Integrating security protection tools with computer device integrity and privacy policy
First Claim
1. An integrity and privacy protection method for an operating system of a computer device comprising:
- in response to installing a program on a computer device that includes the operating system, a monitor within the operating system assigning a monitoring program for the program being installed, wherein the monitor assigning an integrity and/or privacy label to the monitoring program that is based on predetermined criteria associated with the program being installed, the monitoring program assigning an integrity and/or privacy label to the program being installed that is equal to or less than the integrity and/or privacy label assigned to the monitoring program by the monitor; and
,after the program is installed (“
installed program”
), in response to the installed program seeking to access data or another program on the computer device, or a remote network resource connected to the computer device, the monitor deciding whether to allow access or deny access based on the integrity and/or privacy label assigned to the installed program by the monitoring program.
2 Assignments
0 Petitions
Accused Products
Abstract
At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
41 Citations
20 Claims
-
1. An integrity and privacy protection method for an operating system of a computer device comprising:
-
in response to installing a program on a computer device that includes the operating system, a monitor within the operating system assigning a monitoring program for the program being installed, wherein the monitor assigning an integrity and/or privacy label to the monitoring program that is based on predetermined criteria associated with the program being installed, the monitoring program assigning an integrity and/or privacy label to the program being installed that is equal to or less than the integrity and/or privacy label assigned to the monitoring program by the monitor; and
,after the program is installed (“
installed program”
), in response to the installed program seeking to access data or another program on the computer device, or a remote network resource connected to the computer device, the monitor deciding whether to allow access or deny access based on the integrity and/or privacy label assigned to the installed program by the monitoring program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An integrity and privacy protection method for a computer device that includes an Operating System Reference Monitor (SRM) comprising:
-
initiating on computer device power on the ability of the SRM to assign a monitoring program; in response to receiving a request to install a program on the computer device, the SRM assigning the monitoring program to the program being installed, the monitoring program assigning an integrity and/or privacy label based on the program being installed; the monitoring program assigning an integrity and/or privacy label to the program being installed; the monitoring program monitoring the program being installed after installation to detect requests by the installed program for access to data or another program on the computer device, or a remote network resource connected to the computer device; in response to the monitoring program detecting a request by the installed program for access to the data or another program on the computer device, or the remote network resource connected to the computer device, the SRM determining if the integrity and/or privacy label assigned to the installed program is adequate for the installed program to access the requested data or another program on the computer device, or the remote network resource connected to the computer device. - View Dependent Claims (11)
-
-
12. A computer device including an operating system that includes a monitor for:
-
assigning monitoring programs for monitoring installed programs on the computer device, each monitoring program assigned an integrity and/or privacy label by the monitor based on predetermined criteria, each monitoring program monitoring the operation of a related installed program on the computer device; in response to installing a program on the computer device, assigning a monitoring program for the program being installed and assigning an integrity and/or privacy label to the monitoring program based on the predetermined criteria; monitoring the operation of the program being installed after the program is installed (“
installed program”
) to determine if the installed program is requesting access to data or another program on the computer device, or a remote network resource connected to the computer device; andin response to determining that the installed program is requesting access to the data or another program on the computer device, or the remote network resource connected to the computer device, granting or denying the request based on an integrity and/or privacy label assigned by the monitoring program to the installed program. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification