System and method for inspecting dynamically generated executable code

  • US 7,757,289 B2
  • Filed: 12/12/2005
  • Issued: 07/13/2010
  • Est. Priority Date: 12/12/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for protecting a computer from dynamically generated malicious content, comprising:

  • receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input;

    modifying the content at the gateway computer, comprising replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection;

    transmitting the modified content from the gateway computer to the client computer;

    processing the modified content at the client computer;

    transmitting the input to the security computer for inspection when the substitute function is invoked;

    modifying the input at the security computer if the input itself includes a call to a second original function with a second input by replacing the call to the second original function with a corresponding call to a second substitute function, the second substitute function being operational to send the second input to the security computer for inspections;

    determining at the security computer whether it is safe for the client computer to invoke the original function;

    transmitting the modified input from the security computer to the client computer, if the input was modified;

    transmitting an indicator of whether it is safe for the client computer to invoke the original function, from the security computer to the client computer; and

    invoking the original function at the client computer, only if the indicator received from the security computer indicates that such invocation is safe.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×