Evaluating initially untrusted evidence in an evidence-based security policy manager

US 7,131,143 B1
Filed: 06/21/2000
Issued: 10/31/2006
Est. Priority Date: 06/21/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of associating a permission set with a code assembly based on evidence characterized by different levels of trust, the method implemented at least in part by a computing device comprising:

identifying a first condition for association with the permission set, wherein the first condition references a first element of evidence, wherein the first element of evidence is implicitly trusted and wherein the permission set is used to control operation of the code assembly during run-time;

identifying a second condition for association with the permission set, wherein the second condition references a second element of evidence, wherein the second element of evidence is initially untrusted;

determining whether the first condition is satisfied by the first element of evidence;

determining whether the second element of evidence should be trusted based on the first condition;

determining whether the second condition is satisfied by the second element of evidence;

associating the permission set with the code assembly, if both the first condition and the second condition are satisfied;

evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; and

evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies. The policy manager may comprise execution modules for parsing a security policy specification, generating one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.

75 Citations

View as Search Results

19 Claims

1. A method of associating a permission set with a code assembly based on evidence characterized by different levels of trust, the method implemented at least in part by a computing device comprising:
- identifying a first condition for association with the permission set, wherein the first condition references a first element of evidence, wherein the first element of evidence is implicitly trusted and wherein the permission set is used to control operation of the code assembly during run-time;
  
  identifying a second condition for association with the permission set, wherein the second condition references a second element of evidence, wherein the second element of evidence is initially untrusted;
  
  determining whether the first condition is satisfied by the first element of evidence;
  
  determining whether the second element of evidence should be trusted based on the first condition;
  
  determining whether the second condition is satisfied by the second element of evidence;
  
  associating the permission set with the code assembly, if both the first condition and the second condition are satisfied;
  
  evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group; and
  
  evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the operation of receiving a first condition comprises:
    - receiving the first condition and the first element of evidence within a membership criterion.
  - 3. The method of claim 1 wherein the operation of receiving a second condition comprises:
    - receiving the second condition and the second element of evidence within a membership criterion.
  - 4. The method of claim 1 wherein the operation of receiving a first condition comprises:
    - receiving the first condition in a membership criterion; and
      
      receiving the first element of evidence based on a reference included in the membership criterion.
  - 5. The method of claim 1 wherein the operation of receiving a second condition comprises:
    - receiving the second condition in a membership criterion; and
      
      receiving the second element of evidence based on a reference included in the membership criterion.
  - 6. The method of claim 1 further comprising:
    - generating a collection of code groups, each code group being associated with a membership criterion and a permission set, wherein the first condition and the second condition are received in the membership criterion associated with one of the code groups; and
      
      determining whether the code assembly is a member of the code group, based on the membership criterion.
  - 7. The method of claim 6 wherein the associating operation comprises:
    - associating the permission set of the code group with the code assembly, if the code assembly is determined to be a member of the code group.
  - 8. The method of claim 1 further comprising:
    - receiving at least a third condition referencing a third element of evidence, wherein the third element is initially untrusted;
      
      determining whether the third element of evidence should be trusted based on the second condition; and
      
      determining whether the third condition is satisfied by the third element of the evidence, wherein the associating operation comprises associating the permission set with the code assembly, if the first condition, the second condition, and the third condition are satisfied.

9. One or more computer-readable media having instructions that, when executed on one or more processors perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
- generating a collection of code groups, wherein each code group is used to define a category of related code assemblies, each code group being associated with a membership criterion and a permission set used to control operation of the code assembly during run-time;
  
  receiving the membership criterion associated with a parent code group, the membership criterion including at least a first condition and a second condition;
  
  referencing a first element of evidence in the first condition, wherein the first element of evidence is trusted independent of other evidence and conditions;
  
  referencing a second element of evidence in the second condition, wherein the second element of evidence is initially untrusted;
  
  determining whether the first condition is satisfied by the first element of evidence;
  
  determining whether the second element of evidence should be trusted based on the first condition;
  
  determining whether the second condition is satisfied by the second element of evidence;
  
  evaluating the first condition and the second condition using a logical operation to determine membership of the code, assembly in the parent code group;
  
  if the code assembly is a member of the parent code group, evaluating the code assembly against membership criteria of a child code group; and
  
  associating the permission set with the code assembly, if the code assembly is determined to be a member of the parent code group.
- View Dependent Claims (10)
- - 10. One or more computer-readable media according to claim 9 where in the computer process further comprises:
    - receiving at least a third condition referencing a third element of evidence, wherein the third element is initially untrusted;
      
      determining whether the third element of evidence should be trusted based on the second condition; and
      
      determining whether the third condition is satisfied by the third element of evidence, wherein the associating operation comprises associating the permission set with the code assembly, if the first condition, the second condition, and the third condition are satisfied.

