Application recognition, validation and control deals with validating, monitoring, restricting or otherwise controlling the set of programs or applications a computer may execute. Typical clients of application control technologies are corporations who wish to prevent security risks, improper use, and resource contention that may result from employees installing non-work-related or malicious applications.
An application control system or product typically provides capabilities to validate and/or identify applications and to further execute decisions based on such validation or recognition. For example, such systems may enable a user to black-list a set of predefined applications, namely, to disable a set of predefined applications from executing, or to associate a computing device with a white-list, namely, disable all but a predefined set of applications from executing on a computing device. Other utilizations of application validation and control may be forcing access restrictions, for example, by only allowing a predefined set of applications to access a specific information object or device.
Implementing an application control system may be complicated by various technical and/or other issues such as potential malicious activities. For example, validating a specific application may be complicated by an existence or coexistence of multiple application versions, frequent changes applied to applications and programs by automatic and/or manual software updates, patches, hot-fixes and the like. An application validation and control system may be required to identify tampering attempts, where an adversary may make small changes to an application with a specific intention to avoid recognition, such tampering may be hard to detect without employing various sophisticated means.
Some existing methods of application validation and control use a direct comparison of cryptographic hashes of an executable binary. Other implementations use signature recognition, where a short substring of an executable binary is chosen as a “signature” for comparison with other applications. These methods have the disadvantage of being easily overcome by intentional changes, and require significant effort to maintain associated signature and hash databases.
There is a need for a system and method to enable efficient and cost effective application validation and control.