BRPI0607420A2 - sistemas e métodos para verificar confiança de arquivos executáveis - Google Patents

sistemas e métodos para verificar confiança de arquivos executáveis

Info

Publication number
BRPI0607420A2
BRPI0607420A2 BRPI0607420-0A BRPI0607420A BRPI0607420A2 BR PI0607420 A2 BRPI0607420 A2 BR PI0607420A2 BR PI0607420 A BRPI0607420 A BR PI0607420A BR PI0607420 A2 BRPI0607420 A2 BR PI0607420A2
Authority
BR
Brazil
Prior art keywords
executable file
systems
methods
malware
trust
Prior art date
Application number
BRPI0607420-0A
Other languages
English (en)
Inventor
Kenneth D Ray
Paul England
Scott A Field
Jonathan D Schwartz
Michael Kramer
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of BRPI0607420A2 publication Critical patent/BRPI0607420A2/pt

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

SISTEMAS E MéTODOS PARA VERIFICAR CONFIANçA DE ARQUIVOS EXECUTáVEIS. Sistemas e métodos para validar a integridade de um arquivo executável são descritos. Em um aspecto, os sistemas e métodos determinam que um arquivo executável está sendo introduzido em uma trajetória de execução. O arquivo executável é depois automaticamente avaliado em vista de múltiplas verificações de malware para detectar se o arquivo executável representa um tipo de malware. Se o arquivo executável representar um tipo de malware, uma trajetória de proteção é implementada.
BRPI0607420-0A 2005-04-07 2006-04-06 sistemas e métodos para verificar confiança de arquivos executáveis BRPI0607420A2 (pt)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/100,770 US7490352B2 (en) 2005-04-07 2005-04-07 Systems and methods for verifying trust of executable files
PCT/US2006/013006 WO2006110521A2 (en) 2005-04-07 2006-04-06 Systems and methods for verifying trust of executable files

Publications (1)

Publication Number Publication Date
BRPI0607420A2 true BRPI0607420A2 (pt) 2009-09-08

Family

ID=37084554

Family Applications (1)

Application Number Title Priority Date Filing Date
BRPI0607420-0A BRPI0607420A2 (pt) 2005-04-07 2006-04-06 sistemas e métodos para verificar confiança de arquivos executáveis

Country Status (7)

Country Link
US (1) US7490352B2 (pt)
KR (1) KR101247022B1 (pt)
CN (1) CN101137963B (pt)
AU (1) AU2006235153B2 (pt)
BR (1) BRPI0607420A2 (pt)
IL (1) IL184881A (pt)
WO (1) WO2006110521A2 (pt)

