Methods and apparatus providing security for multiple operational states of a computerized device

US 7,681,226 B2
Filed: 01/28/2005
Issued: 03/16/2010
Est. Priority Date: 01/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method for controlling security during operation of a computerized device, the method comprising:

enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;

detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;

in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state;

wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;

wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;

wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and

in response to an end-installation event, re-enforcing the non-installation security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system controls security during operation of a computerized device by enforcing a first security policy during first operational state of the computerized device. Enforcement of the first security policy provides a first level access to resources within the computerized device by processes operating in the computerized device. The system detects a transition operation of the computerized device that occurs during enforcement of the first security policy indicating that operation of the computerized device is transitioning from the first operational state to a second operational state and in response, enforces a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state. This can be repeated for many different states including boot time, normal runtime, installation, shutdown, and a compromised state.

Citations

24 Claims

1. A method for controlling security during operation of a computerized device, the method comprising:
- enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;
  
  detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;
  
  in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state;
  
  wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
  
  wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
  
  wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and
  
  in response to an end-installation event, re-enforcing the non-installation security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein enforcing the non-installation security policy comprises:
    - providing a more restrictive level of access to a first resource within the computerized device;
      
      providing a less restrictive level of access to a second resource within the computerized device;
      
      wherein detecting the installation operation of the computerized device comprises;
      
      detecting a requirement to install a software application within the computerized device; and
      
      wherein enforcing the installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises;
      
      providing a less restrictive level of access to the first resource within the computerized device; and
      
      providing a more restrictive level of access to the second resource within the computerized device.
  - 3. The method of claim 2 wherein the first resource is a computer system configuration resource of the computerized device including at least one of:
    - i) an operating system setting;
      
      ii) a registry value setting;
      
      iii) a file being added or removed from the computerized device; and
      
      wherein the second resource is a computer system processing resource of the computerized device including at least one of;
      
      i) network access to or from the computerized device;
      
      ii) access to a user application that is different than the software application being installed within the computerized device.
  - 4. The method of claim 2 wherein detecting the requirement to install the software application within the computerized device comprises:
    - detecting occurrence, during enforcing the non-installation security policy, of at least one of;
      
      i) execution of an installation wizard that guides a user through a process of installing software within the computerized device;
      
      ii) execution of a process accessing an installation library associated with the computerized device;
      
      iii) execution of a system call that requests to perform modification of a system configuration setting that is commonly performed during software installation; and
      
      iv) a first-time invocation of execution of a process within the computerized device; and
      
      v) execution of a known installation program for purposes of installing software within the computerized device.
  - 5. The method of claim 4 wherein enforcing the installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises:
    - identifying a type of software installation being performed within the computerized device;
      
      based on the identified type of software installation being performed, identifying a set of restricted resources to which access is to be limited during the software installation being performed; and
      
      restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 6. The method of claim 5 wherein identifying the set of restricted resources to which access is to be limited during the software installation being performed comprises:
    - identifying classes of resources within the computerized device that are to be modified during installation of the software within the computerized device;
      
      prompting the user to indicate, for each class of resources, if the user desires an installation process being performed in association with installing the software to allow modification of resources within that class of resources;
      
      receiving at least one response from the user concerning that users desire to allow modification of resources within the respective identified classes of resources; and
      
      performing the operation of restricting access by the software installation process to sets of restricted resources within the computerized device during the enforcement of the installation security policy in accordance the at least one response from the user concerning that users desire to allow modification of resources within the respective identified classes of resources.
  - 7. The method of claim 5 wherein identifying the set of restricted resources to which access is to be limited during the software installation being performed comprises:
    - identifying software applications that are not associated with the software installation being performed within the computerized device;
      
      adding the identified software applications to the set of restricted resources to which access is to be limited during the software installation being performed; and
      
      wherein restricting access by the software installation process to the set of restricted resources within the computerized device during the enforcement of the installation security policy comprises;
      
