Risk
12/16/2013
12:20 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

IBM Labs: Patented Invention Prevents Devices From Running Compromised Software Code

Invention provides security controls that restrict and prevent access to apps unless their original, previously encrypted code remains unchanged and uncompromised

ARMONK, N.Y., Dec. 13, 2013 /PRNewswire/ -- IBM (NYSE: IBM) inventors have patented a technique that can enable businesses to improve cloud security and support secure transactions by preventing mobile devices from accessing software code that has been maliciously or inadvertently modified after it was encrypted.

(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO )

With the rise of the mobile workforce, many businesses are embracing bring your own device (BYOD) environments or they have employees using mobile devices while working at remote, off-site locations. These scenarios introduce new security vulnerabilities to corporate networks because employees can unknowingly download and attempt to run cloud apps that have been sabotaged. IBM's patented invention helps businesses increase their confidence associated with implementing BYOD policies while averting nefarious code before it has a chance to cause any problems.

IBM received U.S. Patent #8,341,747, "Method to provide a secure virtual machine launcher," for the invention.

"This patented invention will help organizations confidently and securely embrace the advantages of a mobile workforce while remaining protected against malicious content or intent," said Andrew Cornwall, inventor and mobile software developer, IBM. "Our technique helps businesses prevent altered apps from running and unleashing their wrath on businesses, their networks and their customers."

IBM's invention provides security controls that restrict and prevent access to apps unless their original, previously encrypted code remains unchanged and uncompromised. For example, if an app is modified after it has been encrypted -- without being properly decrypted and re-encrypted -- IBM's patented security mechanism will recognize that the code was altered and prevent it from running.

This approach is differentiated by detecting if an app has been modified before being executed, versus after, and provides businesses with additional control over which apps can be accessed.

Security for Mobile Leaders

According to a recent IBM Institute for Business Value survey, mobile leaders are making noteworthy investments in BYOD strategies, recognizing it requires a new approach to IT support and customer service. IBM found that leaders understand the importance of making mobile capabilities secure with 79% reporting that their organizations have well-documented policies in place for employees using mobile devices (versus 48% of non-leaders).

IBM's secure virtual machine (VM) launcher invention can address the complexity of deploying and improving the security of business-critical cloud-based apps. A VM is a computer application used to create a virtual environment that mirrors physical operation systems, applications and programs. While VMs are frequently used for enterprise tasks, such as remote backup and disaster recovery, they also are increasingly embedded in consumer devices such as mobile phones, tablets and portable game consoles to ease software updates and management.

IBM's invention can be applied to encrypted files that are sent from the cloud or a corporate server to a VM. The objective is to prevent embedded devices from executing code that has been altered -- either maliciously or inadvertently.

With billions of embedded VM devices currently in use -- from an estimated three billion mobile phones to 125 million smart televisions -- and millions of additional applications projected in the future, IBM's secure VM launcher patent has the potential to deliver improved security to a wide range of devices and applications.

IBM inventors around the globe are focused on researching and developing new technologies and techniques that will pave the way to leadership for IBM and its clients. Along with the IBM MobileFirst portfolio of solutions, this patented invention can help ensure that users have access to the apps they need without risk to the corporate network.

IBM invests more than $6 billion annually in R&D and has topped the list of U.S.

patent recipients for 20 consecutive years. IBM's invention and patent leadership is illustrated at http://ibm.co/11k6fRn.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web