Families Citing this family (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2004220645C1 (en) * 2003-03-10 2010-11-18 Mudalla Technology, Inc. Dynamic configuration of a gaming system
US7577848B2 (en) * 2005-01-18 2009-08-18 Microsoft Corporation Systems and methods for validating executable file integrity using partial image hashes
US8060860B2 (en) * 2005-04-22 2011-11-15 Apple Inc. Security methods and systems
CA2606981C (en) * 2005-05-05 2016-09-06 Certicom Corp. Retrofitting authentication onto firmware
GB2427048A (en) 2005-06-09 2006-12-13 Avecho Group Ltd Detection of unwanted code or data in electronic mail
US8161548B1 (en) 2005-08-15 2012-04-17 Trend Micro, Inc. Malware detection using pattern classification
US8705739B2 (en) * 2005-08-29 2014-04-22 Wms Gaming Inc. On-the-fly encryption on a gaming machine
US7788730B2 (en) * 2006-01-17 2010-08-31 International Business Machines Corporation Secure bytecode instrumentation facility
US7840958B1 (en) * 2006-02-17 2010-11-23 Trend Micro, Inc. Preventing spyware installation
US8201243B2 (en) * 2006-04-20 2012-06-12 Webroot Inc. Backwards researching activity indicative of pestware
US8888585B1 (en) * 2006-05-10 2014-11-18 Mcafee, Inc. Game console system, method and computer program product with anti-malware/spyware and parental control capabilities
US7877806B2 (en) * 2006-07-28 2011-01-25 Symantec Corporation Real time malicious software detection
US8190868B2 (en) 2006-08-07 2012-05-29 Webroot Inc. Malware management through kernel detection
US8065664B2 (en) * 2006-08-07 2011-11-22 Webroot Software, Inc. System and method for defining and detecting pestware
US9729513B2 (en) 2007-11-08 2017-08-08 Glasswall (Ip) Limited Using multiple layers of policy management to manage risk
EP1990724A1 (en) * 2007-05-09 2008-11-12 Telefonaktiebolaget LM Ericsson (publ) Method for locating resource leaks during software development
US20090094459A1 (en) * 2007-10-09 2009-04-09 Schneider Jerome L Method and system for associating one or more pestware-related indications with a file on a computer-readable storage medium of a computer
US20100023613A1 (en) * 2007-11-12 2010-01-28 Fujitsu Network Communications, Inc. Managing Pluggable Modules Of A Network Element
US8196213B2 (en) * 2008-07-11 2012-06-05 Microsoft Corporation Verification of un-trusted code for consumption on an insecure device
US11489857B2 (en) 2009-04-21 2022-11-01 Webroot Inc. System and method for developing a risk profile for an internet resource
US8499349B1 (en) * 2009-04-22 2013-07-30 Trend Micro, Inc. Detection and restoration of files patched by malware
US8589698B2 (en) * 2009-05-15 2013-11-19 International Business Machines Corporation Integrity service using regenerated trust integrity gather program
US8745743B2 (en) * 2009-06-09 2014-06-03 F-Secure Oyj Anti-virus trusted files database
KR101043299B1 (ko) * 2009-07-21 2011-06-22 (주) 세인트 시큐리티 악성 코드 탐지 방법, 시스템 및 컴퓨터 판독 가능한 저장매체
US8839421B2 (en) * 2009-08-31 2014-09-16 Blackberry Limited System and method for controlling applications to mitigate the effects of malicious software
KR101671795B1 (ko) * 2010-01-18 2016-11-03 삼성전자주식회사 동적 링크 라이브러리 삽입 공격을 방지하는 컴퓨터 시스템 및 방법
KR101138748B1 (ko) * 2010-01-22 2012-04-24 주식회사 안철수연구소 악성 코드 차단 장치, 시스템 및 방법
US8769373B2 (en) 2010-03-22 2014-07-01 Cleon L. Rogers, JR. Method of identifying and protecting the integrity of a set of source data
US9213838B2 (en) * 2011-05-13 2015-12-15 Mcafee Ireland Holdings Limited Systems and methods of processing data associated with detection and/or handling of malware
US9721101B2 (en) * 2013-06-24 2017-08-01 Red Hat, Inc. System wide root of trust chaining via signed applications
US8904189B1 (en) * 2010-07-15 2014-12-02 The Research Foundation For The State University Of New York System and method for validating program execution at run-time using control flow signatures
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
RU2444056C1 (ru) 2010-11-01 2012-02-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ ускорения решения проблем за счет накопления статистической информации
US20120167218A1 (en) * 2010-12-23 2012-06-28 Rajesh Poornachandran Signature-independent, system behavior-based malware detection
US20120272320A1 (en) * 2011-04-25 2012-10-25 Verizon Patent And Licensing Inc. Method and system for providing mobile device scanning
US20120331303A1 (en) * 2011-06-23 2012-12-27 Andersson Jonathan E Method and system for preventing execution of malware
CN102279812B (zh) * 2011-08-08 2013-12-25 宇龙计算机通信科技(深圳)有限公司 数据保护方法和终端
US9143530B2 (en) 2011-10-11 2015-09-22 Citrix Systems, Inc. Secure container for protecting enterprise data on a mobile device
US20140032733A1 (en) 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US9280377B2 (en) 2013-03-29 2016-03-08 Citrix Systems, Inc. Application with multiple operation modes
US9215225B2 (en) 2013-03-29 2015-12-15 Citrix Systems, Inc. Mobile device locking with context
US8769693B2 (en) * 2012-01-16 2014-07-01 Microsoft Corporation Trusted installation of a software application
US9734333B2 (en) * 2012-04-17 2017-08-15 Heat Software Usa Inc. Information security techniques including detection, interdiction and/or mitigation of memory injection attacks
US9349011B2 (en) * 2012-05-16 2016-05-24 Fisher-Rosemount Systems, Inc. Methods and apparatus to identify a degradation of integrity of a process control system
CN103425928B (zh) * 2012-05-17 2017-11-24 富泰华工业(深圳)有限公司 电子装置的杀毒***及方法
US9063721B2 (en) 2012-09-14 2015-06-23 The Research Foundation For The State University Of New York Continuous run-time validation of program execution: a practical approach
