Integrating security protection tools with computer device integrity and privacy policy
First Claim
1. An integrity and privacy protection method for an operating system of a computer device, the method comprising:
- in response to installing a program on the computer device that includes the operating system,with a monitor within the operating system, assigning a monitoring program having computer-executable instructions to the program being installed, wherein the monitor assigns a first integrity and/or privacy label to the monitoring program based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed, andwith the monitoring program, assigning a second integrity and/or privacy label to the program being installed that is equal to or less than the first integrity and/or privacy label assigned to the monitoring program by the monitor, wherein the assigning the second integrity and/or privacy label is based on a privacy policy associated with a digital signer of the program being installed or on a status of the program as determined by an anti-malware program, and,after the program is installed (“
installed program”
), in response to the installed program seeking to access an object, deciding with the monitor whether to allow access or deny access, wherein;
the object comprises at least one of data or another program on the computer device or a remote network resource coupled to the computer device;
the object has associated with it a third integrity and/or privacy label; and
the monitor decides whether to allow or deny access based on a comparison of the second integrity and/or privacy label and the third integrity and/or privacy label.
2 Assignments
0 Petitions
Accused Products
Abstract
At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
323 Citations
18 Claims
-
1. An integrity and privacy protection method for an operating system of a computer device, the method comprising:
-
in response to installing a program on the computer device that includes the operating system, with a monitor within the operating system, assigning a monitoring program having computer-executable instructions to the program being installed, wherein the monitor assigns a first integrity and/or privacy label to the monitoring program based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed, and with the monitoring program, assigning a second integrity and/or privacy label to the program being installed that is equal to or less than the first integrity and/or privacy label assigned to the monitoring program by the monitor, wherein the assigning the second integrity and/or privacy label is based on a privacy policy associated with a digital signer of the program being installed or on a status of the program as determined by an anti-malware program, and, after the program is installed (“
installed program”
), in response to the installed program seeking to access an object, deciding with the monitor whether to allow access or deny access, wherein;the object comprises at least one of data or another program on the computer device or a remote network resource coupled to the computer device; the object has associated with it a third integrity and/or privacy label; and the monitor decides whether to allow or deny access based on a comparison of the second integrity and/or privacy label and the third integrity and/or privacy label. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An integrity and privacy protection method for a computer device that includes an Operating System Reference Monitor (SRM) comprising:
-
initiating, by the computer device on computer power-on, an ability of the SRM to assign a monitoring program, the monitoring program being security protection software for detecting malicious software; in response to receiving a request to install a program on the computer device, the SRM assigning the monitoring program to the program being installed; the monitoring program assigning an integrity and/or privacy label to the program being installed, the assigning based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed; the monitoring program monitoring the program being installed after installation to detect requests by the installed program for access to data or another program on the computer device or a remote network resource connected to the computer device; in response to the monitoring program detecting a request by the installed program for access to the data or another program on the computer device, or the remote network resource connected to the computer device, the SRM determining if the integrity and/or privacy label assigned to the installed program is adequate for the installed program to access the requested data or another program on the computer device or the remote network resource connected to the computer device. - View Dependent Claims (10)
-
-
11. A computer device comprising an operating system that includes an Operating System Reference Monitor (SRM) configured for:
-
assigning monitoring programs configured for monitoring installed programs on the computer device, each monitoring program assigned an integrity and/or privacy label by the SRM based on predetermined criteria associated with a corresponding one of the installed programs, the predetermined criteria based on a signature file included in the corresponding one of the installed programs or a global user preference or code that defines the origination of the corresponding one of the installed programs, each monitoring program configured for monitoring the operation of the corresponding one of the installed programs; in response to installing a program on the computer device, assigning a monitoring program for the program being installed and assigning an integrity and/or privacy label to the monitoring program based on the predetermined criteria; monitoring the operation of the program being installed after the program is installed (“
installed program”
) to determine if the installed program is requesting access to data or another program on the computer device, or a remote network resource connected to the computer device; andin response to determining that the installed program is requesting access to the data or another program on the computer device, or the remote network resource connected to the computer device, granting or denying the request based on an integrity and/or privacy label assigned by the monitoring program to the installed program. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification