Methods and systems for providing a secure application environment using derived user accounts

US 7,191,469 B2
Filed: 06/14/2002
Issued: 03/13/2007
Est. Priority Date: 05/13/2002
Status: Active Grant

First Claim

Patent Images

1. A method of creating a secure application execution environment in a computer system comprising at least one resource, wherein access to the resource is governed by a concurrently executing user account, the method comprising:

determining if the at least one resource is within the secure application execution environment; and

,if the at least one resource is within the secure application execution environment,determining a transformation rule for the at least one resource based on the user account; and

handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure application environment (“SAE”) may be created by using derivation transformations (“DTs”) to create a derived user account (“DUA”) based on the original user account (“OUA”). An SAE may be created by selecting for each resource whose access is controlled by the OUA a DT that provides security for that resource without, whenever possible, reducing the functionality of the system as a whole, and creating a means for accessing a version of each resource based on the selected DT that may be accessed by an insecure actor.

Citations

69 Claims

1. A method of creating a secure application execution environment in a computer system comprising at least one resource, wherein access to the resource is governed by a concurrently executing user account, the method comprising:
- determining if the at least one resource is within the secure application execution environment; and
  
  ,if the at least one resource is within the secure application execution environment,determining a transformation rule for the at least one resource based on the user account; and
  
  handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising:
    - if the at least one resource is not within the secure application execution environment, handling a request to access the at least one resource based on the user account.
  - 3. The method of claim 1, comprising,if the at least one resource is not within the secure application execution environment, adding the resource to the secure application execution environment.
  - 4. The method of claim 3, wherein adding the resources to the secure application execution environment comprises:
    - dynamically determining a transformation rule for the at least one resource based on the user account and resource type.
  - 5. The method of claim 4, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of a request to access the at least one resource.
  - 6. The method of claim 1, wherein the transformation rule specifies to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 7. The method of claim 1, wherein the transformation rule assigns a unique identifier to a copy of the at least one resource and specifics to access the copied resource in place of the at least one resource.
  - 8. The method of claim 1, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 9. The method of claim 1, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 10. The method of claim 1, wherein determining if the at least one resource is within the secure application execution environment comprises determining if the requested resource exists in a list and wherein handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource comprises accessing the at least one resource if the at least one resource exists in the list.

11. A method of creating a secure application execution environment in a computer system that allows access to resources based on a concurrently executing user account, the method comprising:
- receiving a request to access a resource, to which access is governed by the user account, the request specifying the requested resource and an access type;
  
  dynamically determining a transformation rule for the requested resource based on the access type; and
  
  handling the request to access the resource in accordance with the transformation rule.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of request to access the at least one resource.
  - 13. The method of claim 11, wherein the transformation rule specifies to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 14. The method of claim 11, wherein the transformation rule assigns a unique identifier to a version of the at least one resource and specifies to access the version of the at least one resource instead of the at least one resource.
  - 15. The method of claim 11, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 16. The method of claim 11, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 17. The method of claim 11, wherein determining the transformation rule comprises determining if the requested resource exists in a list and wherein handling the request to access the resource comprises accessing the requested resource if the requested resource exists in the list.

18. A method for creating a secure application execution environment in a computer system comprising at least one resource, the method comprising:
- generating a concurrently executing user account associated with the secure application execution environment, the user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein accessing the requested access to the resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable comprises:
    - granting the requested access to the resource based on the derivation transformation associated with one of the at least one resources, if the requested resource matches one of the at least one resources in the user account.

20. A method of handling a request to access a resource in a computer system or network of computers, the method comprising:
- generating a table comprising window handles that are valid within a concurrently executing secure application execution environment;
  
  intercepting a system call comprising a window handle representing a resource that a user wishes to access;
  
  determining if the window handle exists in the table;
  
  granting access to the resource, if the window handle exists in the table; and
  
  refusing access if the window handle does not exist in the table.

21. A method for creating a secure application execution environment in a computer system comprising at least one resource, the method comprising:
- generating a concurrently executing first user account associated with the secure application execution environment, the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  generating a concurrently executing second user account based on the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the first user account, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.

