公开(公告)号：US08453243B2

公开(公告)日：2013-05-28

申请号：US11319678

申请日：2005-12-28

Applicant: Rajesh Kumar Sharma ,  Winping Lo ,  Joseph Papa

Inventor： Rajesh Kumar Sharma ,  Winping Lo ,  Joseph Papa

IPC: H04L29/06

CPC classification number: G06F21/51 ,  G06F21/54 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60

Abstract: A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.

公开(公告)号：US20070150956A1

公开(公告)日：2007-06-28

申请号：US11319678

申请日：2005-12-28

Applicant: Rajesh Sharma ,  Winping Lo ,  Joseph Papa

Inventor： Rajesh Sharma ,  Winping Lo ,  Joseph Papa

IPC: G06F12/14

CPC classification number: G06F21/51 ,  G06F21/54 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60

Abstract: A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.

Abstract translation: 在对不同类型的访问进行激活之前，信任软件可执行文件的系统和方法存在于机器上。 执行，网络和注册表。 系统检测添加到机器的新可执行文件以及已经被修改，移动，重命名或删除的先前存在的可执行文件。 在某些实施例中，系统将使用已修改或新添加的标志对文件进行标记。 一旦被标记，系统将截取用于执行，网络或注册表的特定类型的文件访问。 系统确定执行访问的文件是否被标记，并且可以基于所请求的访问来应用一个或多个策略。 在某些实施例中，系统截取文件系统或文件系统卷的I / O操作，并标记与该文件相关联的元数据。 例如，NT文件系统及其扩展属性和备用流可以用于实现系统。