Managing the risk of executing a software process using a capabilities assessment and a policy
First Claim
1. A method for managing the risk of executing a software process bya.) in response to a request from a user or a software process X to execute a software process Y on a virtual machine, such process Y having access to a plurality of resources, such resources being any item under control of a virtual machine, said process Y consisting of a series of one or more instructions to be executed by a virtual machine, reading the instructions that define process Y,b.) determining the capabilities of process Y, such capabilities being defined in the context of a virtual machine, each capability being defined by one or more instructions,c.) reading a policy P containing a list of potential capabilities available for a virtual machine and corresponding procedures to be followed for each capability,d.) comparing capabilities with policy P to determine which procedures are applicable,e.) and performing said procedures before process Y is executed,whereby enabling a user to manage the risk of executing a software process.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing the risk of executing a software process on a computer by programmatically determining the capabilities of the software process before it executes and determining whether these capabilities are authorized within an access control policy. The capabilities define what functions a software process can perform in the context of a virtual machine. The method comprises the steps of assessing the software process to determine what capabilities it possesses, maintaining one or more policies which list potential capabilities and corresponding authorizations for one or more contexts, and a unit for comparing the software process capabilities with a policy.
-
Citations
15 Claims
-
1. A method for managing the risk of executing a software process by
a.) in response to a request from a user or a software process X to execute a software process Y on a virtual machine, such process Y having access to a plurality of resources, such resources being any item under control of a virtual machine, said process Y consisting of a series of one or more instructions to be executed by a virtual machine, reading the instructions that define process Y, b.) determining the capabilities of process Y, such capabilities being defined in the context of a virtual machine, each capability being defined by one or more instructions, c.) reading a policy P containing a list of potential capabilities available for a virtual machine and corresponding procedures to be followed for each capability, d.) comparing capabilities with policy P to determine which procedures are applicable, e.) and performing said procedures before process Y is executed, whereby enabling a user to manage the risk of executing a software process.
-
6. A programmable apparatus for managing the risk of executing a software process, comprising:
-
a) a data reader that in response to a request from a user or a software process X to execute a software process Y on a virtual machine, such process Y having access to a plurality of resources, such resources being any item under control of a virtual machine, said process Y consisting of a series of one or more instructions to be executed by a virtual machine, reads the instructions that define process Y, b) a capabilities assessor that determines the capabilities of process Y, such capabilities being defined in the context of a virtual machine, each capability being defined by one or more instructions, c) a communications mechanism that provides information to a user or process, d) a policy enforcer that reads a policy, such policy containing a list of potential capabilities available for a particular virtual machine and corresponding procedures to be followed for each capability, and compares said capabilities with said policy to determine which procedures are applicable, and performing said procedures before process Y is executed, whereby enabling a user to manage the risk of executing a software process. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for managing the risk of executing a software process by
a) reading the instructions that make up software process Y, b) determining the capabilities expressed by said instructions, c) reading a policy P containing a list of potential capabilities available for a virtual machine and corresponding procedures to be followed for each capability, d) comparing capabilities with policy P, to determine which procedures are applicable e) and performing said procedures before process Y is executed, whereby enabling a user to manage the risk of executing a software process.
Specification