Mechanism for evaluating security risks

US 20040230835A1
Filed: 05/17/2003
Published: 11/18/2004
Est. Priority Date: 05/17/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable components, comprising:

a trust manager configured to receive a notification that an application is being loaded and, in response, to cause the application to be evaluated for a plurality of security risks, the trust manager being further configured to aggregate scores associated with each security risk evaluation to determine a collective security assessment based on the aggregated scores; and

a user interface configured to present the collective security assessment determined by the trust manager.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a mechanism for collectively evaluating security risks associated with loading an application. A hosting environment associated with loading the application invokes a trust manager to evaluate the security risks. The trust manager invokes a plurality of trust evaluators, where each trust evaluator is responsible for analyzing and assessing a different security risk. Upon completion of each security risk evaluation, results of those individual security risk evaluations are returned to the trust manager. The trust manager aggregates the variety of security risk evaluation results and makes a security determination based on the aggregated evaluation results. That determination may be to move forward with loading the application, to block the load of the application, or perhaps to prompt the user for a decision about whether to move forward with the load.

111 Citations

View as Search Results

17 Claims

1. A computer-readable medium having computer-executable components, comprising:
- a trust manager configured to receive a notification that an application is being loaded and, in response, to cause the application to be evaluated for a plurality of security risks, the trust manager being further configured to aggregate scores associated with each security risk evaluation to determine a collective security assessment based on the aggregated scores; and
  
  a user interface configured to present the collective security assessment determined by the trust manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-readable medium of claim 1, wherein the application is being loaded by a hosting environment, and wherein the hosting environment issues the notification to the trust manager.
  - 3. The computer-readable medium of claim 2, wherein the hosting environment is configured to create an Application Description Object that includes descriptive information about the application.
  - 4. The computer-readable medium of claim 3, wherein the descriptive information includes the name of the application and the version of the application.
  - 5. The computer-readable medium of claim 3, wherein the descriptive information identifies rights and permissions requested by components of the application.
  - 6. The computer-readable medium of claim 3, wherein the descriptive information includes privacy policy information.
  - 7. The computer-readable medium of claim 3, wherein the descriptive information includes digital signature information about the application.
  - 8. The computer-readable medium of claim 1, wherein the security risk evaluations are performed by a separate trust evaluator, each trust evaluator being configured to analyze a particular security risk associated with the application.
  - 9. The computer-readable medium of claim 8, wherein the particular security risk comprises the presence of a virus.
  - 10. The computer-readable medium of claim 8, wherein the particular security risk comprises a violation of privacy.
  - 11. The computer-readable medium of claim 1, wherein the collective security assessment identifies one or more security risks associated with loading the application.

12. A computer-readable medium encoded with a data structure, comprising:
- a grant set associated with an application, the grant set including a first table and a second table, the first table including a list of components constituting the application, each component being associated with a permission set, the second table including a list of permission sets and a description for each permission set.

13. A computer-implemented method, comprising:
- receiving a notification that an application is being loaded by a hosting environment;
  
  receiving an application description object that includes information about the application;
  
  causing the application to be evaluated to determine a plurality of security risks associated with the application;
  
  aggregating results from the evaluation of the plurality of security risks; and
  
  presenting the aggregated results as a collective security assessment of the application.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer-implemented method of claim 13, wherein causing the application to be evaluated further comprises invoking a plurality of trust evaluators, each trust evaluator being associated with a different possible security risk, each trust evaluator being operative to assess a likelihood that the application suffers from the particular possible security risk corresponding to that trust evaluator.
  - 15. The computer-implemented method of claim 13, further comprising assigning a permission set to the application, the permission set defining permissions with which the application will be allowed to execute.
  - 16. The computer-implemented method of claim 15, further comprising, in response to a notification to execute the application, retrieving the permission set and causing the application to be executed with the appropriate permissions.
  - 17. The computer-implemented method of claim 15, wherein the permission set defines permissions for components of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Epling, Jeremiah S., Schreiner, Tony Edward, Ramdatmisier, Viresh N., Khorun, Serge A., Farro, Joseph Thomas, Xu, Yingyang, Hawkins, John M., Fee, Gregory Darrell, Cool, Jamie L., Bybee, Andrew G., Goldfeder, Aaron R.

Granted Patent

US 8,156,558 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/566 Dynamic detection, i.e. det...

Mechanism for evaluating security risks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for evaluating security risks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links