Recherche Images Maps Play YouTube Actualités Gmail Drive Plus »
Connexion
Les utilisateurs de lecteurs d'écran peuvent cliquer sur ce lien pour activer le mode d'accessibilité. Celui-ci propose les mêmes fonctionnalités principales, mais il est optimisé pour votre lecteur d'écran.

Brevets

  1. Recherche avancée dans les brevets
Numéro de publicationUS20080201777 A1
Type de publicationDemande
Numéro de demandeUS 12/111,678
Date de publication21 août 2008
Date de dépôt29 avr. 2008
Date de priorité2 mars 1998
Autre référence de publicationCA2321987A1, CN1299478A, EP1068566A1, US7383569, WO1999045454A1
Numéro de publication111678, 12111678, US 2008/0201777 A1, US 2008/201777 A1, US 20080201777 A1, US 20080201777A1, US 2008201777 A1, US 2008201777A1, US-A1-20080201777, US-A1-2008201777, US2008/0201777A1, US2008/201777A1, US20080201777 A1, US20080201777A1, US2008201777 A1, US2008201777A1
InventeursDoron Elgressy, Fabian Ben Aderet
Cessionnaire d'origineDoron Elgressy, Fabian Ben Aderet
Exporter la citationBiBTeX, EndNote, RefMan
Liens externes: USPTO, Cession USPTO, Espacenet
Method and Agent for the Protection Against the Unauthorized Use of Computer Resources
US 20080201777 A1
Résumé
Method and agent for preventing a hostile use of computer resources by an application running on a workstation. A list of services that are not allowed for access by unspecified applications is provided, and when such unspecified application runs on the workstation, the application is prevented from accessing any resource directly. Any direct or indirect request for access to specific services is analyzed, to determine whether such request is allowable according to the list. The workstation processes the request if it is allowable. The unspecified application is prevented from accessing the requested resource if the request is not allowable. The resource may be any local or remote resource, such as, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a permanent change in the workstation or its periphery.
Images(4)
Previous page
Next page
Revendications(29)
1. (canceled)
2. (canceled)
3. (canceled)
4. (canceled)
5. (canceled)
6. (canceled)
7. (canceled)
8. (canceled)
9. A method for preventing hostile use of computer resources by an application running on a workstation, comprising:
providing a filter on a workstation for receiving internal requests for computer resources resident on the workstation;
receiving at the filter a request for access from an application resident on the workstation, the request for access identifying a computer resource resident on the workstation,
determining if the request for access has exceeded a pre-set threshold identifying a limited number of processes that may be initiated by the application;
allowing access to the requested computer resource if the request for access has not exceeded the pre-set threshold; and
preventing access to the requested computer resource if the request for access has exceeded the pre-set threshold.
10. The method of claim 9, wherein the application from which the request for access is received comprises an unspecified application downloaded to the workstation from a source external to the workstation, the unspecified application not identifiable in a pre-set list of hostile applications.
11. The method of claim 9, wherein the requested computer resource is selected from the group consisting of a memory allocation, a file, and a directory.
12. The method of claim 9, wherein the requested computer resource is selected from the group consisting of a copy command, a delete command, and a compress command.
13. The method of claim 9, wherein the requested computer resource comprises an operation that when performed leads to a permanent change in the workstation.
14. The method of claim 9, wherein receiving the request comprises receiving a direct request generated by the unspecified application.
15. The method of claim 9, wherein receiving the request comprises receiving an indirect request generated by the unspecified application.
16. A workstation for preventing hostile use of computer resources by an application running on the workstation, comprising:
a memory operable to store one or more applications; and
a processor in communication with the memory and operable to:
in response to a received request for access, determine if the request has exceeded a pre-set threshold identifying a limited number of processes that may be initiated by an application;
allow access to the requested computer resource if the request for access has not exceeded the pre-set threshold; and
prevent access to the requested computer resource if the request for access has exceeded the pre-set threshold.
17. The workstation of claim 16, wherein at least one of the one or more applications comprise an unspecified application downloaded to the workstation from a source external to the workstation, the unspecified application not identifiable in a pre-set list of hostile applications.
18. The workstation of claim 16, wherein the requested computer resource is selected from the group consisting of a memory allocation, a file, and a directory.
