WO2002056156A3 - Computer system protection - Google Patents

Computer system protection Download PDF

Info

Publication number
WO2002056156A3
WO2002056156A3 PCT/GB2001/005767 GB0105767W WO02056156A3 WO 2002056156 A3 WO2002056156 A3 WO 2002056156A3 GB 0105767 W GB0105767 W GB 0105767W WO 02056156 A3 WO02056156 A3 WO 02056156A3
Authority
WO
WIPO (PCT)
Prior art keywords
data
sandbox
computer
computer system
encrypted
Prior art date
Application number
PCT/GB2001/005767
Other languages
French (fr)
Other versions
WO2002056156A2 (en
Inventor
Simon Robert Wiseman
Original Assignee
Qinetiq Ltd
Simon Robert Wiseman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qinetiq Ltd, Simon Robert Wiseman filed Critical Qinetiq Ltd
Priority to JP2002556350A priority Critical patent/JP2004518193A/en
Priority to DE60123672T priority patent/DE60123672T2/en
Priority to US10/466,141 priority patent/US7398400B2/en
Priority to EP01273134A priority patent/EP1377890B1/en
Publication of WO2002056156A2 publication Critical patent/WO2002056156A2/en
Publication of WO2002056156A3 publication Critical patent/WO2002056156A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Abstract

Computer system protection to protect against harmful data from an external computer network (60) (e.g. the Internet) involves supplying incoming data (62) to a software checker (64) as the data enters a computer system (not shown). The checker (64) routes any suspect data (66) to an encryptor (68) which encrypts it to render it unusable and harmless. Encrypted data passes to a computer (72) in an internal network (74) and having a desktop quarantine area or sandbox (76) for suspect data. The computer (72) runs main desktop applications (78) receiving encrypted data (70) for storage and transfer, but not for use in any meaningful way because it is encrypted. Equally well applications (78) cannot be interfered with by encrypted data (70) because encryption makes this impossible. On entry into the sandbox (76), the encrypted data (70) is decrypted to usable form: it then becomes accessible by software (204) suitable for use in the sandbox (76) subject to sandbox constraints.
PCT/GB2001/005767 2001-01-13 2001-12-24 Computer system protection WO2002056156A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2002556350A JP2004518193A (en) 2001-01-13 2001-12-24 Computer system protection
DE60123672T DE60123672T2 (en) 2001-01-13 2001-12-24 COMPUTER SYSTEM PROTECTION
US10/466,141 US7398400B2 (en) 2001-01-13 2001-12-24 Computer system protection
EP01273134A EP1377890B1 (en) 2001-01-13 2001-12-24 Computer system protection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0100955A GB2371125A (en) 2001-01-13 2001-01-13 Computer protection system
GB0100955.4 2001-01-13

Publications (2)

Publication Number Publication Date
WO2002056156A2 WO2002056156A2 (en) 2002-07-18
WO2002056156A3 true WO2002056156A3 (en) 2003-11-06

Family

ID=9906799

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/005767 WO2002056156A2 (en) 2001-01-13 2001-12-24 Computer system protection

Country Status (8)

Country Link
US (1) US7398400B2 (en)
EP (2) EP1632833B1 (en)
JP (2) JP2004518193A (en)
AT (2) ATE386304T1 (en)
DE (2) DE60132833T2 (en)
ES (1) ES2297596T3 (en)
GB (1) GB2371125A (en)
WO (1) WO2002056156A2 (en)

