US2021279328A1PendingUtilityA1
Method and system for preventing and detecting security threats
Est. expiryMar 30, 2032(~5.7 yrs left)· nominal 20-yr term from priority
Inventors:Ron Vandergeest
G06F 21/54G06F 21/55
74
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.
Claims
exact text as granted — not AI-modified1 . A secured software agent embedded within an OS kernel of a device, the secured software agent being stored as computer readable instructions in a non-transient memory of the device, the device executing an operating system and application software, the computer readable code including instructions for causing the device to accomplish the following functions at runtime:
in response to a request, from a requesting process, to use a debug utility to debug a target process of an application, determine whether the requesting process has privileges to allow the debug utility to attach to the target process; and deny the debug request when the requesting process does not have privileges to allow the debug utility to attach to the target process.
2 . The secured software agent of claim 1 , wherein the request is received by the OS kernel and redirected to the secured software agent.
3 . The secured software agent of claim 2 , wherein the request is redirected to the secured software agent via a Linux Security Module (LSM) functionality.
4 . The secured software agent of claim 1 , wherein the function of determine whether the requesting process has privileges to allow the debug utility to attach to the target process comprises determining whether the target process has been integrity verified or is an OS kernel process and determining that the requesting does not have privileges to allow the debug utility to attach to the target process when the target process has been integrity verified or is an OS kernel process.
5 . The secured software agent of claim 1 , wherein the function of determine whether the requesting process has privileges to allow the debug utility to attach to the target process comprises determining a first ID associated with the requesting process, determining a second ID associated with the target process, and determining whether the first ID and the second ID are in a same ID group.
6 . The secured software agent of claim 5 , wherein the first ID is a user ID associated with the requesting process and the second ID is a user ID associated with the target process.
7 . The secured software agent of claim 1 , wherein the debug utility is a process tracing utility.
8 . The secured software agent of claim 1 , wherein the debug utility is a debug daemon.
9 . A method for controlling debug requests in a computing device, the device executing an operating system and application software:
in response to a request, from a requesting process, to use a debug utility to debug a target process of an application, determining at runtime, by a secured software agent embedded within an OS kernel of the device, whether the requesting process has privileges to allow the debug utility to attach to the target process; and denying the debug request when the requesting process does not have privileges to allow the debug utility to attach to the target process.
10 . The method of claim 9 , wherein the request is received by the OS kernel and redirected to the secured software agent.
11 . The method of claim 10 , wherein the request is redirected to the secured software agent via a Linux Security Module (LSM) functionality.
12 . The method of claim 9 , wherein the determining whether the requesting process has privileges to allow the debug utility to attach to the target process comprises determining whether the target process has been integrity verified or is an OS kernel process and determining that the requesting does not have privileges to allow the debug utility to attach to the target process when the target process has been integrity verified or is an OS kernel process.
13 . The method of claim 9 , wherein the determining whether the requesting process has privileges to allow the debug utility to attach to the target process comprises determining a first ID associated with the requesting process, determining a second ID associated with the target process, and determining whether the first ID and the second ID are in a same ID group.
14 . The method of claim 13 , wherein the first ID is a user ID associated with the requesting process and the second ID is a user ID associated with the target process.
15 . The method of claim 9 , wherein the debug utility is a process tracing utility.
16 . The method of claim 9 , wherein the debug utility is a debug daemon.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.