	US 7,603,708 B2
	Securing network services using network action control lists
Pradeep Bahl, Redmond, Wash. (US); Ramesh Chinta, Sammamish, Wash. (US); Narasimha Rao S. S. Nagampalli, Kirkland, Wash. (US); and Scott A Field, Redmond, Wash. (US)
Assigned to Microsoft Corporation, Redmond, Wash. (US)
Filed on Jul. 13, 2005, as Appl. No. 11/181,376.
Prior Publication US 2007/0016675 A1, Jan. 18, 2007
Int. Cl. G06F 11/00 (2006.01); G06F 12/14 (2006.01); G06F 12/16 (2006.01); G08B 23/00 (2006.01)

U.S. Cl. 726—22 [726/4]

20 Claims

1. A computer system having secured network services, the computer system comprising:

a processor;

a memory; and

a network action processing module that processes network actions from one or more network services executing on the computer system, the network action processing module operating in a kernel mode;

wherein the computer system is configured to execute at least network service performing network actions in conjunction with the network action processing module; and

wherein the network action processing module, upon receiving from a network service a received network action having a plurality of disparate aspects:

determines whether the received network action is a valid network action by comparing each of the plurality of disparate aspects to a set of blacklist aspects and a set of whitelist aspects maintained in a network action control list, the blacklist aspects associated with aspects that tend to invalidate a network action, the whitelist aspects associated with aspects that tend to validate a network action, the received network action identified as a valid network action if any of a plurality of combinations of the disparate aspects corresponds to a valid network object;

blocks the received network action if the previous determination yields that the received network action is not a valid network action; and

permits the received network action to complete if the previous determination yields that the received network action is a valid network action.