[go: up one dir, main page]

AU2001274856A1 - Evidence-based security policy manager - Google Patents

Evidence-based security policy manager

Info

Publication number
AU2001274856A1
AU2001274856A1 AU2001274856A AU7485601A AU2001274856A1 AU 2001274856 A1 AU2001274856 A1 AU 2001274856A1 AU 2001274856 A AU2001274856 A AU 2001274856A AU 7485601 A AU7485601 A AU 7485601A AU 2001274856 A1 AU2001274856 A1 AU 2001274856A1
Authority
AU
Australia
Prior art keywords
evidence
policy manager
subset
code assembly
received
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2001274856A
Inventor
Gregory Darrell Fee
Loren M. Kohnfelder
Brian A. Lamacchia
Michael J. Toutonghi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of AU2001274856A1 publication Critical patent/AU2001274856A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Golf Clubs (AREA)
  • Road Signs Or Road Markings (AREA)

Abstract

An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.
AU2001274856A 2000-06-21 2001-05-18 Evidence-based security policy manager Abandoned AU2001274856A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/598,534 2000-06-21
US09/598,534 US7051366B1 (en) 2000-06-21 2000-06-21 Evidence-based security policy manager
PCT/US2001/016127 WO2001099030A2 (en) 2000-06-21 2001-05-18 Evidence-based security policy manager

Publications (1)

Publication Number Publication Date
AU2001274856A1 true AU2001274856A1 (en) 2002-01-02

Family

ID=24395944

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2001274856A Abandoned AU2001274856A1 (en) 2000-06-21 2001-05-18 Evidence-based security policy manager

Country Status (7)

Country Link
US (3) US7051366B1 (en)
EP (1) EP1309906B1 (en)
JP (1) JP4738708B2 (en)
AT (1) ATE402450T1 (en)
AU (1) AU2001274856A1 (en)
DE (1) DE60134986D1 (en)
WO (1) WO2001099030A2 (en)