CN102890758B (zh) * 2012-10-11 2014-12-17 北京深思洛克软件技术股份有限公司 一种保护可执行文件的方法及***
US9053340B2 (en) 2012-10-12 2015-06-09 Citrix Systems, Inc. Enterprise application store for an orchestration framework for connected devices
US9774658B2 (en) 2012-10-12 2017-09-26 Citrix Systems, Inc. Orchestration framework for connected devices
US9516022B2 (en) 2012-10-14 2016-12-06 Getgo, Inc. Automated meeting room
US8910239B2 (en) 2012-10-15 2014-12-09 Citrix Systems, Inc. Providing virtualized private network tunnels
US20140109176A1 (en) 2012-10-15 2014-04-17 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
WO2014062804A1 (en) 2012-10-16 2014-04-24 Citrix Systems, Inc. Application wrapping for application management framework
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US20140108793A1 (en) 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
US9355223B2 (en) 2013-03-29 2016-05-31 Citrix Systems, Inc. Providing a managed browser
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US9369449B2 (en) 2013-03-29 2016-06-14 Citrix Systems, Inc. Providing an enterprise application store
US8850049B1 (en) 2013-03-29 2014-09-30 Citrix Systems, Inc. Providing mobile device management functionalities for a managed browser
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
US9270467B1 (en) * 2013-05-16 2016-02-23 Symantec Corporation Systems and methods for trust propagation of signed files across devices
CN103281325B (zh) * 2013-06-04 2018-03-02 北京奇虎科技有限公司 基于云安全的文件处理方法及装置
KR101498614B1 (ko) 2014-02-27 2015-03-04 한국전자통신연구원 악성코드 활동 차단 장치 및 방법
US9912690B2 (en) * 2014-04-08 2018-03-06 Capital One Financial Corporation System and method for malware detection using hashing techniques
EP3217309A4 (en) * 2014-11-07 2018-07-04 Suhjun Park Protective system, device, and method for protecting electronic communication device
US10169584B1 (en) * 2015-06-25 2019-01-01 Symantec Corporation Systems and methods for identifying non-malicious files on computing devices within organizations
US10055586B1 (en) 2015-06-29 2018-08-21 Symantec Corporation Systems and methods for determining the trustworthiness of files within organizations
US10586042B2 (en) * 2015-10-01 2020-03-10 Twistlock, Ltd. Profiling of container images and enforcing security policies respective thereof
US10943014B2 (en) 2015-10-01 2021-03-09 Twistlock, Ltd Profiling of spawned processes in container images and enforcing security policies respective thereof
US10693899B2 (en) * 2015-10-01 2020-06-23 Twistlock, Ltd. Traffic enforcement in containerized environments
US10599833B2 (en) 2015-10-01 2020-03-24 Twistlock, Ltd. Networking-based profiling of containers and security enforcement
US10706145B2 (en) 2015-10-01 2020-07-07 Twistlock, Ltd. Runtime detection of vulnerabilities in software containers
US10223534B2 (en) * 2015-10-15 2019-03-05 Twistlock, Ltd. Static detection of vulnerabilities in base images of software containers
US10664590B2 (en) * 2015-10-01 2020-05-26 Twistlock, Ltd. Filesystem action profiling of containers and security enforcement
US10567411B2 (en) 2015-10-01 2020-02-18 Twistlock, Ltd. Dynamically adapted traffic inspection and filtering in containerized environments
US10922418B2 (en) 2015-10-01 2021-02-16 Twistlock, Ltd. Runtime detection and mitigation of vulnerabilities in application software containers
US10778446B2 (en) * 2015-10-15 2020-09-15 Twistlock, Ltd. Detection of vulnerable root certificates in software containers
RU2606559C1 (ru) 2015-10-22 2017-01-10 Акционерное общество "Лаборатория Касперского" Система и способ оптимизации антивирусной проверки файлов
US9838405B1 (en) 2015-11-20 2017-12-05 Symantec Corporation Systems and methods for determining types of malware infections on computing devices
US10210331B2 (en) * 2015-12-24 2019-02-19 Mcafee, Llc Executing full logical paths for malware detection
US10003606B2 (en) 2016-03-30 2018-06-19 Symantec Corporation Systems and methods for detecting security threats
JP2017187963A (ja) * 2016-04-07 2017-10-12 ルネサスエレクトロニクス株式会社 電子機器およびシステム
US10091231B1 (en) 2016-09-15 2018-10-02 Symantec Corporation Systems and methods for detecting security blind spots
US10607010B2 (en) * 2016-09-30 2020-03-31 AVAST Software s.r.o. System and method using function length statistics to determine file similarity
US10542017B1 (en) 2016-10-13 2020-01-21 Symantec Corporation Systems and methods for personalizing security incident reports
US10922409B2 (en) * 2018-04-10 2021-02-16 Microsoft Technology Licensing, Llc Deep reinforcement learning technologies for detecting malware
CN110874467B (zh) * 2018-08-29 2023-05-02 阿里巴巴集团控股有限公司 信息处理方法、装置、***以及处理器、存储介质
US11537716B1 (en) * 2018-11-13 2022-12-27 F5, Inc. Methods for detecting changes to a firmware and devices thereof
CN109472148B (zh) * 2018-11-15 2021-04-02 百度在线网络技术(北京)有限公司 加载热补丁的方法、装置和存储介质
US11288373B2 (en) * 2019-04-11 2022-03-29 Baidu Usa Llc Boot failure recovery scheme for hardware-based system of autonomous driving vehicles
RU2750628C2 (ru) * 2019-06-28 2021-06-30 Акционерное общество "Лаборатория Касперского" Система и способ определения уровня доверия файла
CN110611659B (zh) * 2019-08-21 2022-08-09 南瑞集团有限公司 一种电力监控***业务本质保护方法、装置及***
US20220374415A1 (en) * 2019-10-18 2022-11-24 Dover Microsystems, Inc. Systems and methods for updating metadata
CN111291371A (zh) * 2020-01-10 2020-06-16 北京深之度科技有限公司 一种应用程序安全验证方法及装置
US11954007B2 (en) 2022-04-20 2024-04-09 International Business Machines Corporation Tracking usage of common libraries by means of digitally signed digests thereof
CN117032727B (zh) * 2023-10-10 2024-02-09 腾讯科技(深圳)有限公司 基于区块链的文件编译方法、装置、设备、介质及产品

