US2021173922A1PendingUtilityA1
Method and system for preventing and detecting security threats
Est. expiryMar 30, 2032(~5.7 yrs left)· nominal 20-yr term from priority
Inventors:Ron Vandergeest
G06F 21/54G06F 21/55
74
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
Claims
exact text as granted — not AI-modified1 . An apparatus for increasing security of a computing device, that apparatus comprising:
at least one processor; at least one non-transitory memory device storing instructions thereon which, when executed by the at least one processor, cause the at least one processor to:
embed a first secured software agent within an OS kernel of the device, wherein the first secured software agent is one of plural secured software agents generated by diverse code portion combinations to thereby have the same functionality but be structurally and semantically different, and wherein the secured software agent is configured to limit access to the OS kernel to provide protection of applications and resources.
2 . The apparatus of claim 1 , wherein access to the OS kernel is limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request.
3 . The apparatus of claim 1 , wherein the instructions further case the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.
4 . The apparatus of claim 1 , wherein the instructions further cause the processor to:
detect an attack on the first secured software agent; analyze the attack; replace the first secured software agent with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent incorporates a new functionality designed to prevent the attack.
5 . The apparatus of claim 1 , wherein the secured software agent is configured to:
insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object; receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application; determine whether the request is a valid request; and limit access to the OS kernel based at least in part on a determination that the request is not a valid request.
6 . A secured software agents embedded within an OS kernel of the device for increasing security of a computing device, the secured software agent comprising code for causing the computing device to:
limit access to the OS kernel to provide protection of applications and resources; and wherein the secured software agent is one of multiple other secure software agents created from diverse code portion combinations to thereby have the same functionality but be structurally and semantically different from each other.
7 . The secured software agent of claim 6 , wherein access to the OS kernel is limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request.
8 . The secured software agent of claim 6 , wherein at least one of the other secured software agents is embedded in an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.
9 . The secured software agent of claim 5 , wherein the code causes the computing device to:
detect an attack on the first secured software agent; analyze the attack; replace the secured software agent with one of the other secured software agents, wherein the one of the other secured software agents incorporates a new functionality designed to prevent the attack.
10 . The secured software agent of claim 5 , wherein the code further causes the computing device to:
insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object; receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application; determine whether the request is a valid request; and limit access to the OS kernel based at least in part on a determination that the request is not a valid request.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.