Families Citing this family (87)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8352400B2 (en) 1991-12-23 2013-01-08 Hoffberg Steven M Adaptive pattern recognition based controller apparatus and method and human-factored interface therefore
US7966078B2 (en) 1999-02-01 2011-06-21 Steven Hoffberg Network media appliance system and method
US20050154885A1 (en) * 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US7669238B2 (en) * 2000-06-21 2010-02-23 Microsoft Corporation Evidence-based application security
US7051366B1 (en) * 2000-06-21 2006-05-23 Microsoft Corporation Evidence-based security policy manager
US7350204B2 (en) * 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
US7702785B2 (en) * 2001-01-31 2010-04-20 International Business Machines Corporation Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources
US7099663B2 (en) 2001-05-31 2006-08-29 Qualcomm Inc. Safe application distribution and execution in a wireless environment
JP4400059B2 (en) * 2002-10-17 2010-01-20 株式会社日立製作所 Policy setting support tool
US8135795B2 (en) * 2003-04-03 2012-03-13 International Business Machines Corporation Method to provide on-demand resource access
US7389495B2 (en) * 2003-05-30 2008-06-17 Sun Microsystems, Inc. Framework to facilitate Java testing in a security constrained environment
US7493488B2 (en) * 2003-07-24 2009-02-17 International Business Machines Corporation Method to disable on/off capacity in demand
TWI263894B (en) * 2003-10-15 2006-10-11 Hon Hai Prec Ind Co Ltd System and method for quickly getting user's permission in access control list
US7647629B2 (en) * 2004-02-03 2010-01-12 Microsoft Corporation Hosted code runtime protection
US7770202B2 (en) * 2004-02-03 2010-08-03 Microsoft Corporation Cross assembly call interception
US7743423B2 (en) * 2004-02-03 2010-06-22 Microsoft Corporation Security requirement determination
US7546587B2 (en) 2004-03-01 2009-06-09 Microsoft Corporation Run-time call stack verification
JP2005346182A (en) * 2004-05-31 2005-12-15 Fujitsu Ltd Information processing apparatus, tamper resistant method, tamper resistant program
US7540013B2 (en) * 2004-06-07 2009-05-26 Check Point Software Technologies, Inc. System and methodology for protecting new computers by applying a preconfigured security update policy
US7908653B2 (en) * 2004-06-29 2011-03-15 Intel Corporation Method of improving computer security through sandboxing
CN100580611C (en) 2004-06-30 2010-01-13 松下电器产业株式会社 Program execution device and program execution method
US7814308B2 (en) * 2004-08-27 2010-10-12 Microsoft Corporation Debugging applications under different permissions
JP4601557B2 (en) * 2005-02-07 2010-12-22 株式会社ソニー・コンピュータエンタテインメント Method and apparatus for secure cooperation of processors in a multiprocessor system
US20060259947A1 (en) * 2005-05-11 2006-11-16 Nokia Corporation Method for enforcing a Java security policy in a multi virtual machine system
US9652637B2 (en) 2005-05-23 2017-05-16 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for allowing no code download in a code download scheme
US7844996B2 (en) * 2005-05-23 2010-11-30 Broadcom Corporation Method and apparatus for constructing an access control matrix for a set-top box security processor
US7913289B2 (en) * 2005-05-23 2011-03-22 Broadcom Corporation Method and apparatus for security policy and enforcing mechanism for a set-top box security processor
US8078740B2 (en) 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US20060282428A1 (en) * 2005-06-10 2006-12-14 Microsoft Corporation Method and system for assignment of membership through script
US7793333B2 (en) * 2005-06-13 2010-09-07 International Business Machines Corporation Mobile authorization using policy based access control
US20070028300A1 (en) * 2005-07-28 2007-02-01 Bishop Ellis E System and method for controlling on-demand security
US8046678B2 (en) * 2005-08-22 2011-10-25 Yahoo! Inc. Employing partial evaluation to provide a page
US8225104B1 (en) * 2005-10-06 2012-07-17 Symantec Corporation Data access security
US7739731B2 (en) * 2006-01-09 2010-06-15 Oracle America, Inc. Method and apparatus for protection domain based security
JP2009524864A (en) * 2006-02-01 2009-07-02 ノキア コーポレイション Access control
US7664865B2 (en) * 2006-02-15 2010-02-16 Microsoft Corporation Securely hosting a webbrowser control in a managed code environment
US9904809B2 (en) 2006-02-27 2018-02-27 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for multi-level security initialization and configuration
US9177176B2 (en) 2006-02-27 2015-11-03 Broadcom Corporation Method and system for secure system-on-a-chip architecture for multimedia data processing
US7725922B2 (en) * 2006-03-21 2010-05-25 Novell, Inc. System and method for using sandboxes in a managed shell
US20070261124A1 (en) * 2006-05-03 2007-11-08 International Business Machines Corporation Method and system for run-time dynamic and interactive identification of software authorization requirements and privileged code locations, and for validation of other software program analysis results
US7743414B2 (en) * 2006-05-26 2010-06-22 Novell, Inc. System and method for executing a permissions recorder analyzer
US9489318B2 (en) 2006-06-19 2016-11-08 Broadcom Corporation Method and system for accessing protected memory
US8024770B2 (en) 2006-06-21 2011-09-20 Microsoft Corporation Techniques for managing security contexts
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US7805707B2 (en) * 2006-07-21 2010-09-28 Novell, Inc. System and method for preparing runtime checks
US7739735B2 (en) * 2006-07-26 2010-06-15 Novell, Inc. System and method for dynamic optimizations using security assertions
US7856654B2 (en) * 2006-08-11 2010-12-21 Novell, Inc. System and method for network permissions evaluation
US7823186B2 (en) * 2006-08-24 2010-10-26 Novell, Inc. System and method for applying security policies on multiple assembly caches
US8230235B2 (en) * 2006-09-07 2012-07-24 International Business Machines Corporation Selective encryption of data stored on removable media in an automated data storage library
US8146084B1 (en) * 2007-02-21 2012-03-27 Adobe Systems Incorporated Loading applications in non-designated isolation environments
US7770203B2 (en) * 2007-04-17 2010-08-03 International Business Machines Corporation Method of integrating a security operations policy into a threat management vector
US8402532B2 (en) * 2007-05-10 2013-03-19 Microsoft Corporation Host control of partial trust accessibility
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US8336023B2 (en) * 2007-10-22 2012-12-18 Oracle International Corporation Extensible code visualization
US8875259B2 (en) 2007-11-15 2014-10-28 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8584212B1 (en) 2007-11-15 2013-11-12 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8438636B2 (en) * 2008-01-11 2013-05-07 Microsoft Corporation Secure and extensible policy-driven application platform
US8296820B2 (en) * 2008-01-18 2012-10-23 International Business Machines Corporation Applying security policies to multiple systems and controlling policy propagation
US8631217B2 (en) * 2008-02-26 2014-01-14 International Business Machines Corporation Apparatus, system, and method for virtual machine backup
US20090222879A1 (en) * 2008-03-03 2009-09-03 Microsoft Corporation Super policy in information protection systems
WO2009151459A1 (en) 2008-06-13 2009-12-17 Hewlett-Packard Development Company, L.P. Hierarchical policy management
US8272034B2 (en) * 2008-08-22 2012-09-18 Research In Motion Limited Methods and apparatus for maintaining permissions for client/server processing in a communication device
SE534334C2 (en) * 2009-05-07 2011-07-12 Axiomatics Ab A system and procedure for controlling policy distribution with partial evaluation
US8799986B2 (en) * 2009-05-07 2014-08-05 Axiomatics Ab System and method for controlling policy distribution with partial evaluation
US9407959B2 (en) 2009-09-21 2016-08-02 Adobe Systems Incorporated Monitoring behavior with respect to a software program
US8510569B2 (en) * 2009-12-16 2013-08-13 Intel Corporation Providing integrity verification and attestation in a hidden execution environment
US9443078B2 (en) * 2010-04-20 2016-09-13 International Business Machines Corporation Secure access to a virtual machine
EP2400418A1 (en) * 2010-06-23 2011-12-28 Trusted Logic Control performance and security levels of a software through transformation of program code
US9984229B1 (en) 2010-09-01 2018-05-29 Open Invention Network Llc Method and apparatus providing a multiple source evidence application trust model
US8646100B2 (en) 2011-06-03 2014-02-04 Apple Inc. Method for executing an application in a restricted operating environment
US8650550B2 (en) 2011-06-07 2014-02-11 Blackberry Limited Methods and devices for controlling access to computing resources
US8763080B2 (en) 2011-06-07 2014-06-24 Blackberry Limited Method and devices for managing permission requests to allow access to a computing resource
EP2533168B1 (en) * 2011-06-07 2017-01-25 BlackBerry Limited Method and devices for managing permission requests to allow access to computing resource
US9053337B2 (en) 2011-06-07 2015-06-09 Blackberry Limited Methods and devices for controlling access to a computing resource by applications executable on a computing device
US10445528B2 (en) * 2011-09-07 2019-10-15 Microsoft Technology Licensing, Llc Content handling for applications
US9223976B2 (en) * 2011-09-08 2015-12-29 Microsoft Technology Licensing, Llc Content inspection
US9100235B2 (en) 2011-11-07 2015-08-04 At&T Intellectual Property I, L.P. Secure desktop applications for an open computing platform
US9047476B2 (en) * 2011-11-07 2015-06-02 At&T Intellectual Property I, L.P. Browser-based secure desktop applications for open computing platforms
US9727848B2 (en) * 2013-04-29 2017-08-08 Alex Bligh Field programmable hierarchical cloud billing system
US9268948B2 (en) 2013-06-24 2016-02-23 Intel Corporation Secure access enforcement proxy
US10360135B2 (en) * 2016-03-31 2019-07-23 Microsoft Technology Licensing, Llc Privilege test and monitoring
US10303780B2 (en) 2016-06-03 2019-05-28 Microsoft Technology Licensing, Llc Content preservation and policy lock features to provide immutability for regulated compliance
US9928365B1 (en) * 2016-10-31 2018-03-27 International Business Machines Corporation Automated mechanism to obtain detailed forensic analysis of file access
US10650156B2 (en) 2017-04-26 2020-05-12 International Business Machines Corporation Environmental security controls to prevent unauthorized access to files, programs, and objects
CN109768962B (en) * 2018-12-13 2022-04-12 平安科技(深圳)有限公司 Firewall strategy generation method and device, computer equipment and storage medium
US11397794B1 (en) 2019-03-25 2022-07-26 Amazon Technologies, Inc. Automated role management for resource accessing code
CN111222146B (en) * 2019-11-14 2022-08-12 京东科技控股股份有限公司 Authority checking method, authority checking device, storage medium and electronic equipment