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
AU1206097A (en) * 1995-12-28 1997-07-28 Eyal Dotan Method for protecting executable software programs against infection by software viruses
US6006238A (en) * 1997-01-31 1999-12-21 Network Computing Devices, Inc. Method and apparatus for migrating/shadowing data between a server and its clients
US5956481A (en) * 1997-02-06 1999-09-21 Microsoft Corporation Method and apparatus for protecting data files on a computer from virus infection
WO2001053908A2 (en) * 2000-01-18 2001-07-26 Telcordia Technologies, Inc. Method and systems for identifying the existence of one or more unknown programs in a system
CA2424352A1 (en) * 2000-05-28 2001-12-06 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
GB2365158A (en) * 2000-07-28 2002-02-13 Content Technologies Ltd File analysis using byte distributions
US7748039B2 (en) * 2002-08-30 2010-06-29 Symantec Corporation Method and apparatus for detecting malicious code in an information handling system
US7552473B2 (en) * 2003-08-12 2009-06-23 Symantec Corporation Detecting and blocking drive sharing worms
US20060130144A1 (en) * 2004-12-14 2006-06-15 Delta Insights, Llc Protecting computing systems from unauthorized programs
US7577848B2 (en) 2005-01-18 2009-08-18 Microsoft Corporation Systems and methods for validating executable file integrity using partial image hashes