11. One or more computer-readable media having computer-executable instructions for performing a method of associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
- receiving a first condition referencing a first element of evidence, wherein the first condition is associated with the permission set and the first element of evidence is trusted independent of other evidence and conditions;
  
  receiving a second condition referencing a second element of evidence, wherein the second condition is associated with the permission set and the second element is initially untrusted;
  
  determining whether the first condition is satisfied by the first element of evidence;
  
  determining whether the second element should be trusted based on the first condition;
  
  determining whether the second condition is satisfied by the second element of evidence;
  
  evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group;
  
  associating the permission set with the code assembly, if both the first and second conditions are satisfied, wherein the permission set is used to control operation of the code assembly during run-time; and
  
  if the code assembly is a member of the parent code group, evaluating the code assembly against membership criteria of a child code group.

12. One or more computer-readable media having instructions that, when executed on one or more computing processors, perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust comprising:
- receiving at least a first condition referencing a first element of evidence, wherein the first condition is associated with the permission set and the first element of evidence is trusted independent of other evidence and conditions;
  
  receiving at least a second condition referencing a second element of evidence, wherein the second condition is associated with the permission set and the second element is initially untrusted;
  
  determining whether the first condition is satisfied by the first element of evidence;
  
  determining whether the second element of evidence should be trusted based on the first condition;
  
  determining whether the second condition is satisfied by the second element of evidence;
  
  associating the permission set with the code assembly, if both the first and second conditions are satisfied, wherein the permission set is used to control operation of the code assembly during run-time; and
  
  evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group, and if a member, evaluating the code assembly against membership criteria of a child code group.

13. A policy manager for associating a permission set with a code assembly based on evidence characterized by different levels of trust, the policy manager implemented by one or more computing devices comprising:
- a code collection generator generating a collection of code groups, wherein each code group is used to define a category of related code assemblies, each code group being associated with the membership criterion and a permission set used to control operation of the code assembly during run-time;
  
  a membership evaluator determining if the code assembly is a member of a parent said code group by evaluating at least a first condition and a second condition associated with the parent said code group, and if so, evaluating membership of the code assembly in a child said code group, the first condition referencing an implicitly trusted first element of evidence;
  
  the second condition referencing an initially untrusted second element of evidence, wherein a determination of trust associated with the second element of evidence is based on the first condition; and
  
  a permission set generator associating the permission set of the parent said code group with the code assembly, if the code assembly is determined to be a member of the parent said code group.
- View Dependent Claims (14)
- - 14. The policy manager of claim 13 wherein the membership evaluator further receives at least a third condition referencing an initially untrusted third element of evidence, wherein the third condition is associated with the permission set and a determination of trust associated with the third element of evidence is dependent upon the second condition, and determines whether the third condition is satisfied by the third element of evidence, andwherein the permission set generator associates the permission set with the code assembly, if the first condition, the second conditioned, and the third conditions are satisfied.

15. One or more computer-readable media having instructions that, when executed on one or more processors, perform a process for associating a permission set with a code assembly based on evidence characterized by different levels of trust, the computer process comprising:
- receiving one or more first conditions, each first condition being associated with one or more first elements of evidence, wherein each first condition is associated with the permission set used to control operation of the code assembly during run-time;
  
  determining whether each first condition is satisfied by an associated first element of evidence;
  
  generating an indication for each first condition that is satisfied;
  
  receiving a second condition associated with the permission set;
  
  determining whether the second condition is satisfied based on the indications, wherein a level of trust associated with the indications depends upon a first condition of the one or more first conditions;
  
  evaluating the first condition and the second condition using a logical operation to determine membership of the code assembly in a parent code group;
  
  evaluating the code assembly against membership criteria of a child code group if the code assembly is a member of the parent code group; and
  
  associating the permission set with the code assembly, if both the first condition in the second condition are satisfied.
- View Dependent Claims (16, 17, 18, 19)
- - 16. One or more computer-readable media according to claim 15 wherein the indication is associated with a first value associated with the first condition, and the operation of determining whether the second condition is satisfied comprises:
    - collecting the first value and additional values associated with other satisfied conditions to provide collected values;
      
      summing the collected values to provide a sum; and
      
      evaluating the sum against a threshold to determine whether the second condition is satisfied.
  - 17. One or more computer-readable media according to claim 15 wherein at least one first element of evidence includes initially untrusted evidence.
  - 18. One or more computer-readable media according to claims 15 wherein at least one indication includes initially untrusted evidence.
  - 19. One or more computer-readable media according to claim 15 wherein the computer process further comprises:
    - generating an indication for each first condition that is not satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
LaMacchia, Brian A., Kohnfelder, Loren M., Fee, Gregory Darrell
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
KIM, JUNG W

Application Number

US09/598,814
Time in Patent Office

2,323 Days
Field of Search

713/200, 713/201, 709/225, 726/27, 726/30
US Class Current

726/30
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/53 by executing in a restricte...

Evaluating initially untrusted evidence in an evidence-based security policy manager

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Evaluating initially untrusted evidence in an evidence-based security policy manager

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links