19. The workstation of claim 16, wherein the requested computer resource is selected from the group consisting of a copy command, a delete command, and a compress command.
20. The workstation of claim 16, wherein the requested computer resource comprises an operation that when performed leads to a permanent change in the workstation.
21. The workstation of claim 16, wherein the request from the unspecified application comprises a direct request.
22. The workstation of claim 16, wherein the request from the unspecified application comprises an indirect request.
23. Logic for preventing hostile use of computer resources by an application running on a workstation, the logic encoded in media and operable when executed to:
provide a filter on a workstation for receiving internal requests for computer resources resident on the workstation;
receive at the filter a request for access from an application resident on the workstation, the request for access identifying a computer resource resident on the workstation,
determine if the request for access has exceeded a pre-set threshold identifying a limited number of processes that may be initiated by the application;
allow access to the requested computer resource if the request for access has not exceeded the pre-set threshold; and
prevent access to the requested computer resource if the request for access has exceeded the pre-set threshold.
24. The logic of claim 23, wherein the application from which the request for access is received comprises an unspecified application downloaded to the workstation from a source external to the workstation, the unspecified application not identifiable in a pre-set list of hostile applications.
25. The logic of claim 23, wherein the requested computer resource is selected from the group consisting of a memory allocation, a file, and a directory.
26. The logic of claim 23, wherein the requested computer resource is selected from the group consisting of a copy command, a delete command, and a compress command.
27. The logic of claim 23, wherein the requested computer resource comprises an operation that when performed leads to a permanent change in the workstation.
28. The logic of claim 23, wherein receiving the request comprises receiving a direct request generated by the unspecified application.
29. The logic of claim 23, wherein receiving the request comprises receiving an indirect request generated by the unspecified application.
Description
    CROSS-REFERENCE TO RELATED APPLICATION
  • [0001]
    This application is a divisional of U.S. patent application Ser. No. 09/622,959 filed Feb. 25, 1999, entitled Method and Agent for the Protection Against the Unauthorized Use of Computer Resources which claims priority to PCT/IL99/00113 filed Feb. 25, 1999 which claims priority to Israel Application 123512 filed Mar. 2, 1998.
  • TECHNICAL FIELD OF THE INVENTION
  • [0002]
    The present invention relates to the security management of computers. More particularly, the invention relates to a method and an agent for preventing the access to the use of computer resources by hostile applications.
  • BACKGROUND OF THE INVENTION
  • [0003]
    The Internet has developed very much both in respect of its contents and of the technology employed, since it began a few years ago. In the early days of the Internet, web sites included text only, and after a while graphics was introduced. As the Internet developed, many compressed standards, such as pictures, voice and video files, were developed and with them programs used to play them (called “players”). Initially, such files were downloaded to the user's workstation only upon his request, and extracted only by the appropriate player, and after a specific order from the user.
  • [0004]
    When, in the natural course of the development of the World Wide Web the search for a way to show nicer, interactive and animated Web Pages began, Sun Microsystems Inc. developed Java—a language that allows the webmaster to write a program, a list of commands—Network Executables—that will be downloaded to the user workstation most of the time without his knowledge, and executed by his browser at his workstation. The executables are used, e.g., to provide photographic animation and other graphics on the screen of the web surfer. Such executables have ways of approaching the user workstation's resources, which lead to a great security problem. Although some levels of security were defined in the Java language, it was very soon that a huge security hole was found in the language.
  • [0005]
    Since Java was developed, Microsoft developed ActiveX, which is another Network Executable format, also downloaded into the workstation. ActiveX has also security problems of the same kind.
  • [0006]
    The Internet has been flooded with “Network Executables” which may be downloaded—deliberately or without the knowledge of the users—into workstations within organizations. These codes generally contain harmless functions. Although usually safe, they may not meet the required security policy of the organization.
  • [0007]
    Once executed, codes may jam the network, cause considerable irreversible damage to the local database, workstations and servers, or result in unauthorized retrieval of information from the servers/workstations. Such elements may appear on Java applets, ActiveX components, DLLs and other object codes, and their use is increasing at an unparalleled pace. The majority of these small programs are downloaded into the organization unsolicited and uncontrolled. The enterprise has no way of knowing about their existence or execution and there is no system in place for early detection and prevention of the codes from being executed.
