Methods and apparatus providing security for multiple operational states of a computerized device
First Claim
1. A method for controlling security during operation of a computerized device, the method comprising:
- enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;
detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;
in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state;
wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and
in response to an end-installation event, re-enforcing the non-installation security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A system controls security during operation of a computerized device by enforcing a first security policy during first operational state of the computerized device. Enforcement of the first security policy provides a first level access to resources within the computerized device by processes operating in the computerized device. The system detects a transition operation of the computerized device that occurs during enforcement of the first security policy indicating that operation of the computerized device is transitioning from the first operational state to a second operational state and in response, enforces a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state. This can be repeated for many different states including boot time, normal runtime, installation, shutdown, and a compromised state.
-
Citations
24 Claims
-
1. A method for controlling security during operation of a computerized device, the method comprising:
-
enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device; detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state; in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state; wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device; wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device; wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and in response to an end-installation event, re-enforcing the non-installation security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer readable medium including computer program logic instruction encoded thereon, that when executed on a processor in a computerized device, causes the computerized device to perform the operations of:
-
enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device; detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state; in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state; wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device; wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device; wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and in response to an end-installation event, re-enforcing the non-installation security policy.
-
-
15. A computerized device, comprising:
-
a memory configured to store one or more security policies; a processor; a communications interface configured to couple to a network; an interconnection mechanism coupling the memory, the processor and the communications interface; and a security agent to control; enforcing a first security policy during a first operational state of the computerized device, where enforcing the first security policy provides a first level of access to resources in the computerized device by processes operating in the computerized device, where the first security policy is stored in the memory; placing the computerized device in a monitoring state to monitor for a transition operation; switching, in response to detecting a transition operation, to enforcing a second security policy corresponding to a second operational state associated with the transition operation, wherein the second security policy corresponding to the second operational state provides a custom level of access to the resources in the computerized device based, at least in part, on the transition operation, wherein the second security policy is stored in the memory; returning to the monitoring state subsequent to transitioning to the second security policy; wherein enforcing the first security policy comprises enforcing a non-installation security policy during a non- installation operational state of the computerized device, and wherein enforcement of the non-installation security policy provides non-installation level access to resources in the computerized device by processes operating in the computerized device; wherein detecting the transition operation comprises detecting an installation operation in the computerized device during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device; wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources in the computerized device during the installation operation, in response to detection of the installation operation; and in response to detecting an end-installation transition operation, switching to enforcing the non-installation security policy. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification