Vulnerability Management

Who owns the Whitelist?

by  •  • Comments Off

Aladdin Knowledge Systems does, at least according to this patent. (Note: I am not a lawyer, but I could play one on TV).

"The invention contains an application operating environment in which acceptable and/or suspect activities may be defined for an application so that unacceptable application behavior can be prevented. This is done by providing a definition table identifying the types of access and actions that the application is allowed and preventing it from carrying out other types of access and actions. The definition table may be built up using a learning process during use of the application. The environment also provides a means of checking information output to a network against a list of confidential information."

That last line is an interesting add-on, given that it has nothing to do with whitelisting. It appears to be a precursor to a client-side content monitoring scheme. It appears to be all blacklist-oriented. Here’s the pertinent section:

According to a fourth aspect of the present invention there is provided a computer connected to a network, the computer comprising a storage device for storing data, a transmission device for sending data from the computer to the network, a listing of controlled data which should not be sent to the network, a comparison device adapted to compare data sent to the transmission device with the controlled data, and a prevention device for preventing data corresponding to the controlled data being sent automatically to the network.

In embodiments, any of the above aspects may be combined with apparatus for downloading data from identifiable sites in a network to a computer the data may comprise a plurality of types of data including executable program data, The apparatus comprises a list of known sites, checking means for comparing a source of any downloaded material with said list, and prevention means, for preventing execution of executable program data that does not come from a site on the list, or alternatively that does come from said list. In embodiments, means may be provided for modifying the list.

Via Steve Gold’s SecurityWatch.