Families Citing this family (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060277433A1 (en) * 2000-05-19 2006-12-07 Self Repairing Computers, Inc. Computer having special purpose subsystems and cyber-terror and virus immunity and protection features
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US8972590B2 (en) 2000-09-14 2015-03-03 Kirsten Aldrich Highly accurate security and filtering software
US7903549B2 (en) 2002-03-08 2011-03-08 Secure Computing Corporation Content-based policy compliance systems and methods
US7693947B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for graphically displaying messaging traffic
US7870203B2 (en) 2002-03-08 2011-01-11 Mcafee, Inc. Methods and systems for exposing messaging reputation to an end user
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US7124438B2 (en) 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
US6941467B2 (en) * 2002-03-08 2005-09-06 Ciphertrust, Inc. Systems and methods for adaptive message interrogation through multiple queues
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US7694128B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for secure communication delivery
US20030172291A1 (en) 2002-03-08 2003-09-11 Paul Judge Systems and methods for automated whitelisting in monitored communications
US8578480B2 (en) 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US8132250B2 (en) 2002-03-08 2012-03-06 Mcafee, Inc. Message profiling systems and methods
US7487543B2 (en) * 2002-07-23 2009-02-03 International Business Machines Corporation Method and apparatus for the automatic determination of potentially worm-like behavior of a program
US8838950B2 (en) 2003-06-23 2014-09-16 International Business Machines Corporation Security architecture for system on chip
US7353536B1 (en) * 2003-09-23 2008-04-01 At&T Delaware Intellectual Property, Inc Methods of resetting passwords in network service systems including user redirection and related systems and computer-program products
GB2411799A (en) * 2004-03-02 2005-09-07 Vistorm Ltd Virus checking devices in a test network before permitting access to a main network
US7669059B2 (en) * 2004-03-23 2010-02-23 Network Equipment Technologies, Inc. Method and apparatus for detection of hostile software
US20050273853A1 (en) * 2004-05-24 2005-12-08 Toshiba America Research, Inc. Quarantine networking
US7908653B2 (en) 2004-06-29 2011-03-15 Intel Corporation Method of improving computer security through sandboxing
JP4643221B2 (en) * 2004-10-25 2011-03-02 株式会社東芝 Failure analysis support terminal and failure analysis support information providing device
US8635690B2 (en) 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US20060112430A1 (en) * 2004-11-19 2006-05-25 Deisenroth Jerrold M Method and apparatus for immunizing data in computer systems from corruption
US8131804B2 (en) 2004-11-19 2012-03-06 J Michael Greata Method and apparatus for immunizing data in computer systems from corruption
US7519809B2 (en) * 2005-04-07 2009-04-14 International Business Machines Corporation Operating system-wide sandboxing via switchable user skins
US7937480B2 (en) 2005-06-02 2011-05-03 Mcafee, Inc. Aggregation of reputation data
GB2427048A (en) * 2005-06-09 2006-12-13 Avecho Group Ltd Detection of unwanted code or data in electronic mail
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8024797B2 (en) * 2005-12-21 2011-09-20 Intel Corporation Method, apparatus and system for performing access control and intrusion detection on encrypted data
US20070256082A1 (en) * 2006-05-01 2007-11-01 International Business Machines Corporation Monitoring and controlling applications executing in a computing node
WO2008001344A2 (en) 2006-06-27 2008-01-03 Waterfall Solutions Ltd One way secure link
IL177756A (en) 2006-08-29 2014-11-30 Lior Frenkel Encryption-based attack prevention
IL180020A (en) 2006-12-12 2013-03-24 Waterfall Security Solutions Ltd Encryption -and decryption-enabled interfaces
IL180748A (en) 2007-01-16 2013-03-24 Waterfall Security Solutions Ltd Secure archive
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US7949716B2 (en) 2007-01-24 2011-05-24 Mcafee, Inc. Correlation and analysis of entity attributes
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8179798B2 (en) 2007-01-24 2012-05-15 Mcafee, Inc. Reputation based connection throttling
US8223205B2 (en) 2007-10-24 2012-07-17 Waterfall Solutions Ltd. Secure implementation of network-based sensors
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8045458B2 (en) 2007-11-08 2011-10-25 Mcafee, Inc. Prioritizing network traffic
US8160975B2 (en) 2008-01-25 2012-04-17 Mcafee, Inc. Granular support vector machine with random granularity
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US20100071054A1 (en) * 2008-04-30 2010-03-18 Viasat, Inc. Network security appliance
US8627060B2 (en) * 2008-04-30 2014-01-07 Viasat, Inc. Trusted network interface
US8365259B2 (en) * 2008-05-28 2013-01-29 Zscaler, Inc. Security message processing
JP5423063B2 (en) * 2009-03-05 2014-02-19 日本電気株式会社 Information processing apparatus, method, and program
US8749662B2 (en) 2009-04-16 2014-06-10 Nvidia Corporation System and method for lens shading image correction
GB2470928A (en) * 2009-06-10 2010-12-15 F Secure Oyj False alarm identification for malware using clean scanning
US8479286B2 (en) * 2009-12-15 2013-07-02 Mcafee, Inc. Systems and methods for behavioral sandboxing
US8850572B2 (en) * 2010-01-15 2014-09-30 Apple Inc. Methods for handling a file associated with a program in a restricted program environment
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
GB201008888D0 (en) * 2010-05-27 2010-07-14 Qinetiq Ltd Network security
JP5739182B2 (en) 2011-02-04 2015-06-24 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Control system, method and program
JP5731223B2 (en) 2011-02-14 2015-06-10 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Abnormality detection device, monitoring control system, abnormality detection method, program, and recording medium
JP5689333B2 (en) 2011-02-15 2015-03-25 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Abnormality detection system, abnormality detection device, abnormality detection method, program, and recording medium
CN104335218B (en) * 2012-03-30 2017-08-11 爱迪德技术有限公司 Addressable system is protected using basic function coding
US9256733B2 (en) * 2012-04-27 2016-02-09 Microsoft Technology Licensing, Llc Retrieving content from website through sandbox
US9635037B2 (en) 2012-09-06 2017-04-25 Waterfall Security Solutions Ltd. Remote control of secure installations
US9419975B2 (en) 2013-04-22 2016-08-16 Waterfall Security Solutions Ltd. Bi-directional communication over a one-way link
US9380023B2 (en) 2013-05-13 2016-06-28 Owl Computing Technologies, Inc. Enterprise cross-domain solution having configurable data filters
KR101429131B1 (en) * 2013-06-12 2014-08-11 소프트캠프(주) Device and method for securing system
US9542568B2 (en) * 2013-09-25 2017-01-10 Max Planck Gesellschaft Zur Foerderung Der Wissenschaften E.V. Systems and methods for enforcing third party oversight of data anonymization
US9633200B2 (en) * 2014-09-26 2017-04-25 Oracle International Corporation Multidimensional sandboxing for financial planning
IL235175A (en) 2014-10-19 2017-08-31 Frenkel Lior Secure remote desktop
US10291647B2 (en) * 2015-04-27 2019-05-14 The Johns Hopkins University Apparatus and method for enabling safe handling of malware
IL250010B (en) 2016-02-14 2020-04-30 Waterfall Security Solutions Ltd Secure connection with protected facilities
US11194823B2 (en) 2016-05-10 2021-12-07 Aircloak Gmbh Systems and methods for anonymized statistical database queries using noise elements
JP6381837B1 (en) * 2018-01-17 2018-08-29 株式会社Cygames System, program, method and server for performing communication
JP7247753B2 (en) * 2019-05-30 2023-03-29 株式会社デンソーウェーブ Transmission system and transmission method
LU500837B1 (en) 2021-11-08 2023-05-15 KraLos GmbH Methods and associated computer systems for ensuring the integrity of data
DE102021129026A1 (en) 2021-11-08 2023-05-11 KraLos GmbH Methods and associated computer systems for ensuring the integrity of data

