Security critical data containers
First Claim
1. In a computing environment, a method comprising:
- providing a container; and
allowing information to distinguish data associated with a particular method of the container as being security critical, such that the data only can be accessed via the particular method by code with elevated permissions.
2 Assignments
0 Petitions
Accused Products
Abstract
Described are security critical data containers for platform code, comprising a Get container and Set container that allow data to be marked as security critical for critical usage of that data, but left unmarked for non-critical usage. The number of critical methods in the code is reduced, facilitating better code analysis. A container'"'"'s method may be marked as security critical, with the only access to the data via the method. By using a generic class for a Get container, access to the critical data only occurs through the property on the class, which is marked as critical. The field pointing to the generic class instance need not be critical, whereby initialization or existence checking may remain non-critical. The Set container handles security critical situations such as data that controls whether code can elevate permissions; a set method is marked as critical, while other methods can be accessed by non-critical code.
-
Citations
19 Claims
-
1. In a computing environment, a method comprising:
-
providing a container; and
allowing information to distinguish data associated with a particular method of the container as being security critical, such that the data only can be accessed via the particular method by code with elevated permissions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium having stored thereon a data structure, comprising:
-
a set container, including a set method and a get method; and
information that distinguishes data associated with the set method as security critical and associated with the get method as non-security critical;
such that the data can be read by code without elevated permissions via the get method, and the data only can be set by code with elevated permissions via the set method. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having stored thereon a data structure, comprising:
-
a get container, including a get method; and
information that indicates data associated with the get method is security critical;
such that the data only can be read by code with elevated permissions via the get method, and existence/initialization checks may be performed by code without elevated permissions. - View Dependent Claims (17, 18, 19)
-
Specification