PROGRAM-BASED AUTHORIZATION
9 Assignments
0 Petitions
Accused Products
Abstract
Techniques which allow definition and enforcement of program-based action authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the program file indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.
158 Citations
34 Claims
-
1-14. -14. (canceled)
-
15. A method, comprising:
-
intercepting a file system action attempt, which is associated with an action relating to a file in a computer system; determining a program file for which the file system action attempt is directed; allowing the action to proceed if it is authorized by an authorization policy, wherein a first set of attributes is identified as being associated with the action, the first set of attributes including an action type and a request type; and blocking the action when it is not authorized by the authorization policy and when the computer system is operating in a first mode, wherein the computer system includes a second mode that is configured to allow the action when it is not authorized according to the authorization policy. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. Logic encoded in non-transitory tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
intercepting a file system action attempt, which is associated with an action relating to a file in a computer system; determining a program file for which the file system action attempt is directed; allowing the action to proceed if it is authorized by an authorization policy, wherein a first set of attributes is identified as being associated with the action, the first set of attributes including an action type and a request type; and blocking the action when it is not authorized by the authorization policy and when the computer system is operating in a first mode, wherein the computer system includes a second mode that is configured to allow the action when it is not authorized according to the authorization policy. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A computer system, comprising:
-
a processor; and a memory, wherein the computer system is configured for; intercepting a file system action attempt, which is associated with an action relating to a file in a computer system; determining a program file for which the file system action attempt is directed; allowing the action to proceed if it is authorized by an authorization policy, wherein a first set of attributes is identified as being associated with the action, the first set of attributes including an action type and a request type; and blocking the action when it is not authorized by the authorization policy and when the computer system is operating in a first mode, wherein the computer system includes a second mode that is configured to allow the action when it is not authorized according to the authorization policy. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification