Evidence-based security policy manager

US 7,051,366 B1
Filed: 06/21/2000
Issued: 05/23/2006
Est. Priority Date: 06/21/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating a permission grant set for a code assembly received from a resource location, the method comprising:

receiving a security policy specification defining a plurality of code groups, each code group being associated with a code-group permission set;

receiving evidence associated with the code assembly;

evaluating the evidence relative to the code groups to determine membership of the code assembly in two or more of the code groups; and

generating the permission grant set by merging two or more code-group permission sets, each code-group permission set of the two or more code-group permission sets being associated with a code group in which the code assembly is a member.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). The policy manager may comprise execution modules for parsing a security policy specification, generating a one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.

Citations

42 Claims

1. A method for generating a permission grant set for a code assembly received from a resource location, the method comprising:
- receiving a security policy specification defining a plurality of code groups, each code group being associated with a code-group permission set;
  
  receiving evidence associated with the code assembly;
  
  evaluating the evidence relative to the code groups to determine membership of the code assembly in two or more of the code groups; and
  
  generating the permission grant set by merging two or more code-group permission sets, each code-group permission set of the two or more code-group permission sets being associated with a code group in which the code assembly is a member.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1 wherein the generating operation comprises:
    - dynamically generating a code-group permission set based on permissions associated with the two or more code groups.
  - 3. The method of claim 1 wherein the generating operation comprises:
    - computing a logical set operation on code-group permission sets associated with the code groups in which the code assembly is a member to generate the permission grant set.
  - 4. The method of claim 3 wherein the computing operation comprises:
    - computing the logical set operation based on order values associated with the code groups.
  - 5. The method of claim 1 wherein the generating operation comprises:
    - computing a union of the code-group permission sets associated with code groups in which the code assembly is a member to generate the permission grant set.
  - 6. The method of claim 1 wherein the security policy specification further defines at least one code group collection associated with the plurality of code groups and the generating operation comprises:
    - selecting a code-group permission set associated with an individual code group of the code group collection in which the code assembly is a member to generate the permission grant set.
  - 7. The method of claim 6 wherein the security policy specification defines the at least one code group collection as a code group hierarchy.
  - 8. The method of claim 6 further comprising:
    - an exclusive property associated with the single code group indicating that the code-group permission set associated with the single code group is to be selected to generate the permission grant set.
  - 9. The method of claim 8 further comprising:
    - an exclusive property associated with the single code group indicating that no code-group permission set associated with a code group existing below the single code group in a code group hierarchy is to be used to generate the permission grant set.
  - 10. The method of claim 1 wherein the security policy specification further defines a policy level associated with the plurality of code groups, and the generating operation comprises:
    - computing a union of the code-group permission sets associated with code groups in which the code assembly is a member to generate a policy-level percussion set; and
      
      generating the permission grant set based on the policy-level permission set.
  - 11. The method of claim 1 wherein the security policy specification further defines at least one code group collection associated with the plurality of code groups and a policy level associated with the at least one code group collection, and the generating operation comprises:
    - selecting a code-group permission set associated with an individual code group of the code group collection in which the code assembly is a member to generate a policy-level permission set; and
      
      generating the permission grant set based on the policy-level permission set.
  - 12. The method of claim 1 wherein the security policy specification further defines a plurality of policy levels, each policy level being associated with the plurality of code groups, and the generating operation comprises:
    - selecting, for each policy level, a code-group permission set associated with an individual code group in the code groups of the policy level in which the code assembly is a member to generate a corresponding policy-level permission set; and
      
      merging the corresponding policy-level permission sets to generate the permission grant set.
  - 13. The method of claim 12 wherein the merging operation comprises:
    - computing an intersection of the corresponding policy-level permission sets associated with each policy level.
  - 14. The method of claim 1 wherein the security policy specification further defines a plurality of policy levels, each policy level being associated with a plurality of code groups, and the generating operation comprises:
    - computing, for each policy level, a union of the code-group permission sets associated with code groups of the policy level in which the code assembly is a member to generate a corresponding policy-level permission set; and
      