      disallowing access, by processes associated with the software installation, to the set of restricted resources within the computerized device during the enforcement of the installation security policy.
  - 8. The method of claim 7 wherein identifying software applications that are not associated with the software installation being performed within the computerized device comprises:
    - identifying communications programs that allow network communications to be performed within the computerized device for addition into the set of restricted resources to which access is limited during the software installation being performed in order to restrict network communications by processes associated with the software installation being performed.
  - 9. The method of claim 8 wherein providing the less restrictive level of access to the first resource within the computerized device comprises:
    - allowing access to system configuration settings including a registry.
  - 10. The method of claim 2 wherein the end-installation event comprises at least one of:
    - i) an expiration of an installation timer indicating that an installation time period has elapsed;
      
      ii) an indication from the user that installation is complete;
      
      iii) completion of execution of the installation processand in response to the end-installation event, reverting to enforcement of a non-installation security policy that provides restricted access to resources that were required during the installation process.
  - 11. The method of claim 10 wherein in response to the end-installation event, reverting to enforcement of the non-installation security policy comprises:
    - reverting to the non-installation security policy after the end-installation event and after expiration of a predetermined time period after occurrence of the end-installation event.
  - 12. The method of claim 1 wherein the non-installation security is a more restrictive security policy that disallows modification to computerized device system configuration settings and the installation security policy is a less restrictive security policy that allows modification to computerized device system configuration settings;
    - and wherein enforcing the installation security policy to provide installation level access to the resources within the computerized device during the installation operation comprises;
      
      providing modification access to computerized device system configuration settings that would otherwise be restricted if the non-installation security policy were enforced.
  - 13. The method of claim 1 wherein the first and second operational states and corresponding first and second security policies corresponding respectively to the first and second operational states are selected from the group consisting of:
    - i) a boot-state in which the computerized device is performing a startup operation, and a boot-time security policy that restricts access to resources within the computer during the startup operation;
      
      ii) a shutdown-state in which the computerized device is performing a shutdown operation, and wherein the security policy is a shutdown security policy that restricts access to resources within the computer during the shutdown operation;
      
      iii) a normal-state in which the computerized device is performing execution of user applications, and wherein the security policy is a normal run-time security policy that restricts modification access to system configuration resources within the computer during the normal run-time operation of user application;
      
      iv) a compromised-state in which the computerized device is determined to be configured with a malicious program, and wherein the security policy is a compromised security policy that restricts all access to system configuration resources within the computer during the compromised state; and
      
      v) an installation-state in which the computerized device is performing an installation operation, and wherein the security policy is a installation security policy that restricts access to non-installation related resources within the computer during the installation operation and de-restricts access to installation related resources within the computerized device.

14. A computer readable medium including computer program logic instruction encoded thereon, that when executed on a processor in a computerized device, causes the computerized device to perform the operations of:
- enforcing a first security policy during a first operational state of the computerized device, enforcement of the first security policy providing a first level access to resources within the computerized device by processes operating in the computerized device;
  
  detecting a transition operation of the computerized device that occurs during enforcement of the first security policy, the transition operation indicating that operation of the computerized device is transitioning from the first operational state to a second operational state;
  
  in response to detection of the transition operation, enforcing a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state;
  
  wherein enforcing the first security policy during the first operational state comprises enforcing a non-installation security policy during a non-installation operation of the computerized device, enforcement of the non-installation security policy providing non-installation level access to resources within the computerized device by processes operating in the computerized device;
  
  wherein detecting the transition operation comprises detecting an installation operation of the computerized device that occurs during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
  
  wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources within the computerized device during the installation operation, in response to detection of the installation operation; and
  
  in response to an end-installation event, re-enforcing the non-installation security policy.

15. A computerized device, comprising:
- a memory configured to store one or more security policies;
  
  a processor;
  
  a communications interface configured to couple to a network;
  
  an interconnection mechanism coupling the memory, the processor and the communications interface; and
  
  a security agent to control;
  
  enforcing a first security policy during a first operational state of the computerized device, where enforcing the first security policy provides a first level of access to resources in the computerized device by processes operating in the computerized device, where the first security policy is stored in the memory;
  
  placing the computerized device in a monitoring state to monitor for a transition operation;
  
  switching, in response to detecting a transition operation, to enforcing a second security policy corresponding to a second operational state associated with the transition operation, wherein the second security policy corresponding to the second operational state provides a custom level of access to the resources in the computerized device based, at least in part, on the transition operation, wherein the second security policy is stored in the memory;
  
