WO2007069246A3 - System and method for inspecting dynamically generated executable code - Google Patents

System and method for inspecting dynamically generated executable code Download PDF

Info

Publication number
WO2007069246A3
WO2007069246A3 PCT/IL2006/001430 IL2006001430W WO2007069246A3 WO 2007069246 A3 WO2007069246 A3 WO 2007069246A3 IL 2006001430 W IL2006001430 W IL 2006001430W WO 2007069246 A3 WO2007069246 A3 WO 2007069246A3
Authority
WO
WIPO (PCT)
Prior art keywords
computer
input
client computer
content
security
Prior art date
Application number
PCT/IL2006/001430
Other languages
French (fr)
Other versions
WO2007069246A2 (en
Inventor
David Gruzman
Yuval Ben-Itzhak
Original Assignee
Finjan Software Ltd
David Gruzman
Yuval Ben-Itzhak
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=38141027&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2007069246(A3) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Finjan Software Ltd, David Gruzman, Yuval Ben-Itzhak filed Critical Finjan Software Ltd
Publication of WO2007069246A2 publication Critical patent/WO2007069246A2/en
Publication of WO2007069246A3 publication Critical patent/WO2007069246A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files

Abstract

A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from the security computer to the client computer, and invoking the original function at the client computer with the input, only if the indicator received from the security computer indicates that such invocation is safe. A system and a computer-readable storage medium are also described and claimed.
PCT/IL2006/001430 2005-12-12 2006-12-12 System and method for inspecting dynamically generated executable code WO2007069246A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/298,475 2005-12-12
US11/298,475 US7757289B2 (en) 2005-12-12 2005-12-12 System and method for inspecting dynamically generated executable code

Publications (2)

Publication Number Publication Date
WO2007069246A2 WO2007069246A2 (en) 2007-06-21
WO2007069246A3 true WO2007069246A3 (en) 2009-04-16

Family

ID=38141027

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2006/001430 WO2007069246A2 (en) 2005-12-12 2006-12-12 System and method for inspecting dynamically generated executable code

Country Status (2)

Country Link
US (2) US7757289B2 (en)
WO (1) WO2007069246A2 (en)

