| 发明名称 | Protection of computer system | ||
| 摘要 | Protection of a computer system (104) against attacks using malformed files is applied to an application (106) configured to process files of a predefined Headerless format indicated by a Characteristic pattern of bytes. An incoming file's Characteristic pattern is checked by comparing its leading bytes with Characteristic patterns. If its leading bytes have such a pattern, the file (100) is subjected to a full content check; the file is discarded (100) if it lacks such a pattern or has contents considered damaging. A file is checked regarding suitability for further processing by comparing its leading bytes with the Characteristic pattern of the predefined Headerless format. A full content check of the file may also be carried out. The application (106) is permitted to process files having the Characteristic pattern of the predefined Headerless format and appropriate file contents. The method can deal with ZIP files (b) etc. starting with redundant data b1 even if polymorphic, provided that the file is not potentially damaging. | ||
| 申请公布号 | US9239923(B2) | 申请公布日期 | 2016.01.19 |
| 申请号 | US200913140087 | 申请日期 | 2009.12.15 |
| 申请人 | QINETIQ LIMITED | 发明人 | Wiseman Simon R. |
| 分类号 | G06F21/00;G06F21/56 | 主分类号 | G06F21/00 |
| 代理机构 | McDonnell Boehnen Hulbert & Berghoff LLP | 代理人 | McDonnell Boehnen Hulbert & Berghoff LLP |
| 主权项 | 1. A method of protection of a computer system, the method comprising: (a) providing the computer system with an application for processing incoming files to the computer system of a predefined Headerless format that include a Characteristic pattern of bytes, (b) computing apparatus external to the computer system ascertaining a Characteristic pattern of bytes of an incoming file to the computing apparatus from bytes of the file, (c) the computing apparatus performing a content check on the incoming file to the computing apparatus to determine whether or not the file has contents that are malformed and therefore potentially damaging when interpreted in accordance with a file format specification associated with the ascertained Characteristic pattern of bytes, (d) the computing apparatus moving the file to the computer system if the file is not determined to have malformed content, (e) the computer system checking the incoming file to the computer system and having Headerless format by comparing bytes of the file with the Characteristic pattern of bytes of the predefined Headerless format, and (f) the computer system disallowing processing by the application if the bytes compared in step (e) with the Characteristic pattern of bytes of the predefined Headerless format do not correspond with that Characteristic pattern. | ||
| 地址 | GB | ||