediate processing fun...

H04L 67/561   Adding application-function...

H04L 67/563   Data redirection of data ne...

H04L 67/564   Enhancement of application ...

H04L 69/162   involving adaptations of so...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method and process for virtualizing network interfaces

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method and process for virtualizing network interfaces

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others