Operating system resource protection
First Claim
1. A method of granting an application program access to a resource on a computing system, said method comprising:
- receiving a request from an application program for access to a resource identified in the request;
determining an application identifier for the application program;
identifying a privilege from a manifest as a function of the determined application identifier and the identified resource, said manifest indicating the privilege that the application program has for accessing the identified resource; and
granting the application program access to the identified resource according to the identified privilege.
3 Assignments
0 Petitions
Accused Products
Abstract
Granting an application program access to a resource as a function of a privilege associated with the application program. An embodiment of the invention employs a persistent, individual identity associated with the components of an application program or a group of application programs to allow an operating system to identify and differentiate between different application programs or groups of application programs installed on a computing system. The identity associated with each component of an application program enables the identification and removal or uninstallation of the application program. The identity also enables isolation of resources of the application program and protection of operating system resources.
-
Citations
36 Claims
-
1. A method of granting an application program access to a resource on a computing system, said method comprising:
-
receiving a request from an application program for access to a resource identified in the request;
determining an application identifier for the application program;
identifying a privilege from a manifest as a function of the determined application identifier and the identified resource, said manifest indicating the privilege that the application program has for accessing the identified resource; and
granting the application program access to the identified resource according to the identified privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. One or more computer-readable media having computer-executable components for granting an application program access to a resource, said components comprising:
-
an interface module to receive a request from an application program for access to a resource identified in the request;
an identity module to determine an application identifier for the application program to distinguish the application program and components thereof from other application programs;
a filter module to identify a privilege from a manifest as a function of the application identifier determined by the identity module and the identified resource, said manifest indicating the privilege that the application program has for accessing the identified resource; and
an access control module to grant the application program access to the identified resource according to the privilege identified by the filter module. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A computer-readable medium having stored thereon a data structure representing a manifest specifying access rights of an application program to access a plurality of resources, said data structure comprising:
-
a first field storing a value representing an identity corresponding to the application program;
a second field storing a list of resources associated with the application program; and
a third field storing a privilege associated with the identity from the first field and with the list of resources stored in the second field, said privilege defining an access right of the application program to access each resource in the list of resources. - View Dependent Claims (24, 25, 26)
-
-
27. A system for granting an application access to a system resource, said system comprising:
-
a memory area to store a manifest, said manifest mapping an application identifier and a resource to a privilege, said application identifier being associated with an application program;
a processor configured to execute computer-executable instructions to;
determine, responsive to a request from the application program for the resource, the privilege from the manifest stored in the memory area as a function of the application identifier and the resource; and
grant the application program access to the resource according to the determined privilege. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A method of uninstalling a particular application program and associated system settings and objects from a computing system, said particular application program having at least one file associated therewith, said particular application program being one of a plurality of application programs installed on the computing system, said method comprising:
-
receiving a request to uninstall the particular application program;
determining an identifier associated with the particular application program;
identifying, via the determined identifier, a file associated only with the particular application program of the plurality of application programs, said identified file having the determined identifier associated therewith; and
deleting the identified file. - View Dependent Claims (33, 34, 35, 36)
-
Specification