System and method for executing interactive applications with minimal privileges

US 7,587,755 B2
Filed: 07/02/2004
Issued: 09/08/2009
Est. Priority Date: 07/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to applications, the method comprising:

(a) receiving a request, from a client system accessed by a user, to execute an application on a server;

(b) determining, by a policy system executing on the server and responsive to receiving the request, a minimal set of computing privileges necessary for the user to use the requested application based in part on an analysis of application requirements;

(c) invoking an execution environment, executing on the server for the user, having the determined set of privileges;

(d) returning an identifier associated with the invoked execution environment to the user; and

(e) connecting, via a remote presentation protocol, the user to the execution environment using the identifier.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user'"'"'s privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user'"'"'s role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution environment has been made, the execution environment is created and provisioned or a pre-existing execution environment possessing the requisite privileges is identified and the remote user is logged into the server-side account. The application-specific accounts may be audited by audit trail tools that provide evidence of policy enforcement.

67 Citations

View as Search Results

20 Claims

1. A method for providing secure access to applications, the method comprising:
- (a) receiving a request, from a client system accessed by a user, to execute an application on a server;
  
  (b) determining, by a policy system executing on the server and responsive to receiving the request, a minimal set of computing privileges necessary for the user to use the requested application based in part on an analysis of application requirements;
  
  (c) invoking an execution environment, executing on the server for the user, having the determined set of privileges;
  
  (d) returning an identifier associated with the invoked execution environment to the user; and
  
  (e) connecting, via a remote presentation protocol, the user to the execution environment using the identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein step (a) further comprises receiving a HTTP-based request from the user to execute an application.
  - 3. The method of claim 1 wherein analyzing application requirements further comprises analyzing requirements of the application executing on the server.
  - 4. The method of claim 1 further comprising receiving an indication of a dataset on which the application operates.
  - 5. The method of claim 4 wherein step (b) further comprises accessing a confidentiality policy associated with the identified dataset to determine a minimal set of computing privileges necessary for the user to use the requested application.
  - 6. The method of claim 1 wherein step (b) further comprises determining a minimal set of computing privileges necessary for the user to use the requested application based, at least in part, on a role assigned to the user.
  - 7. The method of claim 1 wherein step (c) further comprises creating an execution environment for the user having the determined set of privileges.
  - 8. The method of claim 1 wherein step (c) further comprises identifying a previously-existing execution environment for the user having the determined set of privileges.
  - 9. The method of claim 1 further comprising receiving from the user a request to execute a second application.
  - 10. The method of claim 7 further comprising:
    - determining a minimal set of computing privileges necessary for the user to use the second requested application; and
      
      invoking a second execution environment, for the user, having the second determined set of privileges.
  - 11. The method of claim 1 further comprising initiating a connection with the client system.

12. An application server system providing secure access to hosted applications, the system comprising:
- a policy based decision system receiving a request from a user to execute an application and determining a minimal set of privileges required by the user to execute the application based in part on an analysis of application requirements;
  
  an account administration service communicating with said policy based decision system, the account administration service invoking an execution environment, for the user, having the determined set of privileges; and
  
  a connection manager communicating with the policy based decision system and with a client via a presentation level protocol, the connection manager transmitting an identification of the user and an identification of the application to the policy based decision system responsive to receiving a request from the user of the client to execute the application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12 wherein said presentation-level protocol is selected from the group consisting of RDP, ICA, and X.
  - 14. The system of claim 12 wherein said connection manager transmits an identification of the user'"'"'s role to said policy based decision system.
  - 15. The system of claim 12 wherein said policy-based decision system is based on a declared plurality of rules.
  - 16. The system of claim 12 wherein said policy-based decision system analyzes a set of requirements of the requested application to determine a minimal set of privileges required by the user to execute the requested application.
  - 17. The system of claim 12 wherein said connection manager receives an identification of a dataset that the application will process.
  - 18. The system of claim 13 wherein said policy based decision system accesses a confidentiality policy associate with the identified dataset to determine a minimal set of privileges required by the user to execute the application.
  - 19. The system of claim 12 wherein said account administration service creates an execution environment having the determined minimal set of privileges.
  - 20. The system of claim 12 wherein said account administration service identifies a previously-existing execution environment having the determined minimal set of privileges.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kramer, Andre
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lemma; Samson B

Application Number

US10/710,350
Publication Number

US 20060015740A1
Time in Patent Office

1,894 Days
Field of Search

726/5, 726/3, 726/1, 726/4, 713/182, 713/164, 707/9
US Class Current

726/4
CPC Class Codes

G06F 21/52 during program execution, e...

System and method for executing interactive applications with minimal privileges

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for executing interactive applications with minimal privileges

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links