System and method for enhanced layer of security to protect a file system from malicious programs
First Claim
1. A method, in a data processing system, for authorizing access to portions of a file system, comprising:
- receiving, from an executing program, a request to access a portion of a file system, the request including an identifier of the portion of the file system;
retrieving, based on the identifier of the portion of the file system, authorized certificate information associated with the identifier of the portion of the file system, identifying authorized certificates of trusted parties that may be used to access the portion of the file system;
determining if the executing program corresponds to an authorized certificate associated with the portion of the file system; and
permitting access to the portion of the file system only if the executing program corresponds to an authorized certificate associated with the portion of the file system.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing an enhanced layer of security to protect the file system from malicious programs are provided. An additional layer of security for protecting data and to minimize successful attacks by malicious programs is provided. This additional layer uses the feature of code signing to verify that the code is from a source which the code claims to be from, and also that the code has not been tampered with by a malicious party. The file system provides a feature by which certificates are mapped to portions of a file system, e.g., files/directories, such that only programs that are certified by those certificates are able to read/modify those portions of the file system.
-
Citations
20 Claims
-
1. A method, in a data processing system, for authorizing access to portions of a file system, comprising:
-
receiving, from an executing program, a request to access a portion of a file system, the request including an identifier of the portion of the file system;
retrieving, based on the identifier of the portion of the file system, authorized certificate information associated with the identifier of the portion of the file system, identifying authorized certificates of trusted parties that may be used to access the portion of the file system;
determining if the executing program corresponds to an authorized certificate associated with the portion of the file system; and
permitting access to the portion of the file system only if the executing program corresponds to an authorized certificate associated with the portion of the file system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product in a computer readable medium for authorizing access to portions of a file system, comprising:
-
first instructions for receiving, from an executing program, a request to access a portion of a file system, the request including an identifier of the portion of the file system;
second instructions for retrieving, based on the identifier of the portion of the file system, authorized certificate information associated with the identifier of the portion of the file system, identifying authorized certificates of trusted parties that may be used to access the portion of the file system;
third instructions for determining if the executing program corresponds to an authorized certificate associated with the portion of the file system; and
fourth instructions for permitting access to the portion of the file system only if the executing program corresponds to an authorized certificate associated with the portion of the file system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for authorizing access to portions of a file system, comprising:
-
a processor; and
a data storage device coupled to the processor, wherein the data storage system has an associated file system, and wherein the processor;
receives, from an executing program, a request to access a portion of the file system, the request including an identifier of the portion of the file system, retrieves, based on the identifier of the portion of the file system, authorized certificate information associated with the identifier of the portion of the file system, identifying authorized certificates of trusted parties that may be used to access the portion of the file system, determines if the executing program corresponds to an authorized certificate associated with the portion of the file system, and permits access to the portion of the file system only if the executing program corresponds to an authorized certificate associated with the portion of the file system. - View Dependent Claims (18, 19, 20)
-
Specification