Bibliographische Detailangaben
| Titel: |
Malicious Mobile Code Runtime Monitoring System and Methods |
| Document Number: |
20160070907 |
| Publikationsdatum: |
March 10, 2016 |
| Appl. No: |
14/941911 |
| Application Filed: |
November 16, 2015 |
| Abstract: |
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts. |
| Assignees: |
Finjan, Inc. (East Palo Alto, CA, US) |
| Claim: |
1. A processor-based method, comprising: receiving, by a server, a file; detecting, by a code detector, whether the file includes one or more instances of executable code; generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; and receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code and the file into a sandboxed package, wherein the bundling does not alter the file. |
| Claim: |
2. The processor-based method of claim 1, further comprising: communicating the sandboxed package to a computing device. |
| Claim: |
3. The processor-based method of claim 1, further comprising: bundling, by the linking engine, at least one security policy, in the sandboxed package. |
| Claim: |
4. The processor-based method of claim 1, further comprising: unbundling the sandboxed package in the following order, mobile protection code first and file second. |
| Claim: |
5. The processor-based method of claim 3, further comprising: unbundling the sandboxed package in the following order, mobile protection code first, at least one security policy second and file third. |
| Claim: |
6. A processor-based method for monitoring for received executables, comprising: detecting, by a first processing device, a received executable; wrapping, by a server, the received executable with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file: the sandbox agent, a security policy related to the received executable and the received executable, and further wherein the bundling does not alter the separate code objects; and sending, by the server, the file to a second processing device. |
| Claim: |
7. The processor-based method of claim 6, further comprising: detecting, by a detector engine of the first processing device, the received executable when the received executable is determined to include an executable file type. |
| Claim: |
8. The processor-based method of claim 6, further comprising: detecting, by a detector engine of the first processing device, the received executable when the received executable is determined to include a code pattern indicative of an executable. |
| Claim: |
9. The processor-based method of claim 6, further comprising: unbundling the sandbox file in the following order at the second processing device, sandbox agent first, security policy second and received executable third. |
| Claim: |
10. A processor-based method, comprising: receiving, at a server, a file; detecting, by a detector engine, at least one received executable within the received file; wrapping, by the server, the received file with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file: the sandbox agent, a security policy related to the at least one received executable and the received file, and further wherein the bundling does not alter the separate code objects; and sending, by the server, the sandbox file to a processing device. |
| Claim: |
11. The processor-based method of claim 10, wherein the detector engine is a code detector. |
| Claim: |
12. The processor-based method of claim 11, further comprising: detecting by a file-type detector of the code detector that the received file is an executable file type. |
| Claim: |
13. The processor-based method of claim 11, further comprising: detecting, by a file-type detector of the code detector, that the received file is a compressed file type; opening, by an inflator of the code detector, the compressed received file into one or more open received files; and detecting, by the file-type detector, that one or more opened received files is an executable file type. |
| Claim: |
14. The processor-based method of claim 10, wherein the detector engine is a content detector. |
| Claim: |
15. The processor-based method of claim 14, comprising: parsing, by a parser of the detection engine, the received file into one or more portions; analyzing, by a pattern detector of the content detector, that the one or more portions of the received file include a code pattern indicating a received executable. |
| Claim: |
16. A computer-implemented method, comprising: receiving program code at a first computing device; detecting if the program code contains an executable file; forming a sandbox package including protection code and the program code if it contains an executable file; and sending the sandbox package to a second computing device. |
| Current International Class: |
06; 06 |
| Dokumentencode: |
edspap.20160070907 |
| Datenbank: |
USPTO Patent Applications |