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US6052678A (en) 1993-12-16 2000-04-18 Fujitsu Limited Problem solving operation apparatus using a state transition
US5644755A (en) * 1995-02-24 1997-07-01 Compaq Computer Corporation Processor with virtual system mode
US5978484A (en) 1996-04-25 1999-11-02 Microsoft Corporation System and method for safety distributing executable objects
US5958050A (en) 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US5915085A (en) 1997-02-28 1999-06-22 International Business Machines Corporation Multiple resource or security contexts in a multithreaded application
US6044466A (en) 1997-11-25 2000-03-28 International Business Machines Corp. Flexible and dynamic derivation of permissions
US6044467A (en) 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6125447A (en) 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6965999B2 (en) * 1998-05-01 2005-11-15 Microsoft Corporation Intelligent trust management method and system
US6463535B1 (en) 1998-10-05 2002-10-08 Intel Corporation System and method for verifying the integrity and authorization of software before execution in a local platform
US6687823B1 (en) 1999-05-05 2004-02-03 Sun Microsystems, Inc. Cryptographic authorization with prioritized and weighted authentication
US7051366B1 (en) 2000-06-21 2006-05-23 Microsoft Corporation Evidence-based security policy manager
US7131143B1 (en) 2000-06-21 2006-10-31 Microsoft Corporation Evaluating initially untrusted evidence in an evidence-based security policy manager
US6981281B1 (en) 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly

Also Published As

Publication number Publication date
EP1309906B1 (en) 2008-07-23
US20030041267A1 (en) 2003-02-27
US7207064B2 (en) 2007-04-17
DE60134986D1 (en) 2008-09-04
US7051366B1 (en) 2006-05-23
ATE402450T1 (en) 2008-08-15
EP1309906A2 (en) 2003-05-14
US20070192839A1 (en) 2007-08-16
US7779460B2 (en) 2010-08-17
JP2003536176A (en) 2003-12-02
WO2001099030A3 (en) 2003-01-09
WO2001099030A2 (en) 2001-12-27
HK1055827A1 (en) 2004-01-21
JP4738708B2 (en) 2011-08-03

Similar Documents

Publication Publication Date Title
AU2001274856A1 (en) Evidence-based security policy manager
US7707411B2 (en) Method and system for providing a trusted platform module in a hypervisor environment
JP2003140759A (en) Trusted computing platform
US9336369B2 (en) Methods of licensing software programs and protecting them from unauthorized use
US7665139B1 (en) Method and apparatus to detect and prevent malicious changes to tokens
WO2004066586A3 (en) Categorization of host security levels based on functionality implemented inside secure hardware
WO2004055634A3 (en) Systems and methods for detecting a security breach in a computer system
WO2004057834A3 (en) Methods and apparatus for administration of policy based protection of data accessible by a mobile device
EP0325776A3 (en) A trusted path mechanism for an operating system
EP1365306A3 (en) Data protection system
EP1253502A3 (en) Trusted computer system
EP0729252A3 (en) Cryptographic key management
GB2413880A (en) A method and system of securely enforcing a computer policy
EP1435557A3 (en) Restricted access of applications to hardware resources
US20220317982A1 (en) Method and system for generating and executing a software appliance
WO2006028488A3 (en) Authentication of users and computer systems
US6564325B1 (en) Method of and apparatus for providing multi-level security access to system
CN103226676A (en) Mixed method for measuring creditability of application software
US20070234330A1 (en) Prevention of executable code modification
WO2004012029A3 (en) Restricting access to a method in a component
WO2024184646A1 (en) File-system protection
Birnstill et al. Building blocks for identity management and protection for smart environments and interactive assistance systems
WO2000059286A3 (en) Method and system for administrating context
CN114861188A (en) Execution object switching method and device, terminal, server and system
Majumdar et al. Securing mobile agents control flow using opaque predicates