WO2007069246A3 - System and method for inspecting dynamically generated executable code - Google Patents
System and method for inspecting dynamically generated executable code Download PDFInfo
- Publication number
- WO2007069246A3 WO2007069246A3 PCT/IL2006/001430 IL2006001430W WO2007069246A3 WO 2007069246 A3 WO2007069246 A3 WO 2007069246A3 IL 2006001430 W IL2006001430 W IL 2006001430W WO 2007069246 A3 WO2007069246 A3 WO 2007069246A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- input
- client computer
- content
- security
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2147—Locking files
Abstract
A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from the security computer to the client computer, and invoking the original function at the client computer with the input, only if the indicator received from the security computer indicates that such invocation is safe. A system and a computer-readable storage medium are also described and claimed.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/298,475 | 2005-12-12 | ||
US11/298,475 US7757289B2 (en) | 2005-12-12 | 2005-12-12 | System and method for inspecting dynamically generated executable code |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007069246A2 WO2007069246A2 (en) | 2007-06-21 |
WO2007069246A3 true WO2007069246A3 (en) | 2009-04-16 |
Family
ID=38141027
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2006/001430 WO2007069246A2 (en) | 2005-12-12 | 2006-12-12 | System and method for inspecting dynamically generated executable code |
Country Status (2)
Country | Link |
---|---|
US (2) | US7757289B2 (en) |
WO (1) | WO2007069246A2 (en) |
Families Citing this family (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US9219755B2 (en) | 1996-11-08 | 2015-12-22 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US7058822B2 (en) | 2000-03-30 | 2006-06-06 | Finjan Software, Ltd. | Malicious mobile code runtime monitoring system and methods |
US8078740B2 (en) | 2005-06-03 | 2011-12-13 | Microsoft Corporation | Running internet applications with low rights |
US7930299B2 (en) | 2005-11-30 | 2011-04-19 | Finjan, Inc. | System and method for appending security information to search engine results |
US20120144485A9 (en) * | 2005-12-12 | 2012-06-07 | Finjan Software, Ltd. | Computer security method and system with input parameter validation |
US8185737B2 (en) | 2006-06-23 | 2012-05-22 | Microsoft Corporation | Communication across domains |
US8151352B1 (en) * | 2006-07-14 | 2012-04-03 | Bitdefender IPR Managament Ltd. | Anti-malware emulation systems and methods |
US8959647B2 (en) * | 2007-02-27 | 2015-02-17 | Microsoft Corporation | Runtime security and exception handler protection |
US10019570B2 (en) | 2007-06-14 | 2018-07-10 | Microsoft Technology Licensing, Llc | Protection and communication abstractions for web browsers |
US20090064337A1 (en) * | 2007-09-05 | 2009-03-05 | Shih-Wei Chien | Method and apparatus for preventing web page attacks |
US9686288B2 (en) * | 2008-01-25 | 2017-06-20 | Ntt Docomo, Inc. | Method and apparatus for constructing security policies for web content instrumentation against browser-based attacks |
US8839431B2 (en) * | 2008-05-12 | 2014-09-16 | Enpulz, L.L.C. | Network browser based virus detection |
KR101027928B1 (en) * | 2008-07-23 | 2011-04-12 | 한국전자통신연구원 | Apparatus and Method for detecting obfuscated web page |
US8522200B2 (en) * | 2008-08-28 | 2013-08-27 | Microsoft Corporation | Detouring in scripting systems |
US8990116B2 (en) * | 2008-10-07 | 2015-03-24 | Mocana Corporation | Preventing execution of tampered application code in a computer system |
US20120137364A1 (en) * | 2008-10-07 | 2012-05-31 | Mocana Corporation | Remote attestation of a mobile device |
CN102224505B (en) * | 2008-11-19 | 2014-06-04 | 安全工程有限公司 | System and method for run-time attack prevention |
US8287400B2 (en) * | 2009-11-19 | 2012-10-16 | Nike, Inc. | Fairway wood-type golf clubs with high moment of inertia |
US8479286B2 (en) * | 2009-12-15 | 2013-07-02 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
WO2011119137A1 (en) | 2010-03-22 | 2011-09-29 | Lrdc Systems, Llc | A method of identifying and protecting the integrity of a set of source data |
KR101083311B1 (en) * | 2010-03-29 | 2011-11-15 | 한국전자통신연구원 | System for detecting malicious script and method for detecting malicious script using the same |
US10474811B2 (en) | 2012-03-30 | 2019-11-12 | Verisign, Inc. | Systems and methods for detecting malicious code |
US20200322364A1 (en) * | 2012-10-02 | 2020-10-08 | Mordecai Barkan | Program verification and malware detection |
US11121995B2 (en) | 2013-07-25 | 2021-09-14 | Mimecast Services Ltd. | Encoding executable instructions and computational state in email headers |