      merging the corresponding policy-level permission sets to generate the permission grant set.
  - 15. The method of claim 14 wherein the merging operation comprises:
    - computing an intersection of the corresponding policy-level permission sets associated with each policy level.
  - 16. The method of claim 1 wherein the security policy specification further defines a plurality of ordered policy levels associated with the plurality of code groups, such that a first policy level defines a more restrictive security policy than a second policy level.
  - 17. The method of claim 1 further comprising:
    - extracting from the security policy specification a membership criterion for a code group in the plurality of code groups.
  - 18. The method of claim 17 wherein the evaluating operation comprises:
    - extracting one or more trust characteristics from the evidence;
      
      evaluating the trust characteristics relative to the membership criterion; and
      
      identifying the code assembly as a member of the code group, if the one or more trust characteristics satisfy the membership criterion.
  - 19. The method of claim 1 further comprising:
    - extracting from the security policy specification a code-group permission set for each code group in the plurality of code groups.
  - 20. The method of claim 1 wherein the security policy specification further describes at least one code group hierarchy associated with the plurality of code groups, each code group collection including a parent code group, and further comprising;
    - extracting from the security policy specification a definition of at least one child code group of the parent code group in the at least one code group collection.
  - 21. The method of claim 20 wherein the evaluating operation comprises:
    - determining whether the code assembly is a member of the parent code group; and
      
      determining whether the code assembly is a member of the at least one child code group, if the code assembly is a member of the parent code group.
  - 22. The method of claim 1 further comprising:
    - performing verification on the code assembly;
      
      detecting a verification failure of the code assembly in the operation of performing verification; and
      
      determining based on the permission grant set whether the code assembly may be executed despite the verification failure.
  - 23. The method of claim 1 further comprising:
    - determining based on the permission grant set that a step of a verification process is unnecessary;
      
      communicating to a verification module that the step of the verification process may be bypassed;
      
      performing the verification process on the code assembly with the verification module; and
      
      bypassing the step of the verification process, responsive to the communicating operation.

24. A computer data signal embodied in a carrier wave by a computing system and encoding a computer program for executing a computer process generating a permission grant set for a code assembly received from a resource location, the computer process comprising;
- receiving a security policy specification defining a plurality of code groups, each code group being associated with a code-group permission set;
  
  receiving evidence associated with the code assembly;
  
  evaluating the evidence relative to the code groups to determine membership of the code assembly in two or more of the code groups; and
  
  generating the permission grant set by merging two or more code-group permission sets, each code-group permission set of the two or more code-group permission sets being associated with a code group in which the code assembly is a member.

25. A computer program storage medium readable by a computer system and encoding a computer program for executing a computer process generating a permission grant set for a code assembly received from a resource location, the computer process comprising;
- receiving a security policy specification defining a plurality of code groups, each code group being associated with a code-group permission set;
  
  receiving evidence associated with the code assembly;
  
  evaluating the evidence relative to the code groups to determine membership of the code assembly in two or more of the code groups; and
  
  generating the permission grant set by merging two or more code-group permission sets, each code-group permission set of the two or more code-group permission sets being associated with a code group in which the code assembly is a member.

26. A computer program product encoding a computer program for executing on a computer system a computer process for generating a permission grant set for a code assembly received from a resource location, the code assembly being associated with an evidence set, the computer process comprising:
- receiving a security policy specification defining at least one code group collection having two or more code groups, each code group being associated with code-group permission set;
  
  evaluating the evidence set relative to the code group collection to determine membership of the code assembly in two or more code groups of the code group collection; and
  
