Selective authorization of the loading of dependent code modules by running processes

Assignee

• Fortinet, Inc. · US

Inventors

• Andrew F. Fanton · Westminster, US
• John J. Gandee · Loveland, US
• William H. Lutton · Fort Collins, US
• Edwin L. Harper · Platteville, US
• Kurt E. Godwin · Loveland, US
• Anthony A. Rozga · Wellington, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99944
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, a kernel mode driver of a computer system intercepts file system or operating system activity, by a running process, relating to a dependent code module. Loading of the dependent code module is selectively authorized by authenticating a cryptographic hash value of the dependent code module with reference to a multi-level whitelist. The multi-level whitelist includes a global whitelist database remote from the computer system, maintained by a trusted service provider and which contains cryptographic hash values of approved code modules known not to contain viruses or malicious code; and a local whitelist database that includes cryptographic hash values of a subset of the approved code modules. The running process is allowed to load the dependent code module when the cryptographic hash value matches one of the cryptographic hash values of the approved code modules.