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US8078740B2 (en) 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US7930299B2 (en) 2005-11-30 2011-04-19 Finjan, Inc. System and method for appending security information to search engine results
US20120144485A9 (en) * 2005-12-12 2012-06-07 Finjan Software, Ltd. Computer security method and system with input parameter validation
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US8151352B1 (en) * 2006-07-14 2012-04-03 Bitdefender IPR Managament Ltd. Anti-malware emulation systems and methods
US8959647B2 (en) * 2007-02-27 2015-02-17 Microsoft Corporation Runtime security and exception handler protection
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US20090064337A1 (en) * 2007-09-05 2009-03-05 Shih-Wei Chien Method and apparatus for preventing web page attacks
US9686288B2 (en) * 2008-01-25 2017-06-20 Ntt Docomo, Inc. Method and apparatus for constructing security policies for web content instrumentation against browser-based attacks
US8839431B2 (en) * 2008-05-12 2014-09-16 Enpulz, L.L.C. Network browser based virus detection
KR101027928B1 (en) * 2008-07-23 2011-04-12 한국전자통신연구원 Apparatus and Method for detecting obfuscated web page
US8522200B2 (en) * 2008-08-28 2013-08-27 Microsoft Corporation Detouring in scripting systems
US8990116B2 (en) * 2008-10-07 2015-03-24 Mocana Corporation Preventing execution of tampered application code in a computer system
US20120137364A1 (en) * 2008-10-07 2012-05-31 Mocana Corporation Remote attestation of a mobile device
CN102224505B (en) * 2008-11-19 2014-06-04 安全工程有限公司 System and method for run-time attack prevention
US8287400B2 (en) * 2009-11-19 2012-10-16 Nike, Inc. Fairway wood-type golf clubs with high moment of inertia
US8479286B2 (en) * 2009-12-15 2013-07-02 Mcafee, Inc. Systems and methods for behavioral sandboxing
WO2011119137A1 (en) 2010-03-22 2011-09-29 Lrdc Systems, Llc A method of identifying and protecting the integrity of a set of source data
KR101083311B1 (en) * 2010-03-29 2011-11-15 한국전자통신연구원 System for detecting malicious script and method for detecting malicious script using the same
US10474811B2 (en) 2012-03-30 2019-11-12 Verisign, Inc. Systems and methods for detecting malicious code
US20200322364A1 (en) * 2012-10-02 2020-10-08 Mordecai Barkan Program verification and malware detection
US11121995B2 (en) 2013-07-25 2021-09-14 Mimecast Services Ltd. Encoding executable instructions and computational state in email headers
US11163898B2 (en) 2013-09-11 2021-11-02 Mimecast Services Ltd. Sharing artifacts in permission-protected archives
US10102374B1 (en) 2014-08-11 2018-10-16 Sentinel Labs Israel Ltd. Method of remediating a program and system thereof by undoing operations
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9641548B2 (en) * 2015-02-03 2017-05-02 F-Secure Corporation System and method for detecting and protecting against malicious
US10447720B1 (en) * 2015-03-12 2019-10-15 Symantec Corporation Systems and methods for performing application container introspection
US10769351B2 (en) * 2015-05-08 2020-09-08 Citrix Systems, Inc. Rendering based on a document object model
US9628419B2 (en) 2015-07-29 2017-04-18 Mimecast North America, Inc. System for annotation of electronic messages with contextual information
US10536449B2 (en) 2015-09-15 2020-01-14 Mimecast Services Ltd. User login credential warning system
US11595417B2 (en) 2015-09-15 2023-02-28 Mimecast Services Ltd. Systems and methods for mediating access to resources
CN105589922A (en) * 2015-11-05 2016-05-18 广州市动景计算机科技有限公司 Page display method, device and system and page display assisting method and device
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US10462171B2 (en) 2017-08-08 2019-10-29 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US10873589B2 (en) 2017-08-08 2020-12-22 Sonicwall Inc. Real-time prevention of malicious content via dynamic analysis
US11151252B2 (en) 2017-10-13 2021-10-19 Sonicwall Inc. Just in time memory analysis for malware detection
US10733290B2 (en) 2017-10-26 2020-08-04 Western Digital Technologies, Inc. Device-based anti-malware
US11736521B2 (en) 2017-11-06 2023-08-22 Mimecast Services Ltd. Systems and methods for detecting domain impersonation
US10685110B2 (en) 2017-12-29 2020-06-16 Sonicwall Inc. Detection of exploitative program code
US11119632B2 (en) 2018-01-03 2021-09-14 Mimecast Services Ltd. Systems and methods for proactive analysis of artifacts associated with information resources
US11347871B2 (en) * 2018-01-16 2022-05-31 International Business Machines Corporation Dynamic cybersecurity protection mechanism for data storage devices
US10902122B2 (en) 2018-01-31 2021-01-26 Sonicwall Inc. Just in time memory analysis for malware detection
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
US11232201B2 (en) 2018-05-14 2022-01-25 Sonicwall Inc. Cloud based just in time memory analysis for malware detection
CN108959923B (en) * 2018-05-31 2022-05-17 深圳壹账通智能科技有限公司 Comprehensive security sensing method and device, computer equipment and storage medium
US11165581B2 (en) 2018-10-05 2021-11-02 Mimecast Services Ltd. System for improved identification and authentication
US11032275B2 (en) 2018-10-05 2021-06-08 Mimecast Services Ltd. System for improved identification and authentication
US11095667B2 (en) 2019-02-14 2021-08-17 Forcepoint Llc Session-based recording of association of activities
EP3973427A4 (en) 2019-05-20 2023-06-21 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US11880719B2 (en) * 2022-01-20 2024-01-23 Dell Products L.P. Trust-aware and adaptive system to aid virtual/human intervention using an API-based mechanism
US20230359330A1 (en) * 2022-05-03 2023-11-09 Mimecast Services Ltd. Systems and methods for analysis of visually-selected information resources
CN117009252B (en) * 2023-10-07 2024-01-02 之江实验室 Fault injection testing method and device based on function replacement

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040158729A1 (en) * 2003-02-06 2004-08-12 Symantec Corporation Shell code blocking system and method
US6934857B1 (en) * 2000-11-27 2005-08-23 Networks Associates Technology, Inc. Security system and method for handheld computers
US20060015940A1 (en) * 2004-07-14 2006-01-19 Shay Zamir Method for detecting unwanted executables