US11163898B2 (en) | 2013-09-11 | 2021-11-02 | Mimecast Services Ltd. | Sharing artifacts in permission-protected archives |
US10102374B1 (en) | 2014-08-11 | 2018-10-16 | Sentinel Labs Israel Ltd. | Method of remediating a program and system thereof by undoing operations |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US9641548B2 (en) * | 2015-02-03 | 2017-05-02 | F-Secure Corporation | System and method for detecting and protecting against malicious |
US10447720B1 (en) * | 2015-03-12 | 2019-10-15 | Symantec Corporation | Systems and methods for performing application container introspection |
US10769351B2 (en) * | 2015-05-08 | 2020-09-08 | Citrix Systems, Inc. | Rendering based on a document object model |
US9628419B2 (en) | 2015-07-29 | 2017-04-18 | Mimecast North America, Inc. | System for annotation of electronic messages with contextual information |
US10536449B2 (en) | 2015-09-15 | 2020-01-14 | Mimecast Services Ltd. | User login credential warning system |
US11595417B2 (en) | 2015-09-15 | 2023-02-28 | Mimecast Services Ltd. | Systems and methods for mediating access to resources |
CN105589922A (en) * | 2015-11-05 | 2016-05-18 | 广州市动景计算机科技有限公司 | Page display method, device and system and page display assisting method and device |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US10462171B2 (en) | 2017-08-08 | 2019-10-29 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US10873589B2 (en) | 2017-08-08 | 2020-12-22 | Sonicwall Inc. | Real-time prevention of malicious content via dynamic analysis |
US11151252B2 (en) | 2017-10-13 | 2021-10-19 | Sonicwall Inc. | Just in time memory analysis for malware detection |
US10733290B2 (en) | 2017-10-26 | 2020-08-04 | Western Digital Technologies, Inc. | Device-based anti-malware |
US11736521B2 (en) | 2017-11-06 | 2023-08-22 | Mimecast Services Ltd. | Systems and methods for detecting domain impersonation |
US10685110B2 (en) | 2017-12-29 | 2020-06-16 | Sonicwall Inc. | Detection of exploitative program code |
US11119632B2 (en) | 2018-01-03 | 2021-09-14 | Mimecast Services Ltd. | Systems and methods for proactive analysis of artifacts associated with information resources |
US11347871B2 (en) * | 2018-01-16 | 2022-05-31 | International Business Machines Corporation | Dynamic cybersecurity protection mechanism for data storage devices |
US10902122B2 (en) | 2018-01-31 | 2021-01-26 | Sonicwall Inc. | Just in time memory analysis for malware detection |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US11232201B2 (en) | 2018-05-14 | 2022-01-25 | Sonicwall Inc. | Cloud based just in time memory analysis for malware detection |
CN108959923B (en) * | 2018-05-31 | 2022-05-17 | 深圳壹账通智能科技有限公司 | Comprehensive security sensing method and device, computer equipment and storage medium |
US11165581B2 (en) | 2018-10-05 | 2021-11-02 | Mimecast Services Ltd. | System for improved identification and authentication |
US11032275B2 (en) | 2018-10-05 | 2021-06-08 | Mimecast Services Ltd. | System for improved identification and authentication |
US11095667B2 (en) | 2019-02-14 | 2021-08-17 | Forcepoint Llc | Session-based recording of association of activities |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
US11880719B2 (en) * | 2022-01-20 | 2024-01-23 | Dell Products L.P. | Trust-aware and adaptive system to aid virtual/human intervention using an API-based mechanism |
US20230359330A1 (en) * | 2022-05-03 | 2023-11-09 | Mimecast Services Ltd. | Systems and methods for analysis of visually-selected information resources |
CN117009252B (en) * | 2023-10-07 | 2024-01-02 | 之江实验室 | Fault injection testing method and device based on function replacement |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040158729A1 (en) * | 2003-02-06 | 2004-08-12 | Symantec Corporation | Shell code blocking system and method |
US6934857B1 (en) * | 2000-11-27 | 2005-08-23 | Networks Associates Technology, Inc. | Security system and method for handheld computers |
US20060015940A1 (en) * | 2004-07-14 | 2006-01-19 | Shay Zamir | Method for detecting unwanted executables |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
US6167520A (en) | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
US5974549A (en) * | 1997-03-27 | 1999-10-26 | Soliton Ltd. | Security monitor |
US5983348A (en) | 1997-09-10 | 1999-11-09 | Trend Micro Incorporated | Computer network malicious code scanner |
DE69924857T2 (en) * | 1998-10-10 | 2006-03-02 | Transitive Ltd., Hanging Ditch | PROGRAM CODE CONVERSION |
GB2353372B (en) * | 1999-12-24 | 2001-08-22 | F Secure Oyj | Remote computer virus scanning |
EP1360585A4 (en) * | 2001-02-14 | 2008-04-30 | Invicta Networks Inc | Systems and methods for creating a code inspection system |
