-
公开(公告)号:US20080127292A1
公开(公告)日:2008-05-29
申请号:US11462680
申请日:2006-08-04
申请人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
发明人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
CPC分类号: G06F21/53 , G06F21/6281 , G06F2221/033 , G06F2221/2141 , G06F2221/2149
摘要: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.
摘要翻译: 本文档描述了限制程序进程能力的系统和方法。 在一些实现中,通过限制授予应用的权限或特权来限制这些能力。 可以为程序或一组程序建立多个规则,拒绝该程序采取超出执行其预期功能所需的动作的动作的权利。 实施安全策略来测试针对规则响应应用程序发起的操作,以便能够限制程序可能的动作的决策。 公开了通过使用虚拟机处理关于针对安全简档的动作的大多数决定的实施例。 在一些实施例中,大多数决定在操作系统的内核空间内被解决。
-
公开(公告)号:US20130055341A1
公开(公告)日:2013-02-28
申请号:US13591690
申请日:2012-08-22
申请人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
发明人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
IPC分类号: G06F21/22
CPC分类号: G06F21/53 , G06F21/6281 , G06F2221/033 , G06F2221/2141 , G06F2221/2149
摘要: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.
摘要翻译: 本文档描述了限制程序进程能力的系统和方法。 在一些实现中,通过限制授予应用的权限或特权来限制这些能力。 可以为程序或一组程序建立多个规则,拒绝该程序采取超出执行其预期功能所需的动作的动作的权利。 实施安全策略来测试针对规则响应应用程序发起的操作,以便能够限制程序可能的动作的决策。 公开了通过使用虚拟机处理关于针对安全简档的动作的大多数决定的实施例。 在一些实施例中,大多数决定在操作系统的内核空间内被解决。
-
公开(公告)号:US08635663B2
公开(公告)日:2014-01-21
申请号:US13591690
申请日:2012-08-22
申请人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
发明人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
CPC分类号: G06F21/53 , G06F21/6281 , G06F2221/033 , G06F2221/2141 , G06F2221/2149
摘要: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.
摘要翻译: 本文档描述了限制程序进程能力的系统和方法。 在一些实现中,通过限制授予应用的权限或特权来限制这些能力。 可以为程序或一组程序建立多个规则,拒绝该程序采取超出执行其预期功能所需的动作的动作的权利。 实施安全策略来测试针对规则响应应用程序发起的操作,以便能够限制程序可能的动作的决策。 公开了通过使用虚拟机处理关于针对安全简档的动作的大多数决定的实施例。 在一些实施例中,大多数决定在操作系统的内核空间内被解决。
-
公开(公告)号:US08272048B2
公开(公告)日:2012-09-18
申请号:US11462680
申请日:2006-08-04
申请人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
发明人: Simon Cooper , Nick Lane-Smith , Joshua Osborne
CPC分类号: G06F21/53 , G06F21/6281 , G06F2221/033 , G06F2221/2141 , G06F2221/2149
摘要: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.
摘要翻译: 本文档描述了限制程序进程能力的系统和方法。 在一些实现中,通过限制授予应用的权限或特权来限制这些能力。 可以为程序或一组程序建立多个规则,拒绝该程序采取超出执行其预期功能所需的动作的动作的权利。 实施安全策略来测试针对规则响应应用程序发起的操作,以便能够限制程序可能的动作的决策。 公开了通过使用虚拟机处理关于针对安全简档的动作的大多数决定的实施例。 在一些实施例中,大多数决定在操作系统的内核空间内被解决。
-
-
-
搜索结果
4 条记录 (耗时 0.012 秒)
