CONSISTENT SECURITY ENFORCEMENT FOR SAFER COMPUTING SYSTEMS
First Claim
1. A computer-implemented method of generating one or more consistent security criteria for enforcing security in a consistent manner with respect to:
- (a) execution of first executable computer code effectively supported by an Operating System of a computing system and (b) execution of second computer code effectively supported by a Virtual Computing Environment that can interface with said Operating System, wherein said method comprises;
obtaining input security criterion for enforcement of security in a consistent manner with respect to execution of;
(a) said first executable computer code effectively supported by said Operating System, and (b) said second computer code effectively supported by said Virtual Computing Environment;
generating, based on said input security criterion, at least one consistent security criterion in a computer readable and storable form, thereby allowing said consistent security criterion to be stored in a computer readable storage medium as a consistent security criterion for enforcement of security in a consistent manner with respect to execution effectively supported by said Operating System and said Virtual Computing Environment; and
storing said at least one consistent security criterion in said computer readable storage medium as stored consistent security criterion, thereby allowing said stored consistent security criterion to be effectively provided to said computing system for enforcement of said input security criterion in said consistent manner.
1 Assignment
0 Petitions
Accused Products
Abstract
Security can be enforced in a consistent manner with respect to various computing environments that may be operable in a computing system. Consistent security criteria can be generated, based on input security criterion, in a computer readable and storable form and stored in a computer readable storage medium, thereby allowing the consistent security criterion to be effectively provided to a computing system for enforcement of the input security criterion in a consistent manner with respect to, for example, (a) a first executable computer code effectively supported by an Operating System (OS), and (b) a second computer code effectively supported by the Virtual Computing Environment (VCE). A Trusted Component (TC) can effectively provide a consistent security criterion as a part and/or form that is suitable for a particular computing environment. The TC can, for example, be an automated tool that performs various functions including: verifying the consistency of security criteria, generation and deployment of consistent security criteria, and transformation of security criteria to parts and/or forms suitable for various computing environments. In addition, a Virtual Computing Environment (VCE) can obtain from the Operating System (OS) one or more security criteria. The Virtual Computing Environment (VCE) can be operable in a Trusted Computing Environment (TCE) and interface with a Trusted Operating System (TOS) that effectively enforces Mandatory Access Control (MAC), thereby allowing the Virtual Computing Environment (VCE) to leverage the security provided by the OS. The OS can, for example, be a Security-Enhanced Linux (SELinux) Operating System operating as a Trusted Component in a Trusted Environment that includes a Trusted Security Agent (TSA) operable to deploy consistent security criteria.
-
Citations
29 Claims
-
1. A computer-implemented method of generating one or more consistent security criteria for enforcing security in a consistent manner with respect to:
- (a) execution of first executable computer code effectively supported by an Operating System of a computing system and (b) execution of second computer code effectively supported by a Virtual Computing Environment that can interface with said Operating System, wherein said method comprises;
obtaining input security criterion for enforcement of security in a consistent manner with respect to execution of;
(a) said first executable computer code effectively supported by said Operating System, and (b) said second computer code effectively supported by said Virtual Computing Environment;generating, based on said input security criterion, at least one consistent security criterion in a computer readable and storable form, thereby allowing said consistent security criterion to be stored in a computer readable storage medium as a consistent security criterion for enforcement of security in a consistent manner with respect to execution effectively supported by said Operating System and said Virtual Computing Environment; and storing said at least one consistent security criterion in said computer readable storage medium as stored consistent security criterion, thereby allowing said stored consistent security criterion to be effectively provided to said computing system for enforcement of said input security criterion in said consistent manner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21, 22)
- (a) execution of first executable computer code effectively supported by an Operating System of a computing system and (b) execution of second computer code effectively supported by a Virtual Computing Environment that can interface with said Operating System, wherein said method comprises;
-
20. A computer-implemented method of securing a computing system that includes:
- (a) an Operating System operable to effectively support execution of at least a first executable computer code (b) a Virtual Computing Environment operable to support execution of at least a second computer code, wherein said computer-implemented method comprises;
obtaining a first consistent security criterion for enforcement of a security criterion in a consistent manner with respect to said first executable computer code and second computer code; and enforcing security in said computing system in accordance with said first consistent security criterion, thereby enforcing security in a consistent manner with respect to said first executable computer code and second computer code.
- (a) an Operating System operable to effectively support execution of at least a first executable computer code (b) a Virtual Computing Environment operable to support execution of at least a second computer code, wherein said computer-implemented method comprises;
-
23. A computing system, wherein said computing system includes:
-
an Operating System operable to; support at least a first executable computer code; store a set of security criteria for securing said computing system; and enforce a set of security criteria; and a Virtual Computing Environment operable to; support execution of at least a second computer code; obtain from said Operating System at least one of a set of security criteria; and enforce said at least one security criterion with respect to said second computer code operable to execute in said Virtual Computing Environment. - View Dependent Claims (24, 25, 26, 27)
-
-
28. The computing system 27, wherein said computing environment is further operable to map one or more virtual-computing security labels to one or more operating-system security labels.
-
29. A computer readable storage medium storing in a tangible form at least executable computer code for a Virtual Computing Environment operable to support a Virtual Computing Environment for execution of computer code, wherein said computer readable storage medium includes:
-
executable computer code operable to obtain from an Operating System at least one security criterion that can be effectively enforced by said Operating System with respect to first executable computer code supported by said Operating System; and executable computer code operable to enforce said security criterion with respect to a second computer code operable to execute in said virtual computing environment, thereby effectively enforcing a security criteria that can be enforced by said Operating System.
-
Specification