Computer security method and system with input parameter validation
Abstract
A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.
Claims
exact text as granted — not AI-modified1 . A method for handling suspicious downloadables, comprising:
receiving a downloadable; scanning the downloadable to identify suspicious computer operations therein; and if at least one suspicious computer operation is identified, then:
overwriting the suspicious computer operations with substitute computer operations; and
appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions for validating input parameters for the suspicious computer operations during run-time of the downloadable.
2 . The method of claim 1 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
3 . The method of claim 2 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert.
4 . The method of claim 2 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message.
5 . The method of claim 1 , wherein the monitoring code further includes program instructions for replacing invalid input parameters with valid input parameters in the suspicious computer operations.
6 . The method of claim 1 , further comprising executing the modified downloadable.
7 . The method of claim 6 , wherein said executing comprises executing the modified downloadable in a secure environment.
8 . The method of claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer.
9 . The method of claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising preventing the downloadable from executing on the destination computer if said validating fails.
10 . The method of claim 1 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising consulting a security policy to determine whether to forward the downloadable to the destination computer if said validating fails.
11 . The method of claim 1 , wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations.
12 . The method of claim 1 , wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations.
13 . The method of claim 1 , wherein said scanning comprises accessing a dictionary of suspicious computer operations.
14 . The method of claim 1 , wherein said validating comprises accessing a dictionary of valid input parameters.
15 . The method of claim 1 , wherein said validating comprises accessing a dictionary of invalid input parameters.
16 . The method of claim 1 , wherein the downloadable is JavaScript program code.
17 . The method of claim 1 , wherein the downloadable is VBScript program code.
18 . The method of claim 1 , wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom.
19 . The method of claim 1 , wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom.
20 . A computer security system, comprising:
a receiver for receiving a downloadable; a scanner, coupled with said receiver, for scanning the downloadable to identify suspicious computer operations therein; a code modifier, coupled with said scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by said scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by said scanner; and a processor, coupled with said code modifier, for executing programmed instructions,
wherein the monitoring program code includes program instructions for said processor to validate input parameters for the suspicious computer operations during run-time of the downloadable.
21 . The security system of claim 20 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
22 . The security system of claim 21 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert.
23 . The security system of claim 21 , wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message.
24 . The security system of claim 20 , wherein the monitoring code further includes program instructions for said processor to replace invalid input parameters with valid input parameters in the suspicious computer operations.
25 . The security system of claim 20 , wherein said processor executes the modified downloadable.
26 . The security system of claim 25 , wherein said processor executes the modified downloadable in a secure environment.
27 . The security system of claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer.
28 . The security system of claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor prevents the downloadable from executing on the destination computer if said processor fails to validate the input parameters.
29 . The security system of claim 20 , wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor consults a security policy to determine whether to forward the downloadable to the destination computer if said validating fails.
30 . The security system of claim 20 , wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations.
31 . The security system of claim 20 , wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations.
32 . The security system of claim 20 , wherein said scanner accesses a dictionary of suspicious computer operations.
33 . The security system of claim 20 , wherein the monitoring program code includes program instructions for said processor to access a dictionary of valid input parameters.
34 . The security system of claim 20 , wherein the monitoring program code includes program instructions for said processor to access a dictionary of invalid input parameters.
35 . The security system of claim 20 , wherein the downloadable is JavaScript program code.
36 . The security system of claim 20 , wherein the downloadable is VBScript program code.
37 . The security system of claim 20 , wherein the downloadable is Flash object compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom.
38 . The security system of claim 20 , wherein the downloadable is applet compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom.
39 . A method for handling suspicious downloadables, comprising:
receiving a downloadable; and appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions:
for identifying suspicious computer operations during run-time of the downloadable;
for overwriting the suspicious computer operations with substitute computer operations during run-time of the downloadable; and
for validating input parameters for the suspicious operations during run-time of the downloadable.
40 . The method of claim 39 , wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
41 . The method of claim 39 , wherein said identifying suspicious computer operations comprises comparing computer operations in the downloadable with a list of pre-designated computer operations.
42 . The method of claim 39 , wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer if said validating is successful.
43 . The method of claim 39 , wherein the downloadable is JavaScript program code.
44 . The method of claim 39 , wherein the downloadable is VBScript program code.
45 . The method of claim 39 , wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom.
46 . The method of claim 39 , wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom.
47 . A computer security system, comprising:
a receiver for receiving a downloadable; a code modifier, coupled with said scanner, for appending monitoring program code to the downloadable thereby generating a modified downloadable; and a processor, coupled with said code modifier, for executing programmed instructions,
wherein the monitoring program code includes program instructions for said processor:
to identify suspicious computer operations during run-time of the downloadable;
to overwrite the suspicious computer operations with substitute computer operations during run-time of the downloadable; and
to validate input parameters for the suspicious computer operations during run time of the downloadable.
48 . The security system of claim 47 , wherein the substitute computer operations cause said processor to validate their input parameters, and to indicate if their input parameters are not successfully validated.
49 . The security system of claim 47 , wherein the monitoring program code further includes program instructions for said processor to compare computer operations in the downloadable with a list of pre-designated computer operations.
50 . The computer security system of claim 47 , wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer if said processor successfully validates the input parameters for the suspicious computer operations.
51 . The computer security system of claim 47 , wherein the downloadable is JavaScript program code.
52 . The computer security system of claim 47 , wherein the downloadable is VBScript program code.
53 . The computer security system of claim 47 , wherein the downloadable is Flash object compiled program code, and further comprising a de-compiler for de-compiling the Flash object compiled program code to derive source code therefrom.
54 . The computer security system of claim 47 , wherein the downloadable is applet program code, and further comprising a de-compiler for de-compiling the applet program code to derive source code therefrom.
55 . A method for handling suspicious downloadables, comprising:
scanning a downloadable to detect the presence of at least one suspicious computer operation; dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanning; and determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.
56 . A computer security system, comprising:
a scanner for scanning a downloadable to detect the presence of at least one suspicious computer operation; and a processor that executes programmed instructions:
for dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanner; and
for determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.