HK1055827A1 - Evidence-based security policy manager - Google Patents

Evidence-based security policy manager

Info

Publication number
HK1055827A1
HK1055827A1 HK03108141A HK03108141A HK1055827A1 HK 1055827 A1 HK1055827 A1 HK 1055827A1 HK 03108141 A HK03108141 A HK 03108141A HK 03108141 A HK03108141 A HK 03108141A HK 1055827 A1 HK1055827 A1 HK 1055827A1
Authority
HK
Hong Kong
Prior art keywords
evidence
policy manager
subset
code assembly
received
Prior art date
Application number
HK03108141A
Other languages
English (en)
Inventor
Brian A Lamacchia
Loren M Kohnfelder
Fee Gregory Darrell
Michael J Toutonghi
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of HK1055827A1 publication Critical patent/HK1055827A1/xx

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Golf Clubs (AREA)
  • Road Signs Or Road Markings (AREA)
HK03108141A 2000-06-21 2003-11-11 Evidence-based security policy manager HK1055827A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/598,534 US7051366B1 (en) 2000-06-21 2000-06-21 Evidence-based security policy manager
PCT/US2001/016127 WO2001099030A2 (en) 2000-06-21 2001-05-18 Evidence-based security policy manager

Publications (1)

Publication Number Publication Date
HK1055827A1 true HK1055827A1 (en) 2004-01-21

Family

ID=24395944

Family Applications (1)

Application Number Title Priority Date Filing Date
HK03108141A HK1055827A1 (en) 2000-06-21 2003-11-11 Evidence-based security policy manager

Country Status (8)

Country Link
US (3) US7051366B1 (de)
EP (1) EP1309906B1 (de)
JP (1) JP4738708B2 (de)
AT (1) ATE402450T1 (de)
AU (1) AU2001274856A1 (de)
DE (1) DE60134986D1 (de)
HK (1) HK1055827A1 (de)
WO (1) WO2001099030A2 (de)

