(12) United States Patent ao) Patent No.: us 6,553,377 Bi
Eschelbeck et al. (45) Date of Patent: Apr. 22,2003
T. Fraser et al., "Hardening COTS Software with Generic Software Wrappers," Proc. ol the 1999 IEEE Symp. on Security and Privacy, IEEE, Inc. (1999).
* cited by examiner
(75) Inventors: Gerhard Eschelbeck, Santa Clara, CA (US); Thomas Steiner, Linz (AT); Mayr Johannes, Linz (AT)
Network Associates, Inc., Santa Clara, CA (US)
Subject to any disclaimer, the term ol this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.
(21) Appl. No.: 09/541,355
(22) Filed: Mar. 31, 2000
(51) Int. CI.7 G06F 17/30
(52) U.S. CI 707/10; 707/104.1
(58) Field of Search 707/1, 2, 9, 10,
707/104.1; 709/202, 223, 217
(56) References Cited
U.S. PATENT DOCUMENTS
5,655,081 A * 8/1997 Bonnell et al 709/202
5,872,931 A * 2/1999 Chivaluri 709/223
5,958,010 A * 9/1999 Agarwal et al 709/224
6,332,163 Bl * 12/2001 Bowman-Amuah 709/231
M. Pietrek, "Learn System-Level Win32 Coding Techniques by Writing an API Spy Program," vol. 9, No. 12, Microsoft Systems Journal, Microsoft Press (Dec. 1994).
A system and a process lor maintaining a plurality ol remote security applications using a centralized broker in a distributed computing environment are described. A centralized broker is executed on a designated system within the distributed computing environment. A console interlace from the centralized broker is exposed. The console interlace implements a plurality ol browser methods which each define a browser lunction which can be invoked by a plurality ol snap-in components. A namespace snap-in component is defined and includes a logical grouping identilying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interlace from the namespace snap-in component is exposed. The namespace interlace implements a plurality ol namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed. Each storage includes a set of attributes describing each such remote security application defined within the namespace snap-in component.
19 Claims, 11 Drawing Sheets