US2012144485A9PendingUtilityA9

Computer security method and system with input parameter validation

39
Assignee: BEN-ITZHAK YUVALPriority: Dec 12, 2005Filed: Jul 16, 2008Published: Jun 7, 2012
Est. expiryDec 12, 2025(expired)· nominal 20-yr term from priority
H04L 63/1425H04L 63/1416G06F 21/54
39
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.

Claims

exact text as granted — not AI-modified
1 . A method for handling suspicious downloadables, comprising:
 receiving a downloadable;   scanning the downloadable to identify suspicious computer operations therein; and   if at least one suspicious computer operation is identified, then:
 overwriting the suspicious computer operations with substitute computer operations; and 
 appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions for validating input parameters for the suspicious computer operations during run-time of the downloadable. 
   
     
     
         2 . The method of  claim 1 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated. 
     
     
         3 . The method of  claim 2 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert. 
     
     
         4 . The method of  claim 2 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message. 
     
     
         5 . The method of  claim 1 , wherein the monitoring code further includes program instructions for replacing invalid input parameters with valid input parameters in the suspicious computer operations. 
     
     
         6 . The method of  claim 1 , further comprising executing the modified downloadable. 
     
     
         7 . The method of  claim 6 , wherein said executing comprises executing the modified downloadable in a secure environment. 
     
     
         8 . The method of  claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer. 
     
     
         9 . The method of  claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising preventing the downloadable from executing on the destination computer if said validating fails. 
     
     
         10 . The method of  claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising consulting a security policy to determine whether to forward the downloadable to the destination computer if said validating fails. 
     
     
         11 . The method of  claim 1 , wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations. 
     
     
         12 . The method of  claim 1 , wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations. 
     
     
         13 . The method of  claim 1 , wherein said scanning comprises accessing a dictionary of suspicious computer operations. 
     
     
         14 . The method of  claim 1 , wherein said validating comprises accessing a dictionary of valid input parameters. 
     
     
         15 . The method of  claim 1 , wherein said validating comprises accessing a dictionary of invalid input parameters. 
     
     
         16 . The method of  claim 1 , wherein the downloadable is JavaScript program code. 
     
     
         17 . The method of  claim 1 , wherein the downloadable is VBScript program code. 
     
     
         18 . The method of  claim 1 , wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom. 
     
     
         19 . The method of  claim 1 , wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom. 
     
     
         20 . A computer security system, comprising:
 a receiver for receiving a downloadable;   a scanner, coupled with said receiver, for scanning the downloadable to identify suspicious computer operations therein;   a code modifier, coupled with said scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by said scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by said scanner; and   a processor, coupled with said code modifier, for executing programmed instructions,   
       wherein the monitoring program code includes program instructions for said processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. 
     
     
         21 . The security system of  claim 20 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated. 
     
     
         22 . The security system of  claim 21 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert. 
     
     
         23 . The security system of  claim 21 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message. 
     
     
         24 . The security system of  claim 20 , wherein the monitoring code further includes program instructions for said processor to replace invalid input parameters with valid input parameters in the suspicious computer operations. 
     
     
         25 . The security system of  claim 20 , wherein said processor executes the modified downloadable. 
     
     
         26 . The security system of  claim 25 , wherein said processor executes the modified downloadable in a secure environment. 
     
     
         27 . The security system of  claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer. 
     
     
         28 . The security system of  claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor prevents the downloadable from executing on the destination computer if said processor fails to validate the input parameters. 
     
     
         29 . The security system of  claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor consults a security policy to determine whether to forward the downloadable to the destination computer if said validating fails. 
     
     
         30 . The security system of  claim 20 , wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations. 
     
     
         31 . The security system of  claim 20 , wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations. 
     
     
         32 . The security system of  claim 20 , wherein said scanner accesses a dictionary of suspicious computer operations. 
     
     
         33 . The security system of  claim 20 , wherein the monitoring program code includes program instructions for said processor to access a dictionary of valid input parameters. 
     
     
         34 . The security system of  claim 20 , wherein the monitoring program code includes program instructions for said processor to access a dictionary of invalid input parameters. 
     
     
         35 . The security system of  claim 20 , wherein the downloadable is JavaScript program code. 
     
     
         36 . The security system of  claim 20 , wherein the downloadable is VBScript program code. 
     
     
         37 . The security system of  claim 20 , wherein the downloadable is Flash object compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom. 
     
     
         38 . The security system of  claim 20 , wherein the downloadable is applet compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom. 
     
     
         39 . A method for handling suspicious downloadables, comprising:
 receiving a downloadable; and   appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions:
 for identifying suspicious computer operations during run-time of the downloadable; 
 for overwriting the suspicious computer operations with substitute computer operations during run-time of the downloadable; and 
 for validating input parameters for the suspicious operations during run-time of the downloadable. 
   
     
     
         40 . The method of  claim 39 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated. 
     
     
         41 . The method of  claim 39 , wherein said identifying suspicious computer operations comprises comparing computer operations in the downloadable with a list of pre-designated computer operations. 
     
     
         42 . The method of  claim 39 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer if said validating is successful. 
     
     
         43 . The method of  claim 39 , wherein the downloadable is JavaScript program code. 
     
     
         44 . The method of  claim 39 , wherein the downloadable is VBScript program code. 
     
     
         45 . The method of  claim 39 , wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom. 
     
     
         46 . The method of  claim 39 , wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom. 
     
     
         47 . A computer security system, comprising:
 a receiver for receiving a downloadable;   a code modifier, coupled with said scanner, for appending monitoring program code to the downloadable thereby generating a modified downloadable; and   a processor, coupled with said code modifier, for executing programmed instructions,   
       wherein the monitoring program code includes program instructions for said processor:
 to identify suspicious computer operations during run-time of the downloadable; 
 to overwrite the suspicious computer operations with substitute computer operations during run-time of the downloadable; and 
 to validate input parameters for the suspicious computer operations during run time of the downloadable. 
 
     
     
         48 . The security system of  claim 47 , wherein the substitute computer operations cause said processor to validate their input parameters, and to indicate if their input parameters are not successfully validated. 
     
     
         49 . The security system of  claim 47 , wherein the monitoring program code further includes program instructions for said processor to compare computer operations in the downloadable with a list of pre-designated computer operations. 
     
     
         50 . The computer security system of  claim 47 , wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer if said processor successfully validates the input parameters for the suspicious computer operations. 
     
     
         51 . The computer security system of  claim 47 , wherein the downloadable is JavaScript program code. 
     
     
         52 . The computer security system of  claim 47 , wherein the downloadable is VBScript program code. 
     
     
         53 . The computer security system of  claim 47 , wherein the downloadable is Flash object compiled program code, and further comprising a de-compiler for de-compiling the Flash object compiled program code to derive source code therefrom. 
     
     
         54 . The computer security system of  claim 47 , wherein the downloadable is applet program code, and further comprising a de-compiler for de-compiling the applet program code to derive source code therefrom. 
     
     
         55 . A method for handling suspicious downloadables, comprising:
 scanning a downloadable to detect the presence of at least one suspicious computer operation;   dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanning; and   determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.   
     
     
         56 . A computer security system, comprising:
 a scanner for scanning a downloadable to detect the presence of at least one suspicious computer operation; and   a processor that executes programmed instructions:
 for dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanner; and 
 for determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.