Families Citing this family (87)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8352400B2 (en) 1991-12-23 2013-01-08 Hoffberg Steven M Adaptive pattern recognition based controller apparatus and method and human-factored interface therefore
US7966078B2 (en) 1999-02-01 2011-06-21 Steven Hoffberg Network media appliance system and method
US20050154885A1 (en) * 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US7669238B2 (en) * 2000-06-21 2010-02-23 Microsoft Corporation Evidence-based application security
US7051366B1 (en) * 2000-06-21 2006-05-23 Microsoft Corporation Evidence-based security policy manager
US7350204B2 (en) * 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
US7702785B2 (en) * 2001-01-31 2010-04-20 International Business Machines Corporation Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources
US7099663B2 (en) 2001-05-31 2006-08-29 Qualcomm Inc. Safe application distribution and execution in a wireless environment
JP4400059B2 (ja) * 2002-10-17 2010-01-20 株式会社日立製作所 ポリシー設定支援ツール
US8135795B2 (en) * 2003-04-03 2012-03-13 International Business Machines Corporation Method to provide on-demand resource access
US7389495B2 (en) * 2003-05-30 2008-06-17 Sun Microsystems, Inc. Framework to facilitate Java testing in a security constrained environment
US7493488B2 (en) * 2003-07-24 2009-02-17 International Business Machines Corporation Method to disable on/off capacity in demand
TWI263894B (en) * 2003-10-15 2006-10-11 Hon Hai Prec Ind Co Ltd System and method for quickly getting user's permission in access control list
US7647629B2 (en) * 2004-02-03 2010-01-12 Microsoft Corporation Hosted code runtime protection
US7743423B2 (en) * 2004-02-03 2010-06-22 Microsoft Corporation Security requirement determination
US7770202B2 (en) * 2004-02-03 2010-08-03 Microsoft Corporation Cross assembly call interception
US7546587B2 (en) 2004-03-01 2009-06-09 Microsoft Corporation Run-time call stack verification
JP2005346182A (ja) * 2004-05-31 2005-12-15 Fujitsu Ltd 情報処理装置、耐タンパ方法、耐タンパプログラム
US7540013B2 (en) * 2004-06-07 2009-05-26 Check Point Software Technologies, Inc. System and methodology for protecting new computers by applying a preconfigured security update policy
US7908653B2 (en) * 2004-06-29 2011-03-15 Intel Corporation Method of improving computer security through sandboxing
JP4682139B2 (ja) 2004-06-30 2011-05-11 パナソニック株式会社 プログラム実行機器およびそのプログラム実行方法
US7814308B2 (en) * 2004-08-27 2010-10-12 Microsoft Corporation Debugging applications under different permissions
WO2006082990A1 (en) 2005-02-07 2006-08-10 Sony Computer Entertainment Inc. Methods and apparatus for secure processor collaboration in a multi-processor system
US20060259947A1 (en) * 2005-05-11 2006-11-16 Nokia Corporation Method for enforcing a Java security policy in a multi virtual machine system
US9652637B2 (en) 2005-05-23 2017-05-16 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for allowing no code download in a code download scheme
US7844996B2 (en) * 2005-05-23 2010-11-30 Broadcom Corporation Method and apparatus for constructing an access control matrix for a set-top box security processor
US7913289B2 (en) * 2005-05-23 2011-03-22 Broadcom Corporation Method and apparatus for security policy and enforcing mechanism for a set-top box security processor
US8078740B2 (en) 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US20060282428A1 (en) * 2005-06-10 2006-12-14 Microsoft Corporation Method and system for assignment of membership through script
US7793333B2 (en) * 2005-06-13 2010-09-07 International Business Machines Corporation Mobile authorization using policy based access control
US20070028300A1 (en) * 2005-07-28 2007-02-01 Bishop Ellis E System and method for controlling on-demand security
US8046678B2 (en) * 2005-08-22 2011-10-25 Yahoo! Inc. Employing partial evaluation to provide a page
US8225104B1 (en) * 2005-10-06 2012-07-17 Symantec Corporation Data access security
US7739731B2 (en) * 2006-01-09 2010-06-15 Oracle America, Inc. Method and apparatus for protection domain based security
EP1979812A4 (de) * 2006-02-01 2010-01-06 Nokia Corp Zugangskontrolle
US7664865B2 (en) * 2006-02-15 2010-02-16 Microsoft Corporation Securely hosting a webbrowser control in a managed code environment
US9904809B2 (en) 2006-02-27 2018-02-27 Avago Technologies General Ip (Singapore) Pte. Ltd. Method and system for multi-level security initialization and configuration
US9177176B2 (en) 2006-02-27 2015-11-03 Broadcom Corporation Method and system for secure system-on-a-chip architecture for multimedia data processing
US7725922B2 (en) * 2006-03-21 2010-05-25 Novell, Inc. System and method for using sandboxes in a managed shell
US20070261124A1 (en) * 2006-05-03 2007-11-08 International Business Machines Corporation Method and system for run-time dynamic and interactive identification of software authorization requirements and privileged code locations, and for validation of other software program analysis results
US7743414B2 (en) * 2006-05-26 2010-06-22 Novell, Inc. System and method for executing a permissions recorder analyzer
US9489318B2 (en) 2006-06-19 2016-11-08 Broadcom Corporation Method and system for accessing protected memory
US8024770B2 (en) 2006-06-21 2011-09-20 Microsoft Corporation Techniques for managing security contexts
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US7805707B2 (en) * 2006-07-21 2010-09-28 Novell, Inc. System and method for preparing runtime checks
US7739735B2 (en) * 2006-07-26 2010-06-15 Novell, Inc. System and method for dynamic optimizations using security assertions
US7856654B2 (en) * 2006-08-11 2010-12-21 Novell, Inc. System and method for network permissions evaluation
US7823186B2 (en) * 2006-08-24 2010-10-26 Novell, Inc. System and method for applying security policies on multiple assembly caches
US8230235B2 (en) 2006-09-07 2012-07-24 International Business Machines Corporation Selective encryption of data stored on removable media in an automated data storage library
US8146084B1 (en) 2007-02-21 2012-03-27 Adobe Systems Incorporated Loading applications in non-designated isolation environments
US7770203B2 (en) * 2007-04-17 2010-08-03 International Business Machines Corporation Method of integrating a security operations policy into a threat management vector
US8402532B2 (en) * 2007-05-10 2013-03-19 Microsoft Corporation Host control of partial trust accessibility
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US8336023B2 (en) * 2007-10-22 2012-12-18 Oracle International Corporation Extensible code visualization
US8584212B1 (en) 2007-11-15 2013-11-12 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8875259B2 (en) * 2007-11-15 2014-10-28 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8438636B2 (en) * 2008-01-11 2013-05-07 Microsoft Corporation Secure and extensible policy-driven application platform
US8296820B2 (en) * 2008-01-18 2012-10-23 International Business Machines Corporation Applying security policies to multiple systems and controlling policy propagation
US8631217B2 (en) * 2008-02-26 2014-01-14 International Business Machines Corporation Apparatus, system, and method for virtual machine backup
US20090222879A1 (en) * 2008-03-03 2009-09-03 Microsoft Corporation Super policy in information protection systems
WO2009151459A1 (en) 2008-06-13 2009-12-17 Hewlett-Packard Development Company, L.P. Hierarchical policy management
US8272034B2 (en) 2008-08-22 2012-09-18 Research In Motion Limited Methods and apparatus for maintaining permissions for client/server processing in a communication device
US8799986B2 (en) * 2009-05-07 2014-08-05 Axiomatics Ab System and method for controlling policy distribution with partial evaluation
SE534334C2 (sv) * 2009-05-07 2011-07-12 Axiomatics Ab Ett system och förfarande för att styra policydistribuering med partiell evaluering
US9407959B2 (en) 2009-09-21 2016-08-02 Adobe Systems Incorporated Monitoring behavior with respect to a software program
US8510569B2 (en) * 2009-12-16 2013-08-13 Intel Corporation Providing integrity verification and attestation in a hidden execution environment
US9443078B2 (en) 2010-04-20 2016-09-13 International Business Machines Corporation Secure access to a virtual machine
EP2400418A1 (de) * 2010-06-23 2011-12-28 Trusted Logic Verwaltung von Leistung- und Sicherheitsniveau eines Softwares mittels Übersetzung des Programmcodes
US9984229B1 (en) 2010-09-01 2018-05-29 Open Invention Network Llc Method and apparatus providing a multiple source evidence application trust model
US8646100B2 (en) 2011-06-03 2014-02-04 Apple Inc. Method for executing an application in a restricted operating environment
US9053337B2 (en) 2011-06-07 2015-06-09 Blackberry Limited Methods and devices for controlling access to a computing resource by applications executable on a computing device
US8650550B2 (en) 2011-06-07 2014-02-11 Blackberry Limited Methods and devices for controlling access to computing resources
EP2533168B1 (de) * 2011-06-07 2017-01-25 BlackBerry Limited Verfahren und Vorrichtungen zur Verwaltung von Berechtigungsanfragen für die Zulassung des Zugangs zu einer Computerressource
US8763080B2 (en) 2011-06-07 2014-06-24 Blackberry Limited Method and devices for managing permission requests to allow access to a computing resource
US10445528B2 (en) * 2011-09-07 2019-10-15 Microsoft Technology Licensing, Llc Content handling for applications
US9223976B2 (en) * 2011-09-08 2015-12-29 Microsoft Technology Licensing, Llc Content inspection
US9100235B2 (en) 2011-11-07 2015-08-04 At&T Intellectual Property I, L.P. Secure desktop applications for an open computing platform
US9047476B2 (en) * 2011-11-07 2015-06-02 At&T Intellectual Property I, L.P. Browser-based secure desktop applications for open computing platforms
US9727848B2 (en) * 2013-04-29 2017-08-08 Alex Bligh Field programmable hierarchical cloud billing system
US9268948B2 (en) 2013-06-24 2016-02-23 Intel Corporation Secure access enforcement proxy
US10360135B2 (en) * 2016-03-31 2019-07-23 Microsoft Technology Licensing, Llc Privilege test and monitoring
US10303780B2 (en) 2016-06-03 2019-05-28 Microsoft Technology Licensing, Llc Content preservation and policy lock features to provide immutability for regulated compliance
US9928365B1 (en) * 2016-10-31 2018-03-27 International Business Machines Corporation Automated mechanism to obtain detailed forensic analysis of file access
US10650156B2 (en) 2017-04-26 2020-05-12 International Business Machines Corporation Environmental security controls to prevent unauthorized access to files, programs, and objects
CN109768962B (zh) * 2018-12-13 2022-04-12 平安科技(深圳)有限公司 防火墙策略生成方法、装置、计算机设备及存储介质
US11397794B1 (en) 2019-03-25 2022-07-26 Amazon Technologies, Inc. Automated role management for resource accessing code
CN111222146B (zh) * 2019-11-14 2022-08-12 京东科技控股股份有限公司 权限校验方法、权限校验装置、存储介质与电子设备

