Method and system for enforcing a security policy via a security virtual machine
First Claim
Patent Images
1. A method in a computer system for enforcing a security policy, the method comprising:
- providing a security policy;
compiling the security policy into a security program based on an instruction set of a security virtual machine;
loading the security program into an instruction store of the security virtual machine; and
upon occurrence of a security enforcement event, executing the instructions of the instruction store based on data of the security enforcement event to enforce the security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enforcing a security policy encoded in an instruction set of a security virtual machine is provided. A security system provides a security virtual machine that executes security programs expressed in the instruction set of the security virtual machine. The security system stores the security program in an instruction store of the security virtual machine. When a security enforcement event occurs, the security virtual machine executes the instructions of its instruction store using data of the security enforcement event to enforce the security policy.
-
Citations
39 Claims
-
1. A method in a computer system for enforcing a security policy, the method comprising:
-
providing a security policy;
compiling the security policy into a security program based on an instruction set of a security virtual machine;
loading the security program into an instruction store of the security virtual machine; and
upon occurrence of a security enforcement event, executing the instructions of the instruction store based on data of the security enforcement event to enforce the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A security virtual machine for detecting when an application is placing a system call with parameters that violate a security policy, comprising:
-
an instruction store that contains instructions that implement the security policy;
a data store that contains data of the security policy;
a parameter store that contains parameters of a system call; and
a processor engine that executes the instructions of the instruction store using data of the data store and parameters of the parameter store to determine whether the system call violates the security policy. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
- 35. A computer-readable medium containing instructions for enforcing a security policy, the instructions for execution by a security virtual machine and being compiled from a high-level language representation of the security policy.
Specification