Securely sharing applications installed by unprivileged users
First Claim
1. At a computer system, the computer system including a processor and system memory, the computer system accessible to a plurality of different users that share applications installed at the computer system, each user instantiating shared applications through the interoperation between components in a shared repository and components in a user specific private repository, a method for securely sharing a software application between users at the computer system, the method comprising:
- an act of receiving a user entered command from a specified user, the specified user being one of the plurality of users that share applications at the computer system, the user command instructing the computer system to instantiate a shared software application for use by the specified user, the shared software application having been previously installed for use by the specified user, the previous installation including at least installing one or more shared application data objects in a shared repository and installing at least a user manifest corresponding to the shared software application and one or more user specific configuration data objects in a user specific private repository for the specified user, the user manifest including;
an first application identifier for identifying the shared software application stored in the shared repository; and
a public key for a publisher of the shared software application;
an act of accessing an application manifest for the shared software application from the shared repository in response to the user entered command, the application manifest including;
a second application identifier for identifying the shared software application stored in the shared repository;
a digital signature representing the publisher'"'"'s signature on the application manifest file; and
one or more data object identifiers detailing characteristics of appropriate application data objects for executing the shared software application;
prior to permitting the shared software application to run at the computer system for use by the specified user, an act of processing the shared software application to verify security of the shared software application by verifying aspects of the application manifest stored in the shared repository, including;
an act of the processor using the public key of the publisher to verify the publisher'"'"'s signature on the application manifest for authenticity and to verify that the publisher is the author of the application manifest prior to relying on information contained in the application manifest to perform further verifications for the shared software application;
an act of verifying that the first application identifier matches the second application identifier; and
an act of verifying that the application data objects are appropriate for executing the shared software application by comparing the application data objects to characteristics detailed in the one or more data object identifiers; and
upon verifying each of the aspects of the application manifest, an act of running the shared software application using the installed user specific configuration data objects that specify how the application is to be run for the user, wherein the shared application data objects in the shared repository are locked while the application is running such that other users are prevented from modifying the shared application data objects.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of this invention, a computer system performs a method for securely sharing applications installed by unprivileged users. The method involves the computer system receiving a user associated command from a user of the computer system. A previous application installation included installing an application manifest and application data objects in a shared repository and installing a user manifest and user configuration data objects in a private repository for an initial installing user. The computer system verifies that a digital signature of the application manifest corresponds to a public key of a user manifest for the associated user. The computer system verifies that an application identifier of the application manifest matches an application identifier of the user manifest. The computer system verifies that the data objects belong to the software application by comparing the application data objects to one or more data object identifiers in the application manifest.
63 Citations
11 Claims
-
1. At a computer system, the computer system including a processor and system memory, the computer system accessible to a plurality of different users that share applications installed at the computer system, each user instantiating shared applications through the interoperation between components in a shared repository and components in a user specific private repository, a method for securely sharing a software application between users at the computer system, the method comprising:
-
an act of receiving a user entered command from a specified user, the specified user being one of the plurality of users that share applications at the computer system, the user command instructing the computer system to instantiate a shared software application for use by the specified user, the shared software application having been previously installed for use by the specified user, the previous installation including at least installing one or more shared application data objects in a shared repository and installing at least a user manifest corresponding to the shared software application and one or more user specific configuration data objects in a user specific private repository for the specified user, the user manifest including; an first application identifier for identifying the shared software application stored in the shared repository; and a public key for a publisher of the shared software application; an act of accessing an application manifest for the shared software application from the shared repository in response to the user entered command, the application manifest including; a second application identifier for identifying the shared software application stored in the shared repository; a digital signature representing the publisher'"'"'s signature on the application manifest file; and one or more data object identifiers detailing characteristics of appropriate application data objects for executing the shared software application; prior to permitting the shared software application to run at the computer system for use by the specified user, an act of processing the shared software application to verify security of the shared software application by verifying aspects of the application manifest stored in the shared repository, including; an act of the processor using the public key of the publisher to verify the publisher'"'"'s signature on the application manifest for authenticity and to verify that the publisher is the author of the application manifest prior to relying on information contained in the application manifest to perform further verifications for the shared software application; an act of verifying that the first application identifier matches the second application identifier; and an act of verifying that the application data objects are appropriate for executing the shared software application by comparing the application data objects to characteristics detailed in the one or more data object identifiers; and upon verifying each of the aspects of the application manifest, an act of running the shared software application using the installed user specific configuration data objects that specify how the application is to be run for the user, wherein the shared application data objects in the shared repository are locked while the application is running such that other users are prevented from modifying the shared application data objects. - View Dependent Claims (2, 3, 4, 5, 10, 11)
