Policies for secure software execution

US 20020099952A1
Filed: 06/08/2001
Published: 07/25/2002
Est. Priority Date: 07/24/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving information corresponding to software that may be executable;

locating a rule that corresponds to the information, the rule having a security level associated therewith;

associating the security level with the software; and

controlling execution of any executable content of the software based on the security level associated with the software.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that automatically, transparently and securely controls software execution by identifying and classifying software, and locating a rule and associated security level for executing executable software. The security level may disallow the software'"'"'s execution, restrict the execution to some extent, or allow unrestricted execution. To restrict software, a restricted access token may be computed that reduces software'"'"'s access to resources, and/or removes privileges, relative to a user'"'"'s normal access token. The rules that control execution for a given machine or user may be maintained in a restriction policy, e.g., locally maintained and/or in a group policy object distributable over a network. Software may be identified/classified by a hash of its content, by a digital signature, by its file system or network path, and/or by its URL zone. For software having multiple classifications, a precedence mechanism is provided to establish the applicable rule/security level.

Citations

75 Claims

1. A computer-implemented method, comprising:
- receiving information corresponding to software that may be executable;
  
  locating a rule that corresponds to the information, the rule having a security level associated therewith;
  
  associating the security level with the software; and
  
  controlling execution of any executable content of the software based on the security level associated with the software.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 2. The method of claim 1 wherein the information corresponding to the software includes a hash value representative of the software'"'"'s contents.
  - 3. The method of claim 1 wherein the information corresponding to the software includes a digital signature .
  - 4. The method of claim 3 wherein the rule that corresponds to the information applies to any file associated with the digital signature.
  - 5. The method of claim 3 wherein the rule that corresponds to the information only applies to a set of at least one selected file associated with the digital signature.
  - 6. The method of claim 3 wherein the rule that corresponds to the information applies only to files associated with the digital signature that have selected file extensions.
  - 7. The method of claim 1 wherein the software is contained in a file, wherein the information corresponding to the software includes path information, and wherein the rule comprises a path rule for the path information.
  - 8. The method of claim 7 wherein the path rule applies only to files having selected file extensions.
  - 9. The method of claim 7 wherein the path is a fully qualified path including a filename.
  - 10. The method of claim 7 wherein the path is a general path that identifies at least one folder.
  - 11. The method of claim 10 wherein at least one folder has a list of selected file extensions associated therewith.
  - 12. The method of claim 7 wherein at least part of the path information corresponds to an environment variable.
  - 13. The method of claim 1 wherein the information corresponding to the software includes data representative of a source of the software.
  - 14. The method of claim 13 wherein the data representative of the source of the software comprises a URL zone.
  - 15. The method of claim 1 wherein the information corresponding to the software includes data provided by executable code hosting the software.
  - 16. The method of claim 1 wherein locating a rule comprises, locating a plurality of applicable rules, and selecting one of the rules of the plurality as the rule that corresponds to the information based on selection criteria.
  - 17. The method of claim 16 wherein the selection criteria comprises a precedence ordering.
  - 18. The method of claim 17 wherein the rules that may correspond to the information include at least two rules of a set comprising a hash rule, a digital signature rule, an exact path rule, a general path rule and a zone rule, and wherein the precedence ordering comprises any hash rule, then any digital signature rule, then any exact path rule, then any general path rule and then any zone rule.
  - 19. The method of claim 1 further comprising executing the software in an execution environment that corresponds to the security level.
  - 20. The method of claim 1 wherein controlling execution comprises providing a restricted execution environment for the software.
  - 21. The method of claim 20 wherein providing a restricted execution environment comprises providing a restricted token, and associating the restricted token with a process of the software.
  - 22. The method of claim 21 wherein providing the restricted token includes having at least one privilege therein removed relative to a parent token.
  - 23. The method of claim 21 wherein providing the restricted token includes modifying at least one security identifier relative to a parent token such that the restricted token has less access to at least one resource relative to access via a parent token.
  - 24. The method of claim 21 wherein providing the restricted token includes adding at least one restricted security identifier to the restricted token relative to a parent token.
  - 25. The method of claim 20 wherein providing a restricted execution environment comprises providing a job object having limitations associated therewith for executing the software.
  - 26. The method of claim 20 wherein providing a restricted execution environment comprises restricting network access for the software.
  - 27. The method of claim 1 wherein controlling execution comprises disallowing the execution.
  - 28. The method of claim 1 further comprising, providing a set of rules including the rule that corresponds to the information.
  - 29. The method of claim 28 wherein at least part of the set of rules are provided via a user interface.
  - 30. The method of claim 1, wherein controlling execution includes locating data corresponding to the security level, the data including information on whether to allow execution, and if so, the data further including information on providing an execution environment for executing the software.
  - 31. The method of claim 30, wherein the data corresponds to settings for untrusted content, and wherein the data specifies that a restricted token is to be derived from a parent token by removing any privileges relative to the parent token and by removing any unknown security identifiers relative to the parent token.
  - 32. The method of claim 1, wherein controlling execution of executable content of the software based on the security level includes providing a restricted token for association with at least one process of the software, the restricted token derived from a parent token and having reduced access rights or at least one privilege removed relative to the parent token.
  - 33. The method of claim 1 wherein the information corresponding to the software that may be executed is received at a function, and further comprising, placing a call from the function to an enforcement mechanism, the enforcement mechanism locating the rule.
  - 34. The method of claim 1 wherein locating a rule comprises accessing policy information.
  - 35. The method of claim 34 wherein the policy information may be updated dynamically.
  - 36. The method of claim 34 wherein the policy information is maintained in a group policy object.
  - 37. The method of claim 34 wherein the policy information is maintained in a local registry.
  - 38. The method of claim 34 wherein the policy information is maintained in an effective policy constructed from a group policy object for a machine, a group policy object for a user, local machine data and a local user data.
  - 39. The method of claim 1 wherein the software is maintained as a file within a folder, wherein the rule applies to the folder and further indicates that each file therein runs unrestricted, and wherein the folder is protected from write access with respect to a user executing the software.
  - 40. A computer-readable medium having computer-executable instructions for performing the method of claim 1.

