SYSTEM AND METHOD FOR INSPECTING DYNAMICALLY GENERATED EXECUTABLE CODE
First Claim
1. A system for protecting a computer from dynamically generated malicious content, comprising:
- a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe;
a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and
a receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from the security computer to the client computer, and invoking the original function at the client computer with the input, only if the indicator received from the security computer indicates that such invocation is safe. A system and a computer-readable storage medium are also described and claimed.
24 Citations
3 Claims
-
1. A system for protecting a computer from dynamically generated malicious content, comprising:
-
a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe; a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and a receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input. - View Dependent Claims (2)
-
-
3. A computer-readable storage medium storing program code for causing a computing device to:
- process content received over a network, the content including a call to a first function, and the call including an input;
transmit the input for inspection, when the first function is invoked, and suspend processing of the content; receive an indicator of whether it is safe to invoke a second function with the input; and resume processing of the content after receiving the indicator, and invoke the second function with the input only if the indicator indicates that such invocation is safe.
- process content received over a network, the content including a call to a first function, and the call including an input;
Specification