US2016378994A1PendingUtilityA1

Systems and methods of risk based rules for application control

34
Assignee: BEYONDTRUST SOFTWARE INCPriority: Feb 25, 2013Filed: Sep 6, 2016Published: Dec 29, 2016
Est. expiryFeb 25, 2033(~6.6 yrs left)· nominal 20-yr term from priority
H04L 67/42G06F 21/577H04L 63/20G06F 21/554G06F 17/3023G06F 16/1873H04L 63/1433H04L 67/01
34
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.

Claims

exact text as granted — not AI-modified
1 . An agent comprising:
 a monitor module configured to monitor a device for an instruction to execute a legitimate application;   an application identification module configured to identify one or more attributes of the legitimate application;   a vulnerability module configured to retrieve risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application;   a rules database for storing a rule associated with the risk information.   
     
     
         2 . The agent of  claim 1 , further comprising a rule module configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule. 
     
     
         3 . The agent of  claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises blocking the legitimate application from executing based on the rule. 
     
     
         4 . The agent of  claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule. 
     
     
         5 . The agent of  claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule but blocking some functionality of the legitimate application from executing based on the rule. 
     
     
         6 . The agent of  claim 2 , wherein the monitor module configured to monitor the device for an instruction to execute the legitimate application comprises the monitor module intercepting instructions being provided to or from an operating system of the device. 
     
     
         7 . The agent of  claim 2 , wherein the attribute is an application identifier. 
     
     
         8 . The agent of  claim 2 , wherein the attribute is an application version identifier. 
     
     
         9 . The agent of  claim 2 , wherein the rule comprises an instruction to block all or part of the execution of the legitimate application if risk information indicates, at least in part, that a vulnerability associated with the legitimate application was publicly disclosed before a predetermined date. 
     
     
         10 . The agent of  claim 9 , wherein the predetermined date is calculated as occurring at a period of time before a current date. 
     
     
         11 . A method comprising:
 monitoring a device for an instruction to execute a legitimate application;   identifying one or more attributes of the legitimate application;   retrieving risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application;   storing a rule associated with the risk information;   retrieving the rule from the rule database based on the risk information; and   controlling the legitimate application based on the rule.   
     
     
         12 . The method of  claim 11 , wherein controlling the legitimate application based on the rule comprises blocking the legitimate application from executing based on the rule. 
     
     
         13 . The method of  claim 11 , wherein controlling the legitimate the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule. 
     
     
         14 . The method of  claim 11 , wherein controlling the legitimate the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule but blocking some functionality of the legitimate application from executing based on the rule. 
     
     
         15 . The method of  claim 11 , wherein monitoring the device for an instruction to execute the legitimate application comprises intercepting instructions being provided to or from an operating system of the device. 
     
     
         16 . The method of  claim 11 , wherein the attribute is an application identifier. 
     
     
         17 . The method of  claim 11 , wherein the attribute is an application version identifier. 
     
     
         18 . The method of  claim 11 , wherein the rule comprises an instruction to block all or part of the execution of the legitimate application if risk information indicates, at least in part, that a vulnerability associated with the legitimate application was publicly disclosed before a predetermined date. 
     
     
         19 . The method of  claim 18 , wherein the predetermined date is calculated as occurring at a period of time before a current date. 
     
     
         20 . A non-transitory computer readable medium comprising instructions executable by a processor to perform a method, the method comprising:
 monitoring a device for an instruction to execute a legitimate application;   identifying one or more attributes of the legitimate application;   retrieving risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application;   storing a rule associated with the risk information;   retrieving the rule from the rule database based on the risk information; and   controlling the legitimate application based on the rule.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.