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
GB2315575A (en) * 1996-07-19 1998-02-04 Ibm Encryption circuit in I/O subsystem
US5871814A (en) * 1997-07-18 1999-02-16 Robotech, Inc. Pneumatic grip
US6691230B1 (en) * 1998-10-15 2004-02-10 International Business Machines Corporation Method and system for extending Java applets sand box with public client storage
US6519702B1 (en) * 1999-01-22 2003-02-11 Sun Microsystems, Inc. Method and apparatus for limiting security attacks via data copied into computer memory
US6986052B1 (en) * 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AL-DOSSARY G M: "Computer virus prevention and containment on mainframes", ICCST, 3 October 1989 (1989-10-03), pages 23 - 31, XP010324655 *
ESAFE TECHNOLOGIES: "Gateway Anti-virus and Anti-vandal protection", INTERNET, 1 February 1998 (1998-02-01), XP002243883, Retrieved from the Internet <URL:http://www.netstuff.ch/de/docs/esafe/esafe_vsfwwp.pdf> [retrieved on 20030611] *
ISLAM N ET AL: "A Flexible Security Model for Using Internet Content", INTERNET, 28 June 1997 (1997-06-28), XP002138803, Retrieved from the Internet <URL:http://www.ibm.com/java/education/flexsecurity/> [retrieved on 20000526] *
STERBENZ A: "An evaluation of the Java security model", COMPUTER SECURITY APPLICATIONS CONFERENCE, 1996., 12TH ANNUAL SAN DIEGO, CA, USA 9-13 DEC. 1996, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 9 December 1996 (1996-12-09), pages 2 - 14, XP010213036, ISBN: 0-8186-7606-X *