22. A method for creating a secure application execution environment in a computer system comprising at least one resource, the method comprising:
- generating at least one concurrently executing user account associated with the secure application execution environment, the at least one user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  intercepting a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  if the requested resource is within the secure application execution environment,modifying the request based on the derivation transformation associated with the requested resource; and
  
  performing the modified request; and
  
  if the requested resource is not within the secure application execution environment, rejecting the request.
- View Dependent Claims (23)
- - 23. The method of claim 22, wherein rejecting the request comprises one of returning an error message, ignoring the request, or performing a substitute request.

24. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  determining if the at least one resource is within the secure application execution environment; and
  
  ,if the at least one resource is within the secure application execution environment,determining a transformation rule for the at least one resource based on a concurrently executing user account; and
  
  handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The apparatus of claim 24, the at least one processor further configured to perform the operation of:
    - if the at least one resource is not within the secure application execution environment, handling a request to access the at least one resource based on the user account.
  - 26. The apparatus of claim 24, the at least one processor further configured to perform the operation of:
    - if the at least one resource is not within the secure application execution environment, adding the resource to the secure application execution environment.
  - 27. The apparatus of claim 26, wherein adding the resources to the secure application execution environment comprises:
    - dynamically determining a transformation rule for the at least one resource based on the user account and resource type.
  - 28. The apparatus of claim 27, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of request to access the at least one resource.
  - 29. The apparatus of claim 24, wherein the transformation rule specifies to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 30. The apparatus of claim 24, wherein the transformation rule assigns a unique identifier to a copy of the at least one resource and specifies to access the copied resource in place of the at least one resource.
  - 31. The apparatus of claim 24, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 32. The apparatus of claim 24, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 33. The apparatus of claim 24, wherein determining if the at least one resource is within the secure application execution environment comprises determining if the requested resource exists in a list and wherein handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource comprises accessing the at least one resource if the at least one resource exists in the list.

34. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  receiving a request to access a resource to which access is governed by a concurrently executing user account, the request specifying the requested resource and an access type;
  
  dynamically determining a transformation rule for the requested resource based on the access type; and
  
  handling the request to access the resource in accordance with the transformation rule.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The apparatus of claim 34, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of request to access the at least one resource.
  - 36. The apparatus of claim 34, wherein the transformation rule specifies to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 37. The apparatus of claim 34, wherein the transformation rule assigns a unique identifier to a version of the at least one resource and specifies to access the version of the at least one resource instead of the at least one resource.
  - 38. The apparatus of claim 34, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 39. The apparatus of claim 34, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 40. The apparatus of claim 34, wherein determining the transformation rule comprises determining if the requested resource exists in a list and wherein handling the request to access the resource comprises accessing the requested resource if the requested resource exists in the list.

41. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  generating a concurrently executing user account associated with the secure application execution environment, the user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.
- View Dependent Claims (42)
- - 42. The apparatus of claim 41, wherein accessing the requested access to the resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable comprises:
    - granting the requested access to the resource based on the derivation transformation associated with one of the at least one resources, if the requested resource matches one of the at least one resources in the user account.

43. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  generating a table comprising window handles that are valid within a concurrently executing secure application execution environment;
  
  intercepting a system call comprising a window handle representing a resource that a user wishes to access;
  
  determining if the window handle exists in the table;
  
  granting access to the resource, if the window handle exists in the table; and
  
  refusing access if the window handle does not exist in the table.

44. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  generating a concurrently executing first user account associated with the secure application execution environment, the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  generating a concurrently executing second user account based on the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the first user account, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.

45. An apparatus comprising:
- at least one memory having program instructions to execute an operating system; and
  
  at least one processor configured to execute the program instructions to perform the operations of;
  
  generating at least one concurrently executing user account associated with the secure application execution environment, the at least one user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  intercepting a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  if the requested resource is within the secure application execution environment, modifying the request based on the derivation transformation associated with the requested resource; and
  
  performing the modified request; and
  
  if the requested resource is not within the secure application execution environment, rejecting the request.
- View Dependent Claims (46)
- - 46. The apparatus of claim 45, wherein rejecting the request comprises one of returning an error message, ignoring the request, or performing a substitute request.

47. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- determining if the at least one resource is within the secure application execution environment; and
  
  ,if the at least one resource is within the secure application execution environment, determining a transformation rule for the at least one resource based on a concurrently executing user account; and
  
  handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource.
- View Dependent Claims (48, 49, 50, 51)
- - 48. The medium of claim 47, comprising:
    - if the at least one resource is not within the secure application execution environment, handling a request to access the at least one resource based on the user account.
  - 49. The medium of claim 47, comprising,if the at least one resource is not within the secure application execution environment, adding the resource to the secure application execution environment.
  - 50. The medium of claim 49, wherein adding the resources to the secure application execution environment comprises:
    - dynamically determining a transformation rule for the at least one resource based on the user account and resource type.
  - 51. The medium of claim 50, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of request to access the at least one resource.

52. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- receiving a request to access a resource to which access is governed by a concurrently executing user account, the request specifying the requested resource and an access type;
  
  dynamically determining a transformation rule for the requested resource based on the access type; and
  
  handling the request to access the resource in accordance with the transformation rule.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 53. The medium of claim 52, wherein dynamically determining a transformation rule for the at least one resource comprises:
    - determining a transformation rule for the at least one resource based on the user account, resource type, and context of request to access the at least one resource.
  - 54. The medium of claim 52, wherein the transformation rule specifics to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 55. The medium of claim 52, wherein the transformation rule assigns a unique identifier to a version of the at least one resource and specifies to access the version of the at least one resource instead of the at least one resource.
  - 56. The medium of claim 52, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 57. The medium of claim 52, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 58. The medium of claim 52, wherein determining the transformation rule comprises determining if the requested resource exists in a list and wherein handling the request to access the resource comprises accessing the requested resource if the requested resource exists in the list.
  - 59. The medium of claim 52, wherein the transformation rule specifies to copy at least some of the at least one resource to a new location relative to a root of the hierarchical namespace and access the copied resource in place of the at least one resource.
  - 60. The medium of claim 52, wherein the transformation rule assigns a unique identifier to a copy of the at least one resource and specifies to access the copied resource in place of the at least one resource.
  - 61. The medium of claim 52, wherein the transformation rule redirects a request to access the at least one resource to a substitute resource.
  - 62. The medium of claim 52, wherein the transformation rule specifies to mask some or all of the at least one resource and access the masked resource in place of the at least one resource.
  - 63. The medium of claim 52, wherein determining if the at least one resource is within the secure application execution environment comprises determining if the requested resource exists in a list and wherein handling a request to access the at least one resource in accordance with the transformation rule for the at least one resource comprises accessing the at least one resource if the at least one resource exists in the list.

64. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- generating a concurrently executing user account associated with the secure application execution environment, the user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.
- View Dependent Claims (65)
- - 65. The medium of claim 64, wherein accessing the requested access to the resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable comprises:
    - granting the requested access to the resource based on the derivation transformation associated with one of the at least one resources, if the requested resource matches one of the at least one resources in the user account.

66. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- generating a table comprising window handles that are valid within a concurrently executing secure application execution environment;
  
  intercepting a system call comprising a window handle representing a resource that a user wishes to access;
  
  determining if the window handle exists in the table;
  
  granting access to the resource, if the window handle exists in the table; and
  
  refusing access if the window handle does not exist in the table.

67. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- generating a concurrently executing first user account associated with the secure application execution environment, the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  generating a concurrently executing second user account based on the first user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the first user account, at least one allowed access type and at least one derivation transformation;
  
  receiving a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  accessing the requested resource based on the derivation transformation associated with the one of the at least one matching resources, if the requested access is allowable.

68. A computer-readable medium containing instructions for controlling an operating system to perform a method comprising:
- generating at least one concurrently executing user account associated with the secure application execution environment, the at least one user account comprising at least one resource within the secure application execution environment and, for each of the at least one resources in the secure application execution environment, at least one allowed access type and at least one derivation transformation;
  
  intercepting a request to access a resource, the request specifying the requested resource and a requested access type; and
  
  if the requested resource is within the secure application execution environment, modifying the request based on the derivation transformation associated with the requested resource; and
  
  performing the modified request; and
  
  if the requested resource is not within the secure application execution environment, rejecting the request.
- View Dependent Claims (69)
- - 69. The medium of claim 68, wherein rejecting the request comprises one of returning an error message, ignoring the request, or performing a substitute request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Green Border Technologies, Inc. (Alphabet Inc.)
Inventors
Erlingsson, Ulfar
Primary Examiner(s)
Smithers; Matthew

Application Number

US10/170,591
Publication Number

US 20030233544A1
Time in Patent Office

1,733 Days
Field of Search

726/29, 726/30, 726/27
US Class Current

726/27
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Methods and systems for providing a secure application environment using derived user accounts

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

69 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing a secure application environment using derived user accounts

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

69 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links