Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2006-03-14
2006-03-14
Morse, Gregory (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S023000, C726S024000, C713S165000, C713S167000, C713S188000
Reexamination Certificate
active
07013483
ABSTRACT:
The present invention is directed to a method for emulating an executable code, whether it is a human-readable code (e.g., macro and script) or a compiled code (e.g. Windows executable). At the design time, one or more content attributes are defined for the variables of the code. A content attribute indicates a property with relevance to maliciousness, e.g. Windows directory, a random value, “.EXE” at the right of a string, etc. A content attribute may be implemented, for example, by a flag. Also defined at the design time, is a list of malicious states, where a malicious state comprises at least the combination of a call to a certain system function with certain content, as the calling parameter(s). When emulating an assignment instruction, the attributes of the assigned variable are set according to the assigned content. When emulating a mathematical operator, a content mathematics is also applied. When emulating a function call, the current state (i.e. the function identity and the calling content and values) is compared with the pre-defined malicious states, and if at least one malicious state corresponds, then the maliciousness of the code is determined.
REFERENCES:
patent: 5398196 (1995-03-01), Chambers
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5978917 (1999-11-01), Chi
patent: 6035423 (2000-03-01), Hodges et al.
patent: 6067410 (2000-05-01), Nachenberg
patent: 6269456 (2001-07-01), Hodges et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: 2002/0013910 (2002-01-01), Edery et al.
patent: 2002/0073330 (2002-06-01), Chandnani et al.
patent: WO01/88673 (2001-11-01), None
patent: WO02/37740 (2002-05-01), None
http://livedocs.macromedia.com/colfusion/6/Developing_coldFusion_MX_Applications_with_CFML/queryDB6.htm.
Pleszkoch et al., “Improving Network System with Function Extraction Technology for Automated Calculation of Program Behavior”, Proceeding of the 37th Hawaii International Conference on System Science, 2004.
http://www.cgisecurity.com/owasp/html/ch11s04.
Cohen Oded
Margalit Dany
Margalit Yanki
Meir Inbal
Aladdin Knowledge Systems Ltd.
Friedman Mark M.
Morse Gregory
Tran Tongoc
LandOfFree
Method for emulating an executable code in order to detect... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for emulating an executable code in order to detect..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for emulating an executable code in order to detect... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3600875