Internal object protection from application programs
First Claim
1. A method of granting a first object executing in a computing system access to a second object, said first object having a local namespace associated therewith, said method comprising:
- receiving a request from the first object to access the second object;
determining whether the second object is stored in the local namespace;
granting the first object access if the second object is determined to be stored in the local namespace; and
otherwise, copying the second object from a global namespace to the local namespace and granting the first object access to the copied second object in the local namespace.
2 Assignments
0 Petitions
Accused Products
Abstract
Granting an executable object (e.g., an application program, thread, or process) access to a namespace object (e.g., a named object, resource, file, or folder). A request by the executable object for the namespace object is intercepted and processed to determine whether a local namespace associated with the executable object, user, or session stores a copy of the requested namespace object. If the copy exists in one of the local namespaces, the request is granted and allowed to operate on that local namespace. If the requested namespace object exists only in a global namespace, the namespace object is copied to a local namespace. The request is then granted and allowed to operate on the copy of the namespace object in the local namespace. Protecting the namespace objects stored in the global namespace from modification improves the stability of the application program and operating system.
199 Citations
39 Claims
-
1. A method of granting a first object executing in a computing system access to a second object, said first object having a local namespace associated therewith, said method comprising:
-
receiving a request from the first object to access the second object;
determining whether the second object is stored in the local namespace;
granting the first object access if the second object is determined to be stored in the local namespace; and
otherwise, copying the second object from a global namespace to the local namespace and granting the first object access to the copied second object in the local namespace. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more computer-readable media having computer-executable components for granting a first object executing in a computing system access to a second object, said first object having a local namespace associated therewith, said components comprising:
-
an interface component for receiving a request from the first object to access the second object;
an analysis component for determining whether the second object is stored in the local namespace;
a security component for granting the request received by the interface component if the second object is determined by the analysis component to be stored in the local namespace, and if the second object is determined by the analysis component to be stored in a global namespace, copying the second object from the global namespace to the local namespace and granting the first object access to the copied second object in the local namespace. - View Dependent Claims (14, 15, 16)
-
-
17. A system for multi-layer virtualization to protect objects in a computing system, said system comprising:
-
a memory area storing an ordered set of namespaces; and
a processor configured to execute computer-executable instructions for;
receiving a request from an executable object for access to a resource object;
identifying a first namespace from the ordered set of namespaces that includes the requested resource object; and
providing the executable object with access to the requested resource object from the identified, first namespace. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A computerized method for deprecating resource usage in a computing system, said computerized method comprising:
-
detecting a predefined operation of an executable object, said predefined operation relating to access to a resource object;
redirecting the detected predefined operation from the resource object to another resource object as a function of the executable object and the resource object. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system for implementing a virtual view of computing system resources for an executable object, said system comprising:
-
a global namespace for storing one or more namespace objects;
a local namespace associated with the executable object, said local namespace for storing a copy of at least one of the one or more namespace objects; and
a manifest for mapping each of the namespace objects stored in the global namespace to the copy stored in the local namespace. - View Dependent Claims (37, 38, 39)
-
Specification