41. A computer-implemented method, comprising:
- providing a plurality of rules for executable software, each rule having a security level associated therewith;
  
  determining which rule applies to a given software module based on a classification of that software module; and
  
  associating the given software module with execution information corresponding to the security level to control the software module'"'"'s runtime capabilities.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 42. The method of claim 41 wherein providing a plurality of rules for executable software includes providing a policy object.
  - 43. The method of claim 41 wherein determining which rule applies to a given software module includes, determining whether a hash rule is maintained for the software module.
  - 44. The method of claim 41 wherein determining which rule applies to a given software module includes, determining whether the software module has a digital signature associated therewith, and if so, determining whether a digital signature rule exists for that digital signature.
  - 45. The method of claim 41 wherein determining which rule applies to a given software module includes, determining whether a path rule is maintained for the software module.
  - 46. The method of claim 41 wherein determining which rule applies to a given software module includes, determining whether a zone rule applies to the software module.
  - 47. The method of claim 41 wherein determining which rule applies to a given software module includes selecting one of a plurality of applicable rules based on a precedence order.
  - 48. The method of claim 41 wherein determining which rule applies to a given software module includes selecting one of a plurality of applicable rules based on a precedence order.
  - 49. The method of claim 41 wherein associating the given software module with the execution information corresponding to the security level comprises computing a restricted token based on the security level.
  - 50. The method of claim 41 wherein associating the given software module with the execution information corresponding to the security level comprises determining network restrictions based on the security level.
  - 51. The method of claim 41 wherein associating the given software module with the execution information corresponding to the security level comprises determining job object limitations based on the security level.
  - 52. The method of claim 41 further comprising, executing the given software module in an execution environment that is based on the security level.
  - 53. A computer-readable medium having computer-executable instructions for performing the method of claim 41.

54. In a computer system, a security mechanism, comprising:
- a set of at least one function, each function of the set configured to receive a request related to executing a software module, the software module being associated with software identification information;
  
  a policy container having a plurality of rules therein, each rule being associated with a security level; and
  
  an enforcement mechanism configured for communication with each function of the set of functions, the enforcement mechanism being further configured to;
  
  obtain software identification information associated with the software module from a function of the set, consult the policy container to locate a rule based on the software identification, and associate security information with the software module, the security information based on the security level associated with the rule.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 55. The system of claim 54 wherein the security information associated with the software module comprises a normal access token of a user.
  - 56. The system of claim 54 wherein the security information associated with the software module comprises return data indicative of disallowing execution.
  - 57. The system of claim 54 wherein the security information associated with the software module comprises a restricted token.
  - 58. The system of claim 57 wherein the enforcement mechanism computes the restricted token from a parent token.
  - 59. The system of claim 58 wherein the restricted token has less access to at least one resource relative to the parent token.
  - 60. The system of claim 58 wherein the restricted token has at least one less privilege relative to the parent token.
  - 61. The system of claim 58 wherein the restricted token includes at least one restricted security identifier that is not present in the parent token.
  - 62. The system of claim 54 wherein the security information associated with the software module comprises a job object.
  - 63. The system of claim 54 wherein the security information associated with the software module comprises network access restrictions.
  - 64. The system of claim 54 wherein one of the functions of the set is configured to load the software module into memory.
  - 65. The system of claim 54 wherein one of the functions of the set is configured to create a process.
  - 66. The system of claim 54 wherein one of the functions of the set is configured to execute the software module.
  - 67. The system of claim 54 wherein one of the functions of the set is configured to create an object.
  - 68. The system of claim 54 wherein one of the functions of the set is configured to run a script.
  - 69. The system of claim 54 wherein one of the functions of the set is configured to install software onto the system.
  - 70. The system of claim 54 wherein one of the rules comprises a hash rule.
  - 71. The system of claim 54 wherein one of the rules comprises a digital signature rule.
  - 72. The system of claim 54 wherein one of the rules comprises a path rule.
  - 73. The system of claim 54 wherein one of the rules comprises a zone rule.
  - 74. The system of claim 54 wherein the policy container includes information from at least one group policy object.
  - 75. A computer-readable medium having computer-executable components for implementing the system of claim 54.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garg, Praerit, Lambert, John J., Lawson, Jeffrey A.

Granted Patent

US 7,350,204 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

H04L 2463/101   applying security measures ...

H04L 63/12   Applying verification of th...

Policies for secure software execution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Policies for secure software execution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links