  • [0008]
    The problem is made worse, in some cases, by the existence of large intranets and LANs, which may also be used by unauthorized persons to access workstations and perform hostile activities thereon.
  • [0009]
    The security problem was solved partially by the browser manufactures which allow the user to disable the use of executables. Of course this is not a reasonable solution, since all the electronic commerce and advertising are based on the use of executables.
  • [0010]
    In three copending patent applications of the same applicants hereof, IL 120420, filed Mar. 10, 1997, IL 121815, filed Sep. 22, 1997, and IL 122314, filed Nov. 27, 1997, the descriptions of which are incorporated herein by reference, there are described methods and means for preventing undesirable Executable Objects from infiltrating the LAN/WAN in which we work and, ultimately, our workstation and server. IL 122314 further provides a method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation.
  • [0011]
    While much has been done in the abovementioned patent applications toward protecting the individual workstation, one problem yet remained unsolved: the hostile use of local resources by applications which have passed any earlier security check (e.g., a gateway security policy), because they did not contravene such security policy, or by applications which have not passed through an earlier check point (such as a gateway equipped with a security policy check, as described in the aforementioned Israeli patent applications), either because such earlier point of check is not available, or because the application has been loaded directly on the workstation. Such hostile use of CPU resources may lead to damage to the data, operation and hardware of the workstation and, under the conditions contemplated above, may go undetected until the damage is done.
  • [0012]
    It is an object of the present invention to provide a method and agent which overcomes the aforesaid drawbacks of prior art methods, and which provides effective protection at the workstation level.
  • [0013]
    It is another object of the present invention to provide a method and an agent which can be used effectively to prevent the hostile use of workstation resources by applications running on said workstation.
  • [0014]
    Other objects and advantages of the invention will become apparent as the description proceeds.
  • SUMMARY OF THE INVENTION
  • [0015]
    In one aspect, the invention is directed to a method for preventing an hostile use of computer resources by an application running on a workstation, comprising the steps of:
      • a) providing a list of services that are not allowed for access by unspecified applications;
      • b) when such unspecified application runs on the workstation, preventing said application from accessing any resource directly;
      • c) analyzing any direct or indirect request for access to specific services, to determine whether such request is allowable according to the list defined under a) above;
      • d) if the request is allowable, allowing the workstation to process it; and
      • e) if the request is not allowable, preventing the unspecified application from accessing the requested resource;
        wherein said resource may be any local or remote resource, including, but not limited to, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a change in the workstation or its periphery. Illustrative—but not limitative—examples of such operations include access to system files, configuration information, network communications, hardware equipment (floppy, modem, etc.), CMOS data (time, date, etc.), or the use of resources such as memory allocation, process creation, threads creation, use of excessive CPU time, use of excessive disk space, use of excessive network communication, and use of excessive graphical resources and use of system or application configuration.
  • [0021]
    According to a preferred embodiment of the invention the list of services is provided as a look-up table.
  • [0022]
    By “unspecified application” it is meant to indicate an application that is not specifically identified in a pre-set list of applications. According to a preferred embodiment of the invention, said pre-set list of applications includes a list of resources which each application may utilize.
  • [0023]
    In another aspect, the invention is directed to an agent for protecting a workstation against the hostile use of computer resources by an unspecified application running on said workstation, comprising:
      • a) means for detecting an unspecified application or a module of an application running on the workstation;
      • b) means for determining the requests for resources to be used by said unspecified application;
      • c) means for identifying chain requests for resources utilization, wherein said chain requests comprise requests made by resources called by said unspecified application;
      • d) means for determining whether requests made directly by said unspecified application are allowable;
      • e) means for determining whether requests made indirectly, as chain requests, by said unspecified application would be not allowable if made directly by said unspecified application; and
      • f) means for preventing said chain request from being processed, if it is determined that the request is not allowable, or that it would not be allowable if made directly by said unspecified application, and for allowing its processing if otherwise determined.
