Browse Prior Art Database

Method for protecting code from running in unlicensed environments Disclosure Number: IPCOM000237410D
Publication Date: 2014-Jun-17
Document File: 2 page(s) / 31K

Publishing Venue

The Prior Art Database


Described is a method for protecting code from running in unlicensed environments. The method uses a training phase to detect allowable method calls by an application and then tunes a security system to allow only these method calls when the application is deployed in a production environment.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Method for protecting code from running in unlicensed environments
When a software organization ships code to a customer, the organization wants to ensure that the customer can only use it as intended. The organization does not want the code to be used for unlicensed, or even worse, nefarious intentions. Currently there are not have any easy ways of detecting unlicensed use. Generally speaking, one must manually add these kind of restrictions into one's applications or hand-write security rules into some apparatus (ex: Java*2 security rules). A simpler, automated method of detecting and rejecting unlicensed code use is needed.

Example: Corporation X has a common component (ABC) that allows execution of commands on remote systems. Corporation X would not want this code used in a bot-net attack.

Example solutions in the field focus on identifying and not running untrusted/malicious code. They do not focus on malicious use of trusted code.

Invention summary

The invention will dynamically create security rules for our code packages based on allowed runtime environments. These rules will be loaded into the application and runtime environment, and the rules are enforced when the application runs in the installed customer environment. The invention will determine the whitelisted security rules by observing the behavior of the application during a training period.

* Use automation to learn proper access routes
* Use automation to write security rules rather than implementing by hand
* The solution is generic and repeatable across disparate projects

Invention embodiment

Run a set of static and dynamic analysis to determine what APIs/methods an application calls into a given component from a given class/method in the course of normal operation. Create a rules file that allows these accesses and only these accesses. At install/deployment time, deploy these security rules, for instance into a custom classloader or Java2 security files, to name a few. This enforc...