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5359659A (en) * 1992-06-19 1994-10-25 Doren Rosenthal Method for securing software against corruption by computer viruses
US6167520A (en) 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US5974549A (en) * 1997-03-27 1999-10-26 Soliton Ltd. Security monitor
US5983348A (en) 1997-09-10 1999-11-09 Trend Micro Incorporated Computer network malicious code scanner
DE69924857T2 (en) * 1998-10-10 2006-03-02 Transitive Ltd., Hanging Ditch PROGRAM CODE CONVERSION
GB2353372B (en) * 1999-12-24 2001-08-22 F Secure Oyj Remote computer virus scanning
EP1360585A4 (en) * 2001-02-14 2008-04-30 Invicta Networks Inc Systems and methods for creating a code inspection system
US7313822B2 (en) * 2001-03-16 2007-12-25 Protegrity Corporation Application-layer security method and system
US7013483B2 (en) * 2003-01-03 2006-03-14 Aladdin Knowledge Systems Ltd. Method for emulating an executable code in order to detect maliciousness
US20040153644A1 (en) * 2003-02-05 2004-08-05 Mccorkendale Bruce Preventing execution of potentially malicious software
US6965968B1 (en) 2003-02-27 2005-11-15 Finjan Software Ltd. Policy-based caching
US20050108562A1 (en) * 2003-06-18 2005-05-19 Khazan Roger I. Technique for detecting executable malicious code using a combination of static and dynamic analyses
US8544096B2 (en) * 2003-12-30 2013-09-24 Emc Corporation On-access and on-demand distributed virus scanning
US7287279B2 (en) * 2004-10-01 2007-10-23 Webroot Software, Inc. System and method for locating malware
US7536542B2 (en) * 2005-01-19 2009-05-19 Microsoft Corporation Method and system for intercepting, analyzing, and modifying interactions between a transport client and a transport provider
US7836504B2 (en) * 2005-03-01 2010-11-16 Microsoft Corporation On-access scan of memory for malware
US7739682B1 (en) * 2005-03-24 2010-06-15 The Weather Channel, Inc. Systems and methods for selectively blocking application installation
US8225392B2 (en) * 2005-07-15 2012-07-17 Microsoft Corporation Immunizing HTML browsers and extensions from known vulnerabilities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6934857B1 (en) * 2000-11-27 2005-08-23 Networks Associates Technology, Inc. Security system and method for handheld computers
US20040158729A1 (en) * 2003-02-06 2004-08-12 Symantec Corporation Shell code blocking system and method
US20060015940A1 (en) * 2004-07-14 2006-01-19 Shay Zamir Method for detecting unwanted executables

Also Published As

Publication number Publication date
US8141154B2 (en) 2012-03-20
US7757289B2 (en) 2010-07-13
US20070136811A1 (en) 2007-06-14
WO2007069246A2 (en) 2007-06-21
US20100251373A1 (en) 2010-09-30

Similar Documents

Publication Publication Date Title
WO2007069246A3 (en) System and method for inspecting dynamically generated executable code
US10210329B1 (en) Method to detect application execution hijacking using memory protection
US9594912B1 (en) Return-oriented programming detection
WO2007094942A3 (en) Dynamic threat event management system and method
US8037536B2 (en) Risk scoring system for the prevention of malware
US8955121B2 (en) System, method, and computer program product for dynamically adjusting a level of security applied to a system
WO2007061671A3 (en) Systems and methods for detecting and disabling malicious script code
US20150106929A1 (en) System and method for attack and malware prevention
US10318730B2 (en) Detection and prevention of malicious code execution using risk scoring
CN109558734B (en) Stack security detection method and device and mobile device
CN103020520B (en) Enterprise-based document security detection method and system
AU2010306623B2 (en) Detecting and responding to malware using link files
US7607173B1 (en) Method and apparatus for preventing rootkit installation
US8505102B1 (en) Detecting undesirable content
WO2006090392A3 (en) System and method for detecting and mitigating dns spoofing trojans
AU6227698A (en) Method and system for preventing the downloading and execution of executable objects
US20110197281A1 (en) Systems and methods for malware detection
WO2010000965A3 (en) Method and device for protecting the integrity of data transmitted over a network
GB0517303D0 (en) System and method for processing secure transmissions
WO2006063003A3 (en) Network and application attack protection based on application layer message inspection
WO2011139302A3 (en) Steganographic messaging system using code invariants
RU2008142138A (en) PROTECTION AGAINST USE OF VULNERABILITY OF THE SOFTWARE
US9294493B2 (en) Computer security method and system with input parameter validation
TW200607288A (en) Program, computer, and data processing method
US7975298B1 (en) System, method and computer program product for remote rootkit detection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06832232

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)