Patent number 8789138 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: "There is a greater need today for secure operating systems than ever before. One way newer computer operating systems provide greater security is by imposing significant restrictions on how application programs may execute. For instance, an operating system may not allow an application program programmed for use with an older version of the operating system to access certain operating system provided application programming interfaces ('APIs'). As a result, legacy applications (i.e. applications programmed for use with an older version of the operating system) may cease to function, or may function improperly, when executed on a newer version of an operating system.
"In order to enable legacy application programs to function with a newer operating system that imposes more burdensome security restrictions, it may be necessary to modify the application program. Modification of a legacy application program might not always be possible, however, because the source code may be unavailable, the original developer of the application program may be unavailable, financial resources may be unavailable to finance the modification, or the underlying technology may be too difficult to understand. This may prove to be frustrating to an individual or an organization that desires to execute the legacy application on a newer operating system.
"It is with respect to these and other considerations that the disclosure made herein is presented."
In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "Technologies are described herein for executing an application in a restricted application execution environment. As used herein, the term 'restricted application execution environment' is utilized to refer to an environment for executing an application program that imposes security restrictions on the execution of application programs. For instance, an operating system that restricts access to legacy operating system provided APIs is a restricted application execution environment. The concepts and technologies disclosed herein permit legacy applications to access APIs provided by a restricted application execution environment that they might otherwise not be permitted to utilize.
"According to one aspect presented herein, a learning mode is utilized to identify the API calls made by an application that are not allowed by a restricted application execution environment. To identify these API calls, the application is executed and the API calls made by the application are intercepted. For each intercepted API call, a determination is made as to whether the restricted application execution environment would allow the API call to be performed. In one embodiment, a security rules database is consulted to make this determination. The security rules database stores data indicating whether API calls are allowable by a restricted application execution environment.
"For each API call that cannot be performed within the restricted application execution environment, data is stored in a database, referred to herein as a runtime remediation database, that identifies the API call. Additional state information regarding the API call might also be stored in the runtime remediation database, such as data identifying the caller of the API, a call stack, data indicating how the API was called, call parameters, and other data.
"The contents of the runtime remediation database may be utilized at runtime to identify blocked API calls and to modify the API calls so that the restricted application execution environment will allow the calls. In particular, API calls made by the application at runtime are intercepted. For each intercepted API call, a determination is made as to whether the API call is allowed by the restricted application execution environment. The contents of the runtime remediation database may be utilized to identify calls that are not allowed.
"Each API call that is blocked by the restricted application execution environment is modified so that the API call is allowable. For instance, in one example, an API call for accessing a secure resource, such as a registry or a file on a mass storage device, may be modified such that it is executed against a shadow resource. A shadow resource is a version of the secure resource that is accessible to the API within the restricted application execution environment. In another example, program code, referred to herein as remediation code, may be executed to reformat the API call so that it is allowed to execute in the restricted application execution environment. The modified or reformatted API call may then be executed in the restricted application execution environment.
"This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended that this Summary be used to limit the scope of the claimed subject matter. Furthermore, the claimed subject matter is not limited to implementations that solve any or all disadvantages noted in any part of this disclosure."
URL and more information on this patent, see: Reierson,
Keywords for this news article include: Technology,
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Michael Jackson, Freddie Mercury on Previously Unreleased Queen Cut
- 10 Things to Know About Alibaba
- Five Steps to Protect Yourself from Data Breaches
- Concur Sold to SAP for $8.3B
- Federal Probe Finds Christie Did Not Order 'Bridgegate'
- Intruder Gets into White House
- Chrysler Recalls Nearly 189,000 SUVs
- HCL America Adding 1,200 IT Jobs
- Medical Mfg. Jobs Coming to Dayton
- Longtime Unemployed to Get Help in Las Vegas