Secure system for allowing the execution of authorized computer program code

摘要

Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that is maintained by a trusted service provider and that contains cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code and (ii) a local whitelist database containing cryptographic hash values of at least a subset of the approved code modules. The activity relating to the code module is allowed when the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the multi-level whitelist.

主权项

1. A method comprising:
intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; selectively authorizing, by the kernel mode driver, the code module by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist, the multi-level whitelist comprising (i) a global whitelist database remote from the computer system and maintained by a trusted service provider, the global whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code and (ii) a local whitelist database containing cryptographic hash values of at least a subset of the approved code modules; and allowing the activity relating to the code module when the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the multi-level whitelist.