Methods and apparatus providing security for multiple operational states of a computerized device

US 20060174319A1
Filed: 01/28/2005
Published: 08/03/2006
Est. Priority Date: 01/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method for controlling security during operation of a computerized device, the method comprising:

enforcing a first security policy during first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;

detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;

in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state; and

repeating the steps of detecting a transition operation and enforcing a second security policy corresponding to the second operational state for a plurality of operational states of the computerized device such that as operation of the computer system transitions from operational state to operational state, different security policies corresponding to those operational states are enforced during operation of those states.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system controls security during operation of a computerized device by enforcing a first security policy during first operational state of the computerized device. Enforcement of the first security policy provides a first level access to resources within the computerized device by processes operating in the computerized device. The system detects a transition operation of the computerized device that occurs during enforcement of the first security policy indicating that operation of the computerized device is transitioning from the first operational state to a second operational state and in response, enforces a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state. This can be repeated for many different states including boot time, normal runtime, installation, shutdown, and a compromised state.

Citations

27 Claims

1. A method for controlling security during operation of a computerized device, the method comprising:
- enforcing a first security policy during first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;
  
  detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;
  
  in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state; and
  
  repeating the steps of detecting a transition operation and enforcing a second security policy corresponding to the second operational state for a plurality of operational states of the computerized device such that as operation of the computer system transitions from operational state to operational state, different security policies corresponding to those operational states are enforced during operation of those states.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein:
    - enforcing a first security policy during first operational state comprises enforcing a non-installation security policy during non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
      
      detecting a transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
      
      enforcing a second security policy comprises, in response to detection of the installation operation, enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation; and
      
      in response to an end-installation event, re-enforcing the non-installation security policy.
  - 3. The method of claim 2 wherein enforcing a non-installation security policy comprises:
    - providing a more restrictive level of access to a first resource within the computerized device;
      
      providing a less restrictive level of access to a second resource within the computerized device;
      
      wherein detecting an installation operation of the computerized device comprises;
      
      detecting a requirement to install a software application within the computerized device; and
      
      wherein enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises;
      
      providing a less restrictive level of access to the first resource within the computerized device; and
      
      providing a more restrictive level of access to a second resource within the computerized device.
  - 4. The method of claim 3 wherein the first resource is a computer system configuration resource of the computerized device including at least one of:
    - i) an operating system setting;
      
      ii) a registry value setting;
      
      iii) a file being added or removed from the computerized device; and
      
      wherein the second resource is a computer system processing resource of the computerized device including at least one of;
      
      i) network access to or from the computerized device;
      
      ii) access to a user application that is different than the software application being installed within the computerized device.
  - 5. The method of claim 3 wherein detecting a requirement to install a software application within the computerized device comprises:
    - detecting occurrence, during enforcing the non-installation security policy, of at least one of;
      
      i) execution of an installation wizard that guides a user through a process of installing software within the computerized device;
      
      ii) execution of a process accessing an installation library associated with the computerized device;
      
      iii) execution of a system call that requests to perform modification of a system configuration setting that is commonly performed during software installation; and
      
      iv) a first-time invocation of execution of a process within the computerized device; and
      
      v) execution of a known installation program for purposes of installing software within the computerized device.
  - 6. The method of claim 5 wherein enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises:
    - identifying a type of software installation being performed within the computerized device;
      
      based on the identified type of software installation being performed, identifying a set of restricted resources to which access is to be limited during the software installation being performed; and
      
      restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 7. The method of claim 6 wherein identifying a set of restricted resources to which access is to be limited during the software installation being performed comprises:
    - identifying classes of resources within the computer system that are to be modified during installation of the software within the computerized device;
      
      prompting the user to indicate, for each class of resources, if the user desires an installation process being performed in association with installing the software to allow modification of resources within that class of resources;
      
      receiving at least one response from the user concerning that user'"'"'s desire to allow modification of resources within the respective identified classes of resources; and
      
      performing the operation of restricting access by the software installation process to sets of restricted resources within the computerized device during the enforcement of the installation security policy in accordance the at least one response from the user concerning that user'"'"'s desire to allow modification of resources within the respective identified classes of resources.
  - 8. The method of claim 6 wherein identifying a set of restricted resources to which access is to be limited during the software installation being performed comprises:
    - identifying software applications that are not associated with the software installation being performed within the computerized device;
      
      adding the identified software applications to the set of restricted resources to which access is to be limited during the software installation being performed; and
      
      wherein restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy comprises;
      