  returning to the monitoring state subsequent to transitioning to the second security policy;
  
  wherein enforcing the first security policy comprises enforcing a non-installation security policy during a non- installation operational state of the computerized device, and wherein enforcement of the non-installation security policy provides non-installation level access to resources in the computerized device by processes operating in the computerized device;
  
  wherein detecting the transition operation comprises detecting an installation operation in the computerized device during enforcement of the non-installation security policy, the installation operation indicating that at least one installation is to be performed in the computerized device;
  
  wherein enforcing the second security policy comprises enforcing an installation security policy to provide installation level access to the resources in the computerized device during the installation operation, in response to detection of the installation operation; and
  
  in response to detecting an end-installation transition operation, switching to enforcing the non-installation security policy.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The computerized device of claim 15, wherein the non-installation security policy provides a first threshold level of access to a first resource and a second threshold level of access to a second resource;
    - and wherein the installation security policy provides lower threshold level of access to the first resource and a higher threshold level of access to the second resource than the non-installation security policy.
  - 17. The computerized device of claim 16, wherein the first resource is a computer system configuration resource of the computerized device comprising at least one of:
    - an operating system setting, a registry value setting, and a file being added or removed from the computerized device; and
      
      wherein the second resource is a computer system processing resource of the computerized device including at least one of;
      
      network access to or from the computerized device, and access to a user application that is different than a software application being installed within the computerized device.
  - 18. The computerized device of claim 16 where detecting the transition operation comprises detecting at least one of:
    - execution of an installation wizard that guides a user through a process of installing software within the computerized device,execution of a process accessing an installation library associated with the computerized device,execution of a system call that requests modification of a system configuration setting that is commonly performed during software installationa first-time execution of a process within the computerized device, andexecution of a known installation program.
  - 19. The computerized device of claim 18, wherein detecting the transition operation comprises:
    - identifying a type of software installation being performed within the computerized device; and
      
      restricting access to a set of resources in the computerized device during the enforcement of the installation security policy, based, at least in part, on the type of software installation being performed.
  - 20. The computerized device of claim 19, wherein restricting access to the set of resources in the computerized device comprises:
    - identifying classes of resources in the computerized device to be modified during software installation;
      
      prompting a user to indicate whether to allow modification of resources within a class of resources;
      
      receiving at least one response from the user indicating whether to allow modification of resources within a class of resources; and
      
      restricting access by the software installation process to sets of resources within the computerized device during enforcement of the installation security policy in accordance with at least one response from the user.
  - 21. The computerized device of claim 19, where restricting access to the set of resources in the computerized device comprises:
    - disallowing access, by processes associated with the software installation, to the set of resources within the computerized device during the enforcement of the installation security policy.
  - 22. The computerized device of claim 20, wherein the security agent further controls:
    - identifying software applications that are not associated with the software installation; and
      
      adding communications programs that allow network communications to the set of resources to which access is limited during the software installation being performed, in order to restrict network communications by processes associated with the software installation.
  - 23. The computerized device of claim 17, wherein detecting the end-installation transition operation comprises detecting at least one of:
    - an expiration of an installation timer indicating that an installation time period has elapsed, an indication from the user that installation is complete, and completion of execution of the installation process.
  - 24. The computerized device of claim 16,wherein the non-installation security policy disallows modification to computerized device system configuration settings and the installation security policy allows modification to computerized device system configuration settings;
    - andwherein enforcing the installation security policy to provide installation level access to the resources in the computerized device during the installation operation comprises;
      
      providing modification access to computerized device system configuration settings that would otherwise be restricted if the non-installation security policy were enforced.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Malver, Debra L., Kraemer, Jeffrey A.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
TABOR, AMARE F

Application Number

US11/046,302
Publication Number

US 20060174319A1
Time in Patent Office

1,873 Days
Field of Search

713189-194, 713/2, 726/1, 726 22- 25
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

G06F 2221/2105   Dual mode as a secondary as...

Methods and apparatus providing security for multiple operational states of a computerized device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus providing security for multiple operational states of a computerized device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links