System and method for inspecting dynamically generated executable code

DC CAFC

US 8,141,154 B2
Filed: 06/14/2010
Issued: 03/20/2012
Est. Priority Date: 12/12/2005
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system for protecting a computer from dynamically generated malicious content, comprising:

a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe;

a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and

a receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input.

View all claims

7 Assignments

Timeline View

Assignment View

Litigations

7 Petitions

Accused Products

Abstract

A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from the security computer to the client computer, and invoking the original function at the client computer with the input, only if the indicator received from the security computer indicates that such invocation is safe. A system and a computer-readable storage medium are also described and claimed.

61 Citations

View as Search Results

12 Claims

1. A system for protecting a computer from dynamically generated malicious content, comprising:
- a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe;
  
  a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and
  
  a receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein said content processor (i) suspends processing of the content after said transmitter transmits the input to the security computer, and (ii) resumes processing of the content after said receiver receives the indicator from the security computer.
  - 3. The system of claim 1 wherein the input is dynamically generated by said content processor prior to being transmitted by said transmitter.

4. A non-transitory computer-readable storage medium storing program code for causing a computing device to:
- process content received over a network, the content including a call to a first function, and the call including an input;
  
  transmit the input for inspection, when the first function is invoked, and suspend processing of the content;
  
  receive an indicator of whether it is safe to invoke a second function with the input; and
  
  resume processing of the content after receiving the indicator, and invoke the second function with the input only if the indicator indicates that such invocation is safe.
- View Dependent Claims (5)
- - 5. The non-transitory computer-readable storage medium of claim 4 wherein the program code causes the computer device to dynamically generate the input prior to transmitting the input for inspection.

6. A system for protecting a computer from dynamically generated malicious content, comprising:
- a content processor (i) for processing content received over a network, the content including a call to a first function, and the first function including an input variable, and (ii) for calling a second function with a modified input variable;
  
  a transmitter for transmitting the input variable to a security computer for inspection, when the first function is called; and
  
  a receiver for receiving the modified input variable from the security computer,wherein the modified input variable is obtained by modifying the input variable if the security computer determines that calling a function with the input variable may not be safe.
- View Dependent Claims (7, 8, 9)
- - 7. The system of claim 6 wherein said content processor (i) suspends processing of the content after said transmitter transmits the input variable to the security computer, and (ii) resumes processing of the content after said receiver receives the modified input variable from the security computer.
  - 8. The system of claim 6 wherein the input variable is dynamically generated by said content processor prior to being transmitted by said transmitter.
  - 9. The system of claim 6 wherein the input variable includes a call to an additional function, and wherein the modified input variable includes a call to a modified additional function instead of the call to the additional function.

10. A non-transitory computer-readable storage medium storing program code for causing a computing device to:
- process content received over a network, the content including a call to a first function, and the first function including an input variable;
  
  transmit the input variable for inspection, when the first function is called, and suspend processing of the content;
  
  receive a modified input variable; and
  
  resume processing of the content after receiving the modified input variable, and calling a second function with the modified input variable,wherein the modified input variable is obtained by modifying the input variable if the inspection of the input variable indicates that calling a function with the input variable may not be safe.
- View Dependent Claims (11, 12)
- - 11. The non-transitory computer-readable storage medium of claim 10 wherein the program code causes the computer device to dynamically generate the input variable prior to transmitting the input variable for inspection.
  - 12. The non-transitory computer-readable storage medium of claim 10 wherein the input variable includes a call to an additional function, and wherein the modified input variable includes a call to a modified additional function instead of the call to the additional function.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan, Inc. (SoftBank Group Corp.)
Inventors
Gruzman, David, Ben-Itzhak, Yuval
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US12/814,584
Publication Number

US 20100251373A1
Time in Patent Office

645 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/562   Static detection

G06F 2221/2129   Authenticate client device ...

G06F 2221/2147   Locking files

System and method for inspecting dynamically generated executable code

First Claim

7 Assignments

Litigations

7 Petitions

Accused Products

Abstract

61 Citations

12 Claims

Specification

10 Family Members

Thank you for your feedback