US7313822B2 (en) * | 2001-03-16 | 2007-12-25 | Protegrity Corporation | Application-layer security method and system |
US7013483B2 (en) * | 2003-01-03 | 2006-03-14 | Aladdin Knowledge Systems Ltd. | Method for emulating an executable code in order to detect maliciousness |
US20040153644A1 (en) * | 2003-02-05 | 2004-08-05 | Mccorkendale Bruce | Preventing execution of potentially malicious software |
US6965968B1 (en) | 2003-02-27 | 2005-11-15 | Finjan Software Ltd. | Policy-based caching |
US20050108562A1 (en) * | 2003-06-18 | 2005-05-19 | Khazan Roger I. | Technique for detecting executable malicious code using a combination of static and dynamic analyses |
US8544096B2 (en) * | 2003-12-30 | 2013-09-24 | Emc Corporation | On-access and on-demand distributed virus scanning |
US7287279B2 (en) * | 2004-10-01 | 2007-10-23 | Webroot Software, Inc. | System and method for locating malware |
US7536542B2 (en) * | 2005-01-19 | 2009-05-19 | Microsoft Corporation | Method and system for intercepting, analyzing, and modifying interactions between a transport client and a transport provider |
US7836504B2 (en) * | 2005-03-01 | 2010-11-16 | Microsoft Corporation | On-access scan of memory for malware |
US7739682B1 (en) * | 2005-03-24 | 2010-06-15 | The Weather Channel, Inc. | Systems and methods for selectively blocking application installation |
US8225392B2 (en) * | 2005-07-15 | 2012-07-17 | Microsoft Corporation | Immunizing HTML browsers and extensions from known vulnerabilities |
-
2005
- 2005-12-12 US US11/298,475 patent/US7757289B2/en active Active
-
2006
- 2006-12-12 WO PCT/IL2006/001430 patent/WO2007069246A2/en active Search and Examination
-
2010
- 2010-06-14 US US12/814,584 patent/US8141154B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6934857B1 (en) * | 2000-11-27 | 2005-08-23 | Networks Associates Technology, Inc. | Security system and method for handheld computers |
US20040158729A1 (en) * | 2003-02-06 | 2004-08-12 | Symantec Corporation | Shell code blocking system and method |
US20060015940A1 (en) * | 2004-07-14 | 2006-01-19 | Shay Zamir | Method for detecting unwanted executables |
Also Published As
Publication number | Publication date |
---|---|
US8141154B2 (en) | 2012-03-20 |
US7757289B2 (en) | 2010-07-13 |
US20070136811A1 (en) | 2007-06-14 |
WO2007069246A2 (en) | 2007-06-21 |
US20100251373A1 (en) | 2010-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007069246A3 (en) | System and method for inspecting dynamically generated executable code | |
US10210329B1 (en) | Method to detect application execution hijacking using memory protection | |
US9594912B1 (en) | Return-oriented programming detection | |
WO2007094942A3 (en) | Dynamic threat event management system and method | |
US8037536B2 (en) | Risk scoring system for the prevention of malware | |
US8955121B2 (en) | System, method, and computer program product for dynamically adjusting a level of security applied to a system | |
WO2007061671A3 (en) | Systems and methods for detecting and disabling malicious script code | |
US20150106929A1 (en) | System and method for attack and malware prevention | |
US10318730B2 (en) | Detection and prevention of malicious code execution using risk scoring | |
CN109558734B (en) | Stack security detection method and device and mobile device | |
CN103020520B (en) | Enterprise-based document security detection method and system | |
AU2010306623B2 (en) | Detecting and responding to malware using link files | |
US7607173B1 (en) | Method and apparatus for preventing rootkit installation | |
US8505102B1 (en) | Detecting undesirable content | |
WO2006090392A3 (en) | System and method for detecting and mitigating dns spoofing trojans | |
AU6227698A (en) | Method and system for preventing the downloading and execution of executable objects | |
US20110197281A1 (en) | Systems and methods for malware detection | |
WO2010000965A3 (en) | Method and device for protecting the integrity of data transmitted over a network | |
GB0517303D0 (en) | System and method for processing secure transmissions | |
WO2006063003A3 (en) | Network and application attack protection based on application layer message inspection | |
WO2011139302A3 (en) | Steganographic messaging system using code invariants | |
RU2008142138A (en) | PROTECTION AGAINST USE OF VULNERABILITY OF THE SOFTWARE | |
US9294493B2 (en) | Computer security method and system with input parameter validation | |
TW200607288A (en) | Program, computer, and data processing method | |
US7975298B1 (en) | System, method and computer program product for remote rootkit detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06832232 Country of ref document: EP Kind code of ref document: A2 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) |