  • [0030]
    According to a preferred embodiment of the invention, the means for determining whether requests made directly or indirectly by said unspecified application are allowable comprise a look-up table including a list of services that are not allowed for access by unspecified applications. In another preferred embodiment of the invention, the agent comprises a pre-set list of applications including a list of resources that each application may utilize.
  • [0031]
    All the above and many other characteristics and advantages of the invention, will be better understood through the following illustrative and non-limitative examples of preferred embodiments thereof, with reference to the appended drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • [0032]
    FIG. 1 schematically illustrates different applications and their requests and related operations;
  • [0033]
    FIG. 2 schematically illustrates a detail of an illustrative application that will cause machine malfunctioning; and
  • [0034]
    FIG. 3 illustrates a situation in which indirect unallowable resource exploitation is attempted.
  • DETAILED DESCRIPTION OF THE INVENTION
  • [0035]
    Examples of such situations are exemplified in FIGS. 1-3. Referring to FIG. 1, three different applications are shown, marked APP1 through APP3. The process takes place at three different levels: the user mode (indicated by “U.M.”), the kernel mode (indicated by “K.M.”), and the hardware (indicated by “H.W.”). The three different modes are schematically separated in the figure by straight lines. The APP1, APP2 and APP3 applications operate in the user mode. APP1 is an “open file” I/O request. This request is passed on to the I/O manager, which, in turn, refers to the disk(s) to perform the required operation. A filter (indicated as “S7 Filter” in the figure) analyzes the request to determine whether it is permissible according to the security policy. If it is permissible, it is allowed to proceed to the I/O manager, which processes the request with the disk(s).
  • [0036]
    APP2, on the other hand, makes a request involving the network, i.e., and “open connection to the file server” request. The network manager is allowed to process this request only if the filter S7 has determined that it is permissible. Similarly, APP3 makes a memory allocation request, which is examined by the filter and, if permissible, is passed on to the memory manager and then acted upon in connection with the memory.
  • [0037]
    The operation of the various requests in the kernel mode and vis-a-vis the hardware, after the filter has examined and allowed them, is the same as with conventional operations in everyday computer, is well known to the skilled person, and therefore is not described herein in detail, for the sake of brevity.
  • [0038]
    Looking now at FIG. 2, a detail of an illustrative application that will cause machine malfunctioning is shown. In this example APP 1 generates 1000 requests to generate new processes. If the system of the invention is not present, the 1000 requests will be passed on to the CPU by the Process Manager, and will use all the resources of the CPU, thus holding the work of the machine. If the filter of the invention is present, however, it may be pre-set to allow the generation of only a limited number of processes by the same application. Therefore, if a number of new processes are requested by a single application, which exceeds the preset limit, the filter S7 will not allow it to pass on to the process manager, thus avoiding the exhaustion of the resources of the machine.
  • [0039]
    FIG. 3 illustrates a situation in which indirect unallowable resources exploitation is attempted. In this example APP 1 is of a type that is not allowed to send a request to the I/O Manager. If it attempts to do so, it is stopped by the S7 Filter, unless the request complies with the Security Policy preset with S7. APP1 may therefore be programmed so as to effect an interprocess communication, viz., to communicate its request to a further process, APPX, which is permitted to make the request that APP1 is not allowed to make, to the I/O/ Manager. In this case, the S7 filter between the User Mode and the Kernel Mode is bypassed. In order to prevent such an occurrence, a further filter S7 is located between all communicating processes, and stops any request that is passed on to one process to the other (in the example, from APP1 to APPX), and which the first process is not allowed to make directly.
  • [0040]
    Of course, as will be apparent to the skilled person, the filter S7 is not a physical filter, but rather a logical one. Logical filters of this kind can be provided in a plurality of ways, using many different analysis processes and criteria, which will be predetermined by the skilled person according to the particular requirements of the system involved.
  • [0041]
    All the above description and examples have therefore been provided for the purpose of illustration only, and are not intended to limit the invention in any way, except as defined by the appended claims.