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6052678A (en) * 1993-12-16 2000-04-18 Fujitsu Limited Problem solving operation apparatus using a state transition
US5644755A (en) * 1995-02-24 1997-07-01 Compaq Computer Corporation Processor with virtual system mode
US5978484A (en) 1996-04-25 1999-11-02 Microsoft Corporation System and method for safety distributing executable objects
US5958050A (en) 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US5915085A (en) 1997-02-28 1999-06-22 International Business Machines Corporation Multiple resource or security contexts in a multithreaded application
US6044466A (en) 1997-11-25 2000-03-28 International Business Machines Corp. Flexible and dynamic derivation of permissions
US6125447A (en) 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6044467A (en) 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6965999B2 (en) * 1998-05-01 2005-11-15 Microsoft Corporation Intelligent trust management method and system
US6463535B1 (en) * 1998-10-05 2002-10-08 Intel Corporation System and method for verifying the integrity and authorization of software before execution in a local platform
US6687823B1 (en) * 1999-05-05 2004-02-03 Sun Microsystems, Inc. Cryptographic authorization with prioritized and weighted authentication
US7131143B1 (en) * 2000-06-21 2006-10-31 Microsoft Corporation Evaluating initially untrusted evidence in an evidence-based security policy manager
US7051366B1 (en) * 2000-06-21 2006-05-23 Microsoft Corporation Evidence-based security policy manager
US6981281B1 (en) * 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly

Also Published As

Publication number Publication date
JP4738708B2 (ja) 2011-08-03
WO2001099030A2 (en) 2001-12-27
EP1309906A2 (de) 2003-05-14
US20070192839A1 (en) 2007-08-16
US7779460B2 (en) 2010-08-17
EP1309906B1 (de) 2008-07-23
US7051366B1 (en) 2006-05-23
US7207064B2 (en) 2007-04-17
AU2001274856A1 (en) 2002-01-02
DE60134986D1 (de) 2008-09-04
WO2001099030A3 (en) 2003-01-09
US20030041267A1 (en) 2003-02-27
ATE402450T1 (de) 2008-08-15
JP2003536176A (ja) 2003-12-02

Similar Documents

Publication Publication Date Title
HK1055827A1 (en) Evidence-based security policy manager
US11704389B2 (en) Controlling access to digital assets
AU2001266590A1 (en) Filtering a permission set using permission requests associated with a code assembly
US7707411B2 (en) Method and system for providing a trusted platform module in a hypervisor environment
US7665139B1 (en) Method and apparatus to detect and prevent malicious changes to tokens
US20030041255A1 (en) Method and apparatus for locking an application within a trusted environment
TWI256227B (en) Device, system and method to manage security credentials in a protected computer network domain
WO2004066586A3 (en) Categorization of host security levels based on functionality implemented inside secure hardware
WO2004055634A3 (en) Systems and methods for detecting a security breach in a computer system
EP0325776A3 (de) Ein Sicherheitswegmechanismus für ein Betriebssystem
WO2004057834A3 (en) Methods and apparatus for administration of policy based protection of data accessible by a mobile device
EP1365306A3 (de) System zum Datenschutz
CN101719846A (zh) 安全监控方法、装置及***
US11934804B2 (en) Method and system for generating and executing a software appliance
WO2004077203A3 (en) A method and system of securely enforcing a computer policy
US10521613B1 (en) Adaptive standalone secure software
Moffie et al. Hunting trojan horses
Birnstill et al. Building blocks for identity management and protection for smart environments and interactive assistance systems
Stelte et al. Towards integrity measurement in virtualized environments—a hypervisor based sensory integrity measurement architecture (SIMA)
JPH11306142A (ja) 計算機及び計算機システムのセキュリティ装置
Gligor Dancing with the adversary: a tale of wimps and giants
US20070038589A1 (en) Granting access to a computer-based object
Jun et al. Research on high performance secure mobile terminal based on offline business detection
Kim et al. Linux based unauthorized process control
Majumdar et al. Securing mobile agents control flow using opaque predicates

Legal Events

Date Code Title Description
PC Patent ceased (i.e. patent has lapsed due to the failure to pay the renewal fee)

Effective date: 20150518