公开(公告)号：US06321334B1

公开(公告)日：2001-11-20

申请号：US09116514

申请日：1998-07-15

Applicant: Michael S. Jerger ,  Jeffrey A. Bisset ,  Craig T. Sinclair ,  Michael J. Toutonghi

Inventor： Michael S. Jerger ,  Jeffrey A. Bisset ,  Craig T. Sinclair ,  Michael J. Toutonghi

IPC: G06F1224

CPC classification number: G06F21/54

Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing foreign content downloaded from a computer network. The methods and systems include the configuration of a system security policy that is stored on a host computer. The system security policy includes one or more independently configurable security zones. Each security zone corresponds to a group of network locations and may have one or more associated configurable protected operations that control the access to the host system by foreign content downloaded from the computer network. A protected operations may have one or more associated configurable permissions that define the capabilities of the protected operation. Each permission may be defined by one or more parameters and each parameter may be defined by one or more primitives. The permissions may be defined to enable the permission, disable the permission, or prompt the user when the permission is required. The permission may also be configured to the “fine grained” level of the primitives. Default permission levels that provide predefined parameter and primitive entries that are grouped as high security, medium security, and low security may be selected by the user at most levels of the configuration.

Abstract translation: 公开了基于计算机的系统和方法，用于管理从计算机网络下载的外部内容的综合安全模型。 方法和系统包括存储在主机上的系统安全策略的配置。 系统安全策略包括一个或多个可独立配置的安全区域。 每个安全区域对应于一组网络位置，并且可以具有一个或多个相关联的可配置保护操作，其通过从计算机网络下载的外部内容来控制对主机系统的访问。 受保护的操作可以具有定义受保护操作的能力的一个或多个相关联的可配置许可。 每个权限可以由一个或多个参数定义，并且每个参数可以由一个或多个基元定义。 可以定义权限以启用权限，禁用权限，或在需要权限时提示用户。 许可也可以被配置为基元的“细粒度”级别。 可以由用户在配置的大多数级别选择提供分组为高安全性，中等安全性和低安全性的预定义参数和原语条目的默认权限级别。