Also Published As

Publication number Publication date
ATE341794T1 (en) 2006-10-15
DE60132833T2 (en) 2009-02-05
DE60123672D1 (en) 2006-11-16
JP2004518193A (en) 2004-06-17
EP1377890A2 (en) 2004-01-07
US7398400B2 (en) 2008-07-08
ES2297596T3 (en) 2008-05-01
EP1632833A3 (en) 2006-05-10
EP1632833A2 (en) 2006-03-08
EP1632833B1 (en) 2008-02-13
JP2007234051A (en) 2007-09-13
US20040139334A1 (en) 2004-07-15
DE60123672T2 (en) 2007-08-16
GB2371125A (en) 2002-07-17
ATE386304T1 (en) 2008-03-15
GB0100955D0 (en) 2001-02-28
EP1377890B1 (en) 2006-10-04
WO2002056156A2 (en) 2002-07-18
DE60132833D1 (en) 2008-03-27

Similar Documents

Publication Publication Date Title
WO2002056156A3 (en) Computer system protection
WO2003054662A3 (en) A system and method for preventing unauthorized use of protected software utilizing a portable security device
RU2010114241A (en) MULTIFACTOR CONTENT PROTECTION
PL324525A1 (en) Method of protecting computer software against unauthorised use
ATE374494T1 (en) SYSTEM AND METHOD FOR PROTECTING A COMPUTER AGAINST COMPUTER ATTACKS IN A SECURE COMMUNICATION
WO2002084460A3 (en) Method and system to maintain portable computer data secure and authentication token for use therein
WO2005040958A3 (en) Method and system for content distribution
WO2006020141A3 (en) Technique for trasfering encrypted content from first device to second device associated with same user
DE602005020482D1 (en) Masterverschlüsselung
WO2003019842A3 (en) Stream cipher, hash, and pseudo-random number generator
WO2006009616A3 (en) Memory encryption architecture
NL1021434A1 (en) Method for distributing data between a local server and local peripherals.
WO2007089266A3 (en) Administration of data encryption in enterprise computer systems
WO2002011361A3 (en) Data encryption and decryption using error correction methodologies
EP1054314A3 (en) Information processing apparatus, information processing method and providing medium
WO2006123280A3 (en) Drm system for devices communicating with a portable device.
CN104504310A (en) Method and device for software protection based on shell technology
JP2008522278A5 (en)
CA2432445A1 (en) Method for storing encrypted data
WO2006003632A3 (en) Security unit and method for protecting data
EP1457859A3 (en) Data encryption/decryption device
TW200511227A (en) Record carrier, read-out device and method for reading carrier data and network data
WO2002019610A3 (en) Method and system for dynamic encryption of a web-page
GUPIT et al. Implementation of Euclidean Algorithm for Single Key Authentication System
Cui et al. Research of encryption scheme facilitating substring query

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10466141

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2002556350

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2001273134

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2001273134

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 2001273134

Country of ref document: EP