Systems and methods of risk based rules for application control
Abstract
In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.
Claims
exact text as granted — not AI-modified1 . An agent comprising:
a monitor module configured to monitor a device for an instruction to execute a legitimate application; an application identification module configured to identify one or more attributes of the legitimate application; a vulnerability module configured to retrieve risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application; a rules database for storing a rule associated with the risk information.
2 . The agent of claim 1 , further comprising a rule module configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.
3 . The agent of claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises blocking the legitimate application from executing based on the rule.
4 . The agent of claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule.
5 . The agent of claim 2 , wherein the rule module configured to control the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule but blocking some functionality of the legitimate application from executing based on the rule.
6 . The agent of claim 2 , wherein the monitor module configured to monitor the device for an instruction to execute the legitimate application comprises the monitor module intercepting instructions being provided to or from an operating system of the device.
7 . The agent of claim 2 , wherein the attribute is an application identifier.
8 . The agent of claim 2 , wherein the attribute is an application version identifier.
9 . The agent of claim 2 , wherein the rule comprises an instruction to block all or part of the execution of the legitimate application if risk information indicates, at least in part, that a vulnerability associated with the legitimate application was publicly disclosed before a predetermined date.
10 . The agent of claim 9 , wherein the predetermined date is calculated as occurring at a period of time before a current date.
11 . A method comprising:
monitoring a device for an instruction to execute a legitimate application; identifying one or more attributes of the legitimate application; retrieving risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application; storing a rule associated with the risk information; retrieving the rule from the rule database based on the risk information; and controlling the legitimate application based on the rule.
12 . The method of claim 11 , wherein controlling the legitimate application based on the rule comprises blocking the legitimate application from executing based on the rule.
13 . The method of claim 11 , wherein controlling the legitimate the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule.
14 . The method of claim 11 , wherein controlling the legitimate the legitimate application based on the rule comprises allowing the legitimate application to execute based on the rule but blocking some functionality of the legitimate application from executing based on the rule.
15 . The method of claim 11 , wherein monitoring the device for an instruction to execute the legitimate application comprises intercepting instructions being provided to or from an operating system of the device.
16 . The method of claim 11 , wherein the attribute is an application identifier.
17 . The method of claim 11 , wherein the attribute is an application version identifier.
18 . The method of claim 11 , wherein the rule comprises an instruction to block all or part of the execution of the legitimate application if risk information indicates, at least in part, that a vulnerability associated with the legitimate application was publicly disclosed before a predetermined date.
19 . The method of claim 18 , wherein the predetermined date is calculated as occurring at a period of time before a current date.
20 . A non-transitory computer readable medium comprising instructions executable by a processor to perform a method, the method comprising:
monitoring a device for an instruction to execute a legitimate application; identifying one or more attributes of the legitimate application; retrieving risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application; storing a rule associated with the risk information; retrieving the rule from the rule database based on the risk information; and controlling the legitimate application based on the rule.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.