  generating the permission grant set by merging two or more code-group permission sets, each code-group permission set of the two or more code-group permission sets being associated with a code group in which the code assembly is a member.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The program product of claim 26 wherein the generating operation comprises:
    - computing a union of the code-group permission sets associated with code groups of the code group collection in which the code assembly is a member to generate the permission grant set.
  - 28. The program product of claim 26 wherein the generating operation comprises:
    - selecting a code-group permission set associated with an individual code group of the code group collection in which the code assembly is a member to generate the permission grant set.
  - 29. The program product of claim 26 wherein the security policy specification further defines a plurality of policy levels associated with the two or more code groups, and the generating operation comprises:
    - computing, for each policy level, a union of the code-group permission sets associated with code groups in which the code assembly is a member to generate a corresponding policy-level permission set; and
      
      generating the permission grant set based on the corresponding policy-level permission set of each policy level.
  - 30. The program product of claim 29 wherein the operation of generating the permission grant set by merging two or more is code-group permission sets further comprises:
    - computing an intersection of the corresponding policy-level permission sets associated with each policy level.
  - 31. The program product of claim 29 wherein the operation of generating the permission grant set by merging two or more code-group permission sets further comprises:
    - computing an intersection of a subset of the corresponding policy-level permission sets.
  - 32. The program product of claim 26 wherein the computer process further comprises:
    - extracting from the security policy specification a membership criterion for a code group in the plurality of code groups.
  - 33. The program product of claim 32 wherein the evaluating operation comprises:
    - extracting one or more trust characteristics from the evidence;
      
      evaluating the trust characteristics relative to the membership criterion; and
      
      identifying the code assembly as a member of the code group, if the trust characteristics satisfy the membership criterion.
  - 34. The program product of claim 26, wherein the computer process further comprises:
    - caching the permission grant set in association with the evidence; and
      
      outputting the permission grant set in response to a subsequent receipt of the evidence without re-evaluating the evidence.

35. A method of verifying a code assembly received from a resource location, the method comprising:
- receiving a security policy specification defining a security policy;
  
  receiving evidence associated with the code assembly;
  
  evaluating the evidence relative to the security policy;
  
  performing verification on the code assembly;
  
  detecting a verification failure of the code assembly in the operation of performing verification; and
  
  determining whether the code assembly may be executed despite the verification failure, responsive to the evaluating operation.
- View Dependent Claims (36, 37, 38, 40, 41, 42)
- - 36. The method of claim 35 wherein the operation of receiving evidence comprises:
    - receiving evidence associated with a class of the code assembly.
  - 37. The method of claim 35 wherein the operation of receiving evidence comprises:
    - receiving evidence associated with a module of the code assembly.
  - 38. The method of claim 35 wherein the operation of receiving evidence comprises:
    - receiving evidence associated with a method of the code assembly.
  - 40. The method of claim 37 wherein the generating operation comprises:
    - generating the permission grant set in association with a module of the code assembly, responsive to the evaluating operation.
  - 41. The method of claim 37 wherein the generating operation comprises:
    - generating the permission grant set in association with a class of the code assembly, responsive to the evaluating operation.
  - 42. The method of claim 37 wherein the generating operation comprises:
    - generating the permission grant set in association with a method of the code assembly, responsive to the evaluating operation.

39. A method of verifying a code assembly received from a resource location, the method comprising:
- receiving a security policy specification defining a security policy;
  
  receiving evidence associated with the code assembly;
  
  evaluating the evidence relative to the security policy;
  
  generating a permission grant set, responsive to the evaluating operation;
  
  determining based on the permission grant set that a step of a verification process is unnecessary;
  
  communicating to a verification module that the step of the verification process may be bypassed;
  
  performing the verification process on the code assembly with the verification module; and
  
  bypassing the step of the verification process, responsive to the communicating operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kohnfelder, Loren M., LaMacchia, Brian A, Fee, Gregory Darrell, Toutonghi, Michael J.
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
GURSHMAN, GRIGORY

Application Number

US09/598,534
Time in Patent Office

2,162 Days
Field of Search

713/201, 726/14, 726/6
US Class Current

726/14
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Evidence-based security policy manager

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Evidence-based security policy manager

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links