System and method for executing interactive applications with minimal privileges
First Claim
1. A method for providing secure access to applications, the method comprising:
- (a) receiving a request, from a client system accessed by a user, to execute an application on a server;
(b) determining, by a policy system executing on the server and responsive to receiving the request, a minimal set of computing privileges necessary for the user to use the requested application based in part on an analysis of application requirements;
(c) invoking an execution environment, executing on the server for the user, having the determined set of privileges;
(d) returning an identifier associated with the invoked execution environment to the user; and
(e) connecting, via a remote presentation protocol, the user to the execution environment using the identifier.
8 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user'"'"'s privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user'"'"'s role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution environment has been made, the execution environment is created and provisioned or a pre-existing execution environment possessing the requisite privileges is identified and the remote user is logged into the server-side account. The application-specific accounts may be audited by audit trail tools that provide evidence of policy enforcement.
-
Citations
20 Claims
-
1. A method for providing secure access to applications, the method comprising:
-
(a) receiving a request, from a client system accessed by a user, to execute an application on a server; (b) determining, by a policy system executing on the server and responsive to receiving the request, a minimal set of computing privileges necessary for the user to use the requested application based in part on an analysis of application requirements; (c) invoking an execution environment, executing on the server for the user, having the determined set of privileges; (d) returning an identifier associated with the invoked execution environment to the user; and (e) connecting, via a remote presentation protocol, the user to the execution environment using the identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An application server system providing secure access to hosted applications, the system comprising:
-
a policy based decision system receiving a request from a user to execute an application and determining a minimal set of privileges required by the user to execute the application based in part on an analysis of application requirements; an account administration service communicating with said policy based decision system, the account administration service invoking an execution environment, for the user, having the determined set of privileges; and a connection manager communicating with the policy based decision system and with a client via a presentation level protocol, the connection manager transmitting an identification of the user and an identification of the application to the policy based decision system responsive to receiving a request from the user of the client to execute the application. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification