Automatic curation and modification of virtualized computer programs

摘要

In an embodiment, a data processing method comprises receiving computer program data at a security unit having one or more processors; implementing one or more security-related modifications to the computer program data, resulting in creating modified computer program data; executing the modified computer program data in a monitored environment; analyzing output from the modified computer program data and identifying one or more variances from an expected output; performing a responsive action selected from one or more of: disabling one or more security protections that have been implemented in the modified computer program data; reducing or increasing the stringency of one or more security protections that have been implemented in the modified computer program data; updating the security unit based on the variances.

主权项

1. A computer-implemented method comprising:
receiving computer program data at a security unit having one or more processors; implementing one or more security-related modifications to the computer program data, resulting in creating modified computer program data; executing the modified computer program data in a monitored environment; analyzing output from the modified computer program data and identifying one or more variances from an expected output; performing a responsive action selected from one or more of: disabling one or more security protections that have been implemented in the modified computer program data; reducing or increasing the stringency of one or more security protections that have been implemented in the modified computer program data; updating the security unit based on the variances; further comprising: receiving a just-in-time compiled application program; executing the just-in-time compiled application program in a monitored execution environment; observing and recording identification information for each of a plurality of function jumps to or from the just-in-time compiled application program; generating one or more instructions, describing security protections to implement for the identification information for the plurality of function jumps, and sending the instructions to one or more security enforcement endpoints over a computer network; wherein the method is performed using one or more processor and; wherein the reducing or increasing is performed based on the reputation data.