Evaluating initially untrusted evidence in an evidence-based security policy manager
First Claim
1. A method of associating a permission set with a code assembly based on evidence characterized by different levels of trust, the method implemented at least in part by a computing device comprising:
- identifying a first condition for association with the permission set, wherein the first condition references a first element of evidence, wherein the first element of evidence is implicitly trusted and wherein the permission set is used to control operation of the code assembly during run-time;
identifying a second condition for association with the permission set, wherein the second condition references a second element of evidence, wherein the second element of evidence is initially untrusted;
determining whether the first condition is satisfied by the first element of evidence;
determining whether the second element of evidence should be trusted based on the first condition;
determining whether the second condition is satisfied by the second element of evidence;
associating the permission set with the code assembly, if both the first condition and the second condition are satisfied;
evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; and
evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group.
2 Assignments
0 Petitions
Accused Products
Abstract
An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies. The policy manager may comprise execution modules for parsing a security policy specification, generating one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.
75 Citations
19 Claims
-
1. A method of associating a permission set with a code assembly based on evidence characterized by different levels of trust, the method implemented at least in part by a computing device comprising:
-
identifying a first condition for association with the permission set, wherein the first condition references a first element of evidence, wherein the first element of evidence is implicitly trusted and wherein the permission set is used to control operation of the code assembly during run-time; identifying a second condition for association with the permission set, wherein the second condition references a second element of evidence, wherein the second element of evidence is initially untrusted; determining whether the first condition is satisfied by the first element of evidence; determining whether the second element of evidence should be trusted based on the first condition; determining whether the second condition is satisfied by the second element of evidence; associating the permission set with the code assembly, if both the first condition and the second condition are satisfied; evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; and evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer-readable media having instructions that, when executed on one or more processors perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
-
generating a collection of code groups, wherein each code group is used to define a category of related code assemblies, each code group being associated with a membership criterion and a permission set used to control operation of the code assembly during run-time; receiving the membership criterion associated with a parent code group, the membership criterion including at least a first condition and a second condition; referencing a first element of evidence in the first condition, wherein the first element of evidence is trusted independent of other evidence and conditions; referencing a second element of evidence in the second condition, wherein the second element of evidence is initially untrusted; determining whether the first condition is satisfied by the first element of evidence; determining whether the second element of evidence should be trusted based on the first condition; determining whether the second condition is satisfied by the second element of evidence; evaluating the first condition and the second condition using a logical operation to determine membership of the code, assembly in the parent code group; if the code assembly is a member of the parent code group, evaluating the code assembly against membership criteria of a child code group; and associating the permission set with the code assembly, if the code assembly is determined to be a member of the parent code group. - View Dependent Claims (10)
-
-
11. One or more computer-readable media having computer-executable instructions for performing a method of associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
-
receiving a first condition referencing a first element of evidence, wherein the first condition is associated with the permission set and the first element of evidence is trusted independent of other evidence and conditions; receiving a second condition referencing a second element of evidence, wherein the second condition is associated with the permission set and the second element is initially untrusted; determining whether the first condition is satisfied by the first element of evidence; determining whether the second element should be trusted based on the first condition; determining whether the second condition is satisfied by the second element of evidence; evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; associating the permission set with the code assembly, if both the first and second conditions are satisfied, wherein the permission set is used to control operation of the code assembly during run-time; and if the code assembly is a member of the parent code group, evaluating the code assembly against membership criteria of a child code group.
-
-
12. One or more computer-readable media having instructions that, when executed on one or more computing processors, perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
-
receiving at least a first condition referencing a first element of evidence, wherein the first condition is associated with the permission set and the first element of evidence is trusted independent of other evidence and conditions; receiving at least a second condition referencing a second element of evidence, wherein the second condition is associated with the permission set and the second element is initially untrusted; determining whether the first condition is satisfied by the first element of evidence; determining whether the second element of evidence should be trusted based on the first condition; determining whether the second condition is satisfied by the second element of evidence; associating the permission set with the code assembly, if both the first and second conditions are satisfied, wherein the permission set is used to control operation of the code assembly during run-time; and evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group, and if a member, evaluating the code assembly against membership criteria of a child code group.
-
-
13. A policy manager for associating a permission set with a code assembly based on evidence characterized by different levels of trust, the policy manager implemented by one or more computing devices comprising:
-
a code collection generator generating a collection of code groups, wherein each code group is used to define a category of related code assemblies, each code group being associated with the membership criterion and a permission set used to control operation of the code assembly during run-time; a membership evaluator determining if the code assembly is a member of a parent said code group by evaluating at least a first condition and a second condition associated with the parent said code group, and if so, evaluating membership of the code assembly in a child said code group, the first condition referencing an implicitly trusted first element of evidence;
the second condition referencing an initially untrusted second element of evidence, wherein a determination of trust associated with the second element of evidence is based on the first condition; anda permission set generator associating the permission set of the parent said code group with the code assembly, if the code assembly is determined to be a member of the parent said code group. - View Dependent Claims (14)
-
-
15. One or more computer-readable media having instructions that, when executed on one or more processors, perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust, the computer process comprising:
-
receiving one or more first conditions, each first condition being associated with one or more first elements of evidence, wherein each first condition is associated with the permission set used to control operation of the code assembly during run-time; determining whether each first condition is satisfied by an associated first element of evidence; generating an indication for each first condition that is satisfied; receiving a second condition associated with the permission set; determining whether the second condition is satisfied based on the indications, wherein a level of trust associated with the indications depends upon a first condition of the one or more first conditions; evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group; and associating the permission set with the code assembly, if both the first condition in the second condition are satisfied. - View Dependent Claims (16, 17, 18, 19)
-
Specification