      disallowing access, by processes associated with the software installation, to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 9. The method of claim 8 wherein identifying software applications that are not associated with the software installation being performed within the computerized device comprises:
    - identifying communications programs that allow network communications to be performed within the computer system for addition into the set of restricted resources to which access is limited during the software installation being performed in order to restrict network communications by processes associated with the software installation being performed.
  - 10. The method of claim 9 wherein providing a less restrictive level of access to the first resource within the computerized device comprises:
    - allowing access to system configuration settings including a registry.
  - 11. The method of claim 3 wherein in response to an end-installation event, re-enforcing the non-installation security policy comprises:
    - detecting an end-installation event comprising at least one of;
      
      i) an expiration of an installation timer indicating that an installation time period has elapsed;
      
      ii) an indication from the user that installation is complete;
      
      iii) completion of execution of the installation process;
      
      and in response to the end-installation event, reverting to enforcement of a non-installation security policy that provides restricted access to resources that were required during the installation process.
  - 12. The method of claim 11 wherein in response to the end-installation event, reverting to enforcement of a non-installation security policy comprises:
    - reverting to the non-installation security policy after the end-installation event and after expiration of a predetermined time period after occurrence of the end-installation event.
  - 13. The method of claim 2 wherein the non-installation security is a more restrictive security policy that disallows modification to computerized device system configuration settings and the installation security policy is a less restrictive security policy that allows modification to computerized device system configuration settings;
    - and wherein enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises;
      
      providing modification access to computerized device system configuration settings that would otherwise be restricted if the non-installation security policy were enforced.
  - 14. The method of claim 1 wherein the first and second operational states and corresponding first and second security policies corresponding respectively to the first and second operational states are selected from the group consisting of:
    - i) a boot-state in which the computerized device is performing a startup operation, and a boot-time security policy that restricts access to resources within the computer during the startup operation;
      
      ii) a shutdown-state in which the computerized device is performing a shutdown operation, and wherein the security policy is a shutdown security policy that restricts access to resources within the computer during the shutdown operation;
      
      iii) a normal-state in which the computerized device is performing execution of user applications, and wherein the security policy is a normal run-time security policy that restricts modification access to system configuration resources within the computer during the normal run-time operation of user application;
      
      iv) a compromised-state in which the computerized device is determined to be configured with a malicious program, and wherein the security policy is a compromised security policy that restricts all access to system configuration resources within the computer during the compromised state; and
      
      v) an installation-state in which the computerized device is performing an installation operation, and wherein the security policy is a installation security policy that restricts access to non-installation related resources within the computer during the installation operation and de-restricts access to installation related resources within the computerized device.

15. A computerized device comprising:
- a memory storing installation and non-installation security policies;
  
  a processor;
  
  a communications interface coupled to a network;
  
  an interconnection mechanism coupling the memory, the processor and the communications interface;
  
  wherein the memory is encoded with a security agent that controls security during operations of a computerized device, that when executed on the processor, causes the computerized device to perform the operations of;
  
  enforcing a first security policy during first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;
  
  detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;
  
  in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state; and
  
  repeating the steps of detecting a transition operation and enforcing a second security policy corresponding to the second operational state for a plurality of operational states of the computerized device such that as operation of the computer system transitions from operational state to operational state, different security policies corresponding to those operational states are enforced during operation of those states.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The computerized device of claim 15 wherein enforcing a first security policy comprises enforcing the non-installation security policy during non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
    - detecting a transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
      
      enforcing a second security policy comprises, in response to detection of the installation operation, enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation; and
      
      in response to an end-installation event, re-enforcing the non-installation security policy.
  - 17. The computerized device of claim 16 wherein when the security agent causes the computerized device to perform the operation of enforcing a non-installation security policy, the security agent causes the computerized device to perform the operations of:
    - providing a more restrictive level of access to a first resource within the computerized device;
      
      providing a less restrictive level of access to a second resource within the computerized device;
      
      wherein when the security agent causes the computerized device to perform the operation of detecting an installation operation of the computerized device, the security agent causes the computerized device to perform the operation of;
      
      detecting a requirement to install a software application Within the computerized device; and
      
      wherein when the security agent causes the computerized device to perform the operation of enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, the security agent causes the computerized device to perform the operations of;
      
      providing a less restrictive level of access to the first resource within the computerized device; and
      
      providing a more restrictive level of access to a second resource within the computerized device.
  - 18. The computerized device of claim 17 wherein the first resource is a computer system configuration resource of the computerized device including at least one of:
    - i) an operating system setting;
      
      ii) a registry value setting;
      
      iii) a file being added or removed from the computerized device; and
      
      wherein the second resource is a computer system processing resource of the computerized device including at least one of;
      
      i) network access to or from the computerized device;
      
      ii) access to a user application that is different than the software application being installed within the computerized device.
  - 19. The computerized device of claim 17 wherein when the security agent causes the computerized device to perform the operation of detecting a requirement to install a software application within the computerized device, the security agent causes the computerized device to perform the operations of:
    - detecting occurrence, during enforcing the non-installation security policy, of at least one of;
      
