-
公开(公告)号:US10268816B2
公开(公告)日:2019-04-23
申请号:US15088015
申请日:2016-03-31
发明人: Md. Nazmus Sakib , Yogesh Mehta , Kinshumann Kinshumann , Vishal Agarwal , Giridharan Sridharan , Arnold Paul Pereira , Deskin Miller , Narendra Acharya
摘要: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.
-
公开(公告)号:US20160342790A1
公开(公告)日:2016-11-24
申请号:US15231394
申请日:2016-08-08
发明人: Hari Pulapaka , Nicholas S. Judge , Arun U. Kishan , James A. Schwartz, JR. , Kinshumann Kinshumann , David J. Linsley , Niraj V. Majmudar , Scott D. Anderson
CPC分类号: G06F21/56 , G06F21/50 , G06F21/51 , G06F21/52 , G06F21/55 , G06F21/57 , G06F21/575 , G06F2221/2105 , H04L63/0823 , H04L63/14
摘要: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificate pairs which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.
摘要翻译: 描述了防恶意软件进程保护技术。 在一个或多个实现中,启动反恶意软件进程。 至少部分地基于包含证书对的反恶意软件驱动程序验证反恶意软件进程,所述证书对包含来自已验证源的受信任证书签名的身份。 在防恶意软件进程被验证之后,防恶意软件进程可以被分配保护级别,并且可以防止管理用户改变反恶意软件进程。
-
公开(公告)号:US20170286664A1
公开(公告)日:2017-10-05
申请号:US15088015
申请日:2016-03-31
发明人: Nazmus Sakib , Yogesh Mehta , Kinshumann Kinshumann , Vishal Agarwal , Giridharan Sridharan , Arnold Paul Pereira , Deskin Miller , Narendra Acharya
CPC分类号: G06F21/44 , G06F21/45 , G06F21/62 , G06F21/629
摘要: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.
-
公开(公告)号:US11722566B2
公开(公告)日:2023-08-08
申请号:US17379106
申请日:2021-07-19
发明人: Scott R. Shell , Kinshumann Kinshumann , Thomas W. Caldwell , Jeffrey A. Sutherland , Jeffrey R. McKune , Deskin M. Miller , Scott D. Anderson , Md. Nazmus Sakib
CPC分类号: H04L67/1097 , H04L63/126 , H04L67/01 , H04L67/34 , H04L67/63
摘要: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.
-
公开(公告)号:US20220014587A1
公开(公告)日:2022-01-13
申请号:US17379106
申请日:2021-07-19
发明人: Scott R. Shell , Kinshumann Kinshumann , Thomas W. Caldwell , Jeffrey A. Sutherland , Jeffrey R. McKune , Deskin M. Miller , Scott D. Anderson , Md. Nazmus Sakib
摘要: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.
-
公开(公告)号:US10229272B2
公开(公告)日:2019-03-12
申请号:US15420694
申请日:2017-01-31
摘要: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, public/private key pairs of one of the security boundaries is generated or otherwise obtained. Private keys of the public/private key pairs are provided to the one security boundary, and the public keys of the public/private key pairs are provided to the boot measurement system.
-
公开(公告)号:US20170140152A1
公开(公告)日:2017-05-18
申请号:US15420694
申请日:2017-01-31
CPC分类号: G06F21/575 , G06F9/4406 , G06F21/44 , H04L9/0825 , H04L9/14 , H04L9/30 , H04L9/32 , H04L9/3234 , H04L9/3236 , H04L9/3247 , H04L2209/127
摘要: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, public/private key pairs of one of the security boundaries is generated or otherwise obtained. Private keys of the public/private key pairs are provided to the one security boundary, and the public keys of the public/private key pairs are provided to the boot measurement system.
-
公开(公告)号:US12069132B2
公开(公告)日:2024-08-20
申请号:US18346955
申请日:2023-07-05
发明人: Scott R Shell , Kinshumann Kinshumann , Thomas W. Caldwell , Jeffrey A. Sutherland , Jeffrey R. McKune , Deskin M. Miller , Scott D. Anderson , Md. Nazmus Sakib
CPC分类号: H04L67/1097 , H04L63/126 , H04L67/01 , H04L67/34 , H04L67/63
摘要: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.
-
公开(公告)号:US20180103097A1
公开(公告)日:2018-04-12
申请号:US15288586
申请日:2016-10-07
发明人: Scott R. Shell , Kinshumann Kinshumann , Thomas W. Caldwell , Jeffrey A. Sutherland , Jeffrey R. McKune , Deskin M. Miller , Scott D. Anderson , Md. Nazmus Sakib
CPC分类号: H04L67/1097 , H04L63/126 , H04L67/327 , H04L67/34 , H04L67/42
摘要: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.
-
公开(公告)号:US09836601B2
公开(公告)日:2017-12-05
申请号:US15231394
申请日:2016-08-08
发明人: Hari Pulapaka , Nicholas S. Judge , Arun U. Kishan , James A. Schwartz, Jr. , Kinshumann Kinshumann , David J. Linsley , Niraj V. Majmudar , Scott D. Anderson
CPC分类号: G06F21/56 , G06F21/50 , G06F21/51 , G06F21/52 , G06F21/55 , G06F21/57 , G06F21/575 , G06F2221/2105 , H04L63/0823 , H04L63/14
摘要: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificate pairs which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.021 秒)