-
-
6. At a computer system, the computer system including a processor and system memory, the computer system accessible to a plurality of different users that share applications installed at the computer system, each user instantiating shared applications through the interoperation between components in a shared repository and components in a user specific private repository, a method for installing a shared software application for use by a plurality of users on a computer system, the method comprising:
-
an act of receiving an indication that a first user is requesting to install a software application at the computer system for use by the first user; in response to the indication; an act of installing application data objects for the software application in the shared repository; an act of installing an application manifest for the software application in the shared repository, the application manifest including; an application identifier for identifying the software application stored in the shared repository; a digital signature representing a signature of a publisher of the software application on the application manifest file; and one or more data object identifiers detailing characteristics of appropriate application data objects for executing the software application; and an act of installing a first user manifest for the first user and one or more user specific configuration data objects in a user specific private repository for the first user, the first user manifest for use by the first user to verify the security of the shared software application by verifying aspects of the application manifest stored in the shared repository in response to a request by the first user to run the software application, the first user manifest including; a first application identifier for identifying the software application installed in the shared repository; and a public key for the publisher of the software application for verifying the publisher'"'"'s signature on the application manifest for authenticity and for verifying that the publisher is the author of the application manifest prior to relying on information contained in the application manifest to perform further verifications for the shared software application; and an act of receiving a subsequent indication that a second user is requesting to install the software application at the computer system for use by the second user, the subsequent indication received after installing the application manifest and the application data objects in the shared repository; in response to the second indication; an act of detecting that the application manifest and the application data objects were previously installed in the shared repository; an act of refraining from installing the application manifest and application data objects in the shared repository in response to detecting that the application manifest and application data objects were previously installed; an act of installing a second user manifest in a user specific private repository for the second user, the second user manifest for use by the second user to verify the security of the shared software application by verifying aspects of the application manifest stored in the shared repository in response to a request by the second user to run the software application, the second manifest containing information for appropriately accessing the application data objects from the shared repository that were installed in response to the indication, the second user manifest including; a second application identifier for identifying the software application installed in the shared repository; and the public key for the publisher of the software application; and upon verifying each of the aspects of the application manifest, an act of running the shared software application using the installed user specific configuration data objects that specify how the application is to be run for the user, wherein the shared application data objects in the shared repository are locked while the application is running such that other users are prevented from modifying the shared application data objects. - View Dependent Claims (7)
-
-
8. A computer system for allowing one or more unprivileged computer system users to install and share software applications through interaction between components in a shared repository and components in user specific private repositories, the system comprising:
-
one or more processors; system memory; wherein the shared repository is accessible by all users of the computer system; a plurality of user specific private repositories, each user having access to a corresponding user specific private repository that includes one or more user specific configuration data objects for use with a shared software application stored in the shared repository; an application manifest for the shared software application stored in the shared repository, the application manifest comprising; an application identifier for identifying the shared software application stored in the shared repository; a digital signature representing a signature of a publisher of the shared software application on the application manifest; and one or more data object identifiers detailing the characteristics of appropriate application data objects for executing the shared software application; and a user manifest for each user of the computer system that has installed the shared software application, each user manifest stored in the corresponding user specified private repository for the user, each user manifest comprising; a further application identifier for identifying the software application installed in the shared repository; and a public key for the publisher of the software application; prior to permitting the shared software application to run at the computer system for use by a specified user, an act of verifying security of the shared software application, verification including; an act of using the public key included in a user manifest for the specified user to verify the publisher'"'"'s signature on the application manifest, verification of the publisher'"'"'s signature verifying that the application manifest is authentic and that the publisher is the author of the application manifest; an act of verifying that the application identifier of the application manifest matches the further application identifier included in the user manifest for the specified user subsequently and in response to verifying the publisher'"'"'s signature is authentic; and an act of verifying that the data objects are appropriate for executing the shared software application by comparing the application data objects to characteristics detailed in the one or more data object identifiers; and upon verifying each of the aspects of the application manifest, an act of running the shared software application using the installed user specific configuration data objects that specify how the application is to be run for the user, wherein the shared application data objects in the shared repository are locked while the application is running such that other users are prevented from modifying the shared application data objects. - View Dependent Claims (9)
-
Specification