      i) execution of an installation wizard that guides a user through a process of installing software within the computerized device;
      
      ii) execution of a process accessing an installation library associated with the computerized device;
      
      iii) execution of a system call that requests to perform modification of a system configuration setting that is commonly performed during software installation; and
      
      iv) a first-time invocation of execution of a process within the computerized device; and
      
      v) execution of a known installation program for purposes of installing software within the computerized device.
  - 20. The computerized device of claim 19 wherein when the security agent causes the computerized device to perform the operation of enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, the security agent causes the computerized device to perform the operations of:
    - identifying a type of software installation being performed within the computerized device;
      
      based on the identified type of software installation being performed, identifying a set of restricted resources to which access is to be limited during the software installation being performed; and
      
      restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 21. The computerized device of claim 20 wherein when the security agent causes the computerized device to perform the operation of identifying a set of restricted resources to which access is to be limited during the software installation being performed, the security agent causes the computerized device to perform the operations of:
    - identifying classes of resources within the computer system that are to be modified during installation of the software within the computerized device;
      
      prompting the user to indicate, for each class of resources, if the user desires an installation process being performed in association with installing the software to allow modification of resources within that class of resources;
      
      receiving at least one response from the user concerning that user'"'"'s desire to allow modification of resources within the respective identified classes of resources; and
      
      performing the operation of restricting access by the software installation process to sets of restricted resources within the computerized device during the enforcement of the installation security policy in accordance the at least one response from the user concerning that user'"'"'s desire to allow modification of resources within the respective identified classes of resources.
  - 22. The computerized device of claim 20 wherein when the security agent causes the computerized device to perform the operation of identifying a set of restricted resources to which access is to be limited during the software installation being performed, the security agent causes the computerized device to perform the operations of:
    - identifying software applications that are not associated with the software installation being performed within the computerized device;
      
      adding the identified software applications to the set of restricted resources to which access is to be limited during the software installation being performed; and
      
      wherein when the security agent causes the computerized device to perform the operation of restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy, the security agent causes the computerized device to perform the operation of;
      
      disallowing access, by processes associated with the software installation, to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 23. The computerized device of claim 21 wherein when the security agent causes the computerized device to perform the operation of identifying software applications that are not associated with the software installation being performed within the computerized device, the security agent causes the computerized device to perform the operation of:
    - identifying communications programs that allow network communications to be performed within the computer system for addition into the set of restricted resources to which access is limited during the software installation being performed in order to restrict network communications by processes associated with the software installation being performed.
  - 24. The computerized device of claim 18 wherein in response to an end-installation event, when the security agent causes the computerized device to perform the operation of re-enforcing the non-installation security policy, the security agent causes the computerized device to perform the operations of:
    - detecting an end-installation event comprising at least one of;
      
      i) an expiration of an installation timer indicating that an installation time period has elapsed;
      
      ii) an indication from the user that installation is complete;
      
      iii) completion of execution of the installation process;
      
      and in response to the end-installation event, reverting to enforcement of a non-installation security policy that provides restricted access to resources that were required during the installation process, the reverting occurring after the end-installation event and after expiration of a predetermined time period after occurrence of the end-installation event.
  - 25. The computerized device of claim 17 wherein the non-installation security is a more restrictive security policy that disallows modification to computerized device system configuration settings and the installation security policy is a less restrictive security policy that allows modification to computerized device system configuration settings;
    - and wherein when the security agent causes the computerized device to perform the operation of enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, the security agent causes the computerized device to perform the operation of;
      
      providing modification access to computerized device system configuration settings that would otherwise be restricted if the non-installation security policy were enforced.

26. A computer readable medium including computer program logic instruction encoded thereon, that when executed on a processor in a computerized device, causes the computerized device to perform the operations of:
- enforcing the non-installation security policy during non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
  
  detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
  
  in response to detection of the installation operation, enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation; and
  
  in response to an end-installation event, re-enforcing the non-installation security policy.

27. A computerized device comprising:
- a memory storing installation and non-installation security policies;
  
  a processor;
  
  a communications interface coupled to a network;
  
  an interconnection mechanism coupling the memory, the processor and the communications interface;
  
  wherein the memory is encoded with a security agent that controls security during installation operations of a computerized device, that when executed on the processor, causes the computerized device to provide means including;
  
  means for enforcing the non-installation security policy during non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
  
  means for detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
  
  in response to detection of the installation operation, means for enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation; and
  
  in response to an end-installation event, means for re-enforcing the non-installation security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Kraemer, Jeffrey A., Malver, Debra L.

Granted Patent

US 7,681,226 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

G06F 2221/2105   Dual mode as a secondary as...

Methods and apparatus providing security for multiple operational states of a computerized device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus providing security for multiple operational states of a computerized device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links