System and method for identity decisions and invalidation
First Claim
1. A method for identity decisions, comprising:
- registering to receive change notifications; and
upon receiving a change notification, invalidating the identity that is cached for an object.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for identity decisions and invalidation. Modified objects (e.g., files, executables, etc.) are flagged for reevaluation. Privileges associated with the object are only persisted if the modifications are determined to be authorized (e.g., updates and patches). In one embodiment, a tagging system registers to be notified of all writes, renames, truncations, moves, deletions, or any other relevant modifications to objects. If the tagging system detects a modification operation targeting the object, it invalidates all identity decisions cached with the object. The next time the object runs, the system does not recognize the object and it is forced to reevaluate its identity. Thus, patching and other write operations are still permitted, but the system detects the changed object and reevaluates the identity.
-
Citations
20 Claims
-
1. A method for identity decisions, comprising:
-
registering to receive change notifications; and
upon receiving a change notification, invalidating the identity that is cached for an object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for identity decisions, comprising:
-
a cache for caching identities for objects; and
an invalidation engine for invalidating identities cached for objects when modifications are detected to the objects. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer-readable media for enabling a computer program segment to perform identity decisions, said media comprising:
a set of computer-usable instructions to invalidate an identity cached for an object when a modification is detected to the object. - View Dependent Claims (16, 17, 18, 19, 20)
Specification