Also Published As

Publication number Publication date
KR20070119619A (ko) 2007-12-20
US20060230451A1 (en) 2006-10-12
WO2006110521A2 (en) 2006-10-19
IL184881A (en) 2012-05-31
US7490352B2 (en) 2009-02-10
IL184881A0 (en) 2007-12-03
AU2006235153B2 (en) 2011-02-24
AU2006235153A1 (en) 2006-10-19
CN101137963A (zh) 2008-03-05
WO2006110521A3 (en) 2007-10-25
CN101137963B (zh) 2010-05-26
KR101247022B1 (ko) 2013-03-25

Similar Documents

Publication Publication Date Title
BRPI0607420A2 (pt) sistemas e métodos para verificar confiança de arquivos executáveis
Pfoh et al. Nitro: Hardware-based system call tracing for virtual machines
Davi et al. ROPdefender: A detection tool to defend against return-oriented programming attacks
TWI791418B (zh) 用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品
RU2016109436A (ru) Селективное обеспечение соблюдения целостности кода, обеспечиваемое менеджером виртуальной машины
BRPI0402767A (pt) Detecção e conserto automáticos de arquivos vulneráveis
BR112016024774A2 (pt) sistema de criação de website implementável em um dispositivo de computação, e método implementável em um dispositivo de computação
EP4270875A3 (en) Security weakness and infiltration detection and repair in obfuscated website content
BRPI0708916A8 (pt) Descrição e enfileiramento de regiões discretas de armazenamento flash
BR112017014076A2 (pt) segurança para aplicativos móveis de pagamento.
BRPI0504665A (pt) lacre de distribuição eletrÈnica segura para sistema de manipulação de informação
BRPI0805676A2 (pt) sistema de configuração de máquina virtual
BR112017000062A2 (pt) tratamento de erro para arquivos trocados através de rede
BR112017003426A8 (pt) Fluxo de dados construído para processamento de evento intensificado
BR112013028501A2 (pt) aparelho e método para processamento de dados seguro baseado em hardware utilizando regras de faixa de endereço de memória de armazenamento temporário
ATE557346T1 (de) Vorrichtung und verfahren zur datensicherung
BR112013009440A2 (pt) método e dispositivo de análise de sistema de computador
CN105184118A (zh) 一种基于代码碎片化的Android应用程序加壳保护方法及装置
ATE523843T1 (de) Zirkuläre und bidirektionale spiegelung von flexiblen volumen
BR112014019186A8 (pt) sistemas e métodos para processamento de arquivo
WO2007002954A3 (en) Mechanism to evaluate a token enabled computer system
BR112015008995A2 (pt) aparelho para sistema de medição de eletrólitos
BR112017023699A2 (pt) métodos e sistemas para uso no monitoramento das operações de um negócio
WO2007123492A8 (en) Method of safeguarding against malicious software (malware)
Chen et al. HerQules: Securing programs via hardware-enforced message queues

Legal Events

Date Code Title Description
B25A Requested transfer of rights approved

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC (US)

B07A Application suspended after technical examination (opinion) [chapter 7.1 patent gazette]
B15K Others concerning applications: alteration of classification

Ipc: G06F 21/56 (2013.01), G06F 21/51 (2013.01)

B09B Patent application refused [chapter 9.2 patent gazette]
B12B Appeal against refusal [chapter 12.2 patent gazette]