Citations de brevets
Brevet cité Date de dépôt Date de publication Déposant Titre
US4574350 *19 mai 19824 mars 1986At&T Bell LaboratoriesShared resource locking apparatus
US4574360 *1 avr. 19834 mars 1986Sundstrand Data Control, Inc.Helicopter weight measuring system
US5032979 *22 juin 199016 juil. 1991International Business Machines CorporationDistributed security auditing subsystem for an operating system
US5062055 *29 mai 199029 oct. 1991Digital Equipment CorporationData processor performance advisor
US5097533 *29 nov. 198817 mars 1992International Business Machines CorporationSystem and method for interfacing computer application programs written in different languages to a software system
US5307497 *25 juin 199026 avr. 1994International Business Machines Corp.Disk operating system loadable from read only memory using installable file system interface
US5412717 *15 mai 19922 mai 1995Fischer; Addison M.Computer system security method and apparatus having program authorization information data structures
US5483658 *26 févr. 19939 janv. 1996Grube; Gary W.Detection of unauthorized use of software applications in processing devices
US5524242 *9 août 19914 juin 1996Hitachi, Ltd.System and method for determining the number of parallel processes to be created according to run cost value and parallelization overhead
US5559726 *6 sept. 199424 sept. 1996International Business Machines CorporationMethod and system for detecting whether a parameter is set appropriately in a computer system
US5630128 *9 août 199113 mai 1997International Business Machines CorporationControlled scheduling of program threads in a multitasking operating system
US5701463 *9 sept. 199423 déc. 1997Cheyenne Advanced Technology LimitedMethod of replacing the identity of a file with another as part of a file open request in a computer system
US5835765 *4 oct. 199510 nov. 1998Mitsubishi Denki Kabushiki KaishaComputer operation management system for a computer operating system capable of simultaneously executing plural application programs
US5859966 *10 oct. 199512 janv. 1999Data General CorporationSecurity system for computer systems
US5895966 *21 nov. 199720 avr. 1999Analog Devices, Inc.Integrated circuit and supply decoupling capacitor therefor
US5944821 *11 juil. 199631 août 1999Compaq Computer CorporationSecure software registration and integrity assessment in a computer system
US5961582 *25 oct. 19945 oct. 1999Acorn Technologies, Inc.Distributed and portable execution environment
US5964876 *12 nov. 199712 oct. 1999Mitsubishi Electric Semiconductor Software Co., Ltd.Program-invocation-count measuring system, program-invocation-count measuring method, and medium for storing program-invocation-count measuring software
US5968175 *23 juin 199719 oct. 1999Kabushiki Kaisha ToshibaSoftware use method control system
US5987523 *4 juin 199716 nov. 1999International Business Machines CorporationApplet redirection for controlled access to non-orginating hosts
US6092194 *6 nov. 199718 juil. 2000Finjan Software, Ltd.System and method for protecting a computer and a network from hostile downloadables
US6178449 *26 nov. 199723 janv. 2001International Business Machines CorporationApparatus and method for measuring transaction time in a computer system
US6212581 *22 janv. 19973 avr. 2001Openservice, Inc.Method and system for managing a group of computers
US6233576 *25 sept. 199515 mai 2001International Business Machines CorporationEnhanced security for computer system resources with a resource access authorization control facility that creates files and provides increased granularity of resource permission
US6438573 *9 oct. 199620 août 2002Iowa State University Research Foundation, Inc.Real-time programming method
US6449723 *30 oct. 199810 sept. 2002Computer Associates Think, Inc.Method and system for preventing the downloading and execution of executable objects
US6601083 *29 août 199629 juil. 2003Frederick John ReznakMultitasking data processing system and method of controlling allocation of a shared resource
US6845505 *3 févr. 199718 janv. 2005Oracle International CorporationWeb request broker controlling multiple processes
Citations hors brevets
Référence
1 *Dan et al, ChakraVyuha: A Sandbox Operating System Environment for Controlled Execution of Alien Code: IBM Research Report RC 20742 (2/20/97):
2 *Yue et al - Loop-Level Process Control: An Effective Processor Allocation Policy for Multiprogrammed Shared-Memory Multiprocessors, Workshop on Job Scheduling Strategies for Parallel Processing, IPPS, April, 1995.
Classifications
Classification aux États-Unis726/22
Classification internationaleG06F21/22, G06F1/00, G06F12/14, G06F21/00
Classification coopérativeG06F21/6281, G06F2221/2141
Classification européenneG06F21/62B9