Integrating security protection tools with computer device integrity and privacy policy

US 8,117,441 B2
Filed: 06/20/2006
Issued: 02/14/2012
Est. Priority Date: 06/20/2006
Status: Active Grant

First Claim

Patent Images

1. An integrity and privacy protection method for an operating system of a computer device, the method comprising:

in response to installing a program on the computer device that includes the operating system,with a monitor within the operating system, assigning a monitoring program having computer-executable instructions to the program being installed, wherein the monitor assigns a first integrity and/or privacy label to the monitoring program based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed, andwith the monitoring program, assigning a second integrity and/or privacy label to the program being installed that is equal to or less than the first integrity and/or privacy label assigned to the monitoring program by the monitor, wherein the assigning the second integrity and/or privacy label is based on a privacy policy associated with a digital signer of the program being installed or on a status of the program as determined by an anti-malware program, and,after the program is installed (“

installed program”

), in response to the installed program seeking to access an object, deciding with the monitor whether to allow access or deny access, wherein;

the object comprises at least one of data or another program on the computer device or a remote network resource coupled to the computer device;

the object has associated with it a third integrity and/or privacy label; and

the monitor decides whether to allow or deny access based on a comparison of the second integrity and/or privacy label and the third integrity and/or privacy label.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

323 Citations

18 Claims

1. An integrity and privacy protection method for an operating system of a computer device, the method comprising:
- in response to installing a program on the computer device that includes the operating system,with a monitor within the operating system, assigning a monitoring program having computer-executable instructions to the program being installed, wherein the monitor assigns a first integrity and/or privacy label to the monitoring program based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed, andwith the monitoring program, assigning a second integrity and/or privacy label to the program being installed that is equal to or less than the first integrity and/or privacy label assigned to the monitoring program by the monitor, wherein the assigning the second integrity and/or privacy label is based on a privacy policy associated with a digital signer of the program being installed or on a status of the program as determined by an anti-malware program, and,after the program is installed (“
  
  installed program”
  
  ), in response to the installed program seeking to access an object, deciding with the monitor whether to allow access or deny access, wherein;
  
  the object comprises at least one of data or another program on the computer device or a remote network resource coupled to the computer device;
  
  the object has associated with it a third integrity and/or privacy label; and
  
  the monitor decides whether to allow or deny access based on a comparison of the second integrity and/or privacy label and the third integrity and/or privacy label.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 1, wherein the monitor within the operating system of the computer device comprises an Operating System Reference Monitor (SRM) that assigns the first integrity and/or privacy label to the monitoring program.
  - 3. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 2, wherein the monitoring program is a security protection software for detecting malicious software.
  - 4. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 1, wherein the monitoring program monitors the installed program and advises the monitor when the installed program is seeking access to the data or another program on the computer device, or the remote network resource connected to the computer device.
  - 5. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 1, wherein the monitor assigns a plurality of monitoring programs, wherein each monitoring program is assigned a respective first integrity and/or privacy label, wherein the second integrity and/or privacy label assigned to the program being installed is based on the respective first integrity and/or privacy label assigned to each of the plurality of monitoring programs and wherein the respective first integrity and/or privacy label of one of the plurality of monitoring programs is chosen as the second integrity and/or privacy label of the installed program.
  - 6. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 5, wherein the respective first integrity and/or privacy label assigned to each of the plurality of monitoring programs is assigned based on a different criterion associated with the program being installed.
  - 7. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 1, wherein the integrity and/or privacy label assigned to the monitoring program and the program being installed cannot be altered unless the program being installed is altered.
  - 8. An integrity and privacy protection method for the operating system of a computer device as claimed in claim 1, wherein the operating system includes a database for storing the second integrity and/or privacy label of the program being installed and a third integrity and/or privacy label of the data or the other program on the computer device, or the remote network resource connected to the computer device for use in allowing or denying access to the data or the other program on the computer device, or the remote network resource connected to the computer device when the installed program seeks to access the data or the other program on the computer device, or the remote network resource connected to the computer device.

9. An integrity and privacy protection method for a computer device that includes an Operating System Reference Monitor (SRM) comprising:
- initiating, by the computer device on computer power-on, an ability of the SRM to assign a monitoring program, the monitoring program being security protection software for detecting malicious software;
  
  in response to receiving a request to install a program on the computer device, the SRM assigning the monitoring program to the program being installed;
  
  the monitoring program assigning an integrity and/or privacy label to the program being installed, the assigning based on predetermined criteria associated with the program being installed, the predetermined criteria based on a signature file included in the program being installed or a global user preference or code that defines the origination of the program being installed;
  
  the monitoring program monitoring the program being installed after installation to detect requests by the installed program for access to data or another program on the computer device or a remote network resource connected to the computer device;
  
  in response to the monitoring program detecting a request by the installed program for access to the data or another program on the computer device, or the remote network resource connected to the computer device, the SRM determining if the integrity and/or privacy label assigned to the installed program is adequate for the installed program to access the requested data or another program on the computer device or the remote network resource connected to the computer device.
- View Dependent Claims (10)
- - 10. An integrity and privacy protection method as claimed in claim 9, wherein the SRM determines if the integrity and/or privacy label assigned to the installed program indicates that the installed program has access the requested data or another program on the computer device, or the remote network resource connected to the computer device by comparing the integrity and/or privacy label assigned to the installed program and an integrity and/or privacy label assigned to the data and another program on the computer device, and the remote network resource connected to the computer device, and wherein the SRM enforces an integrity and/or privacy policy by allowing the installed program access to the data or another program on the computer device, or the remote network resource connected to the computer device if the integrity and/or privacy label assigned to the installed program is equal to or more than the integrity and/or privacy label assigned to the data or another program on the computer device, or the remote network resource connected to the computer device.

11. A computer device comprising an operating system that includes an Operating System Reference Monitor (SRM) configured for:
- assigning monitoring programs configured for monitoring installed programs on the computer device, each monitoring program assigned an integrity and/or privacy label by the SRM based on predetermined criteria associated with a corresponding one of the installed programs, the predetermined criteria based on a signature file included in the corresponding one of the installed programs or a global user preference or code that defines the origination of the corresponding one of the installed programs, each monitoring program configured for monitoring the operation of the corresponding one of the installed programs;
  
  in response to installing a program on the computer device, assigning a monitoring program for the program being installed and assigning an integrity and/or privacy label to the monitoring program based on the predetermined criteria;
  
  monitoring the operation of the program being installed after the program is installed (“
  
  installed program”
  
  ) to determine if the installed program is requesting access to data or another program on the computer device, or a remote network resource connected to the computer device; and
  
  in response to determining that the installed program is requesting access to the data or another program on the computer device, or the remote network resource connected to the computer device, granting or denying the request based on an integrity and/or privacy label assigned by the monitoring program to the installed program.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A computer device as claimed in claim 11, wherein the SRM assigns more than one monitoring programs for the program being installed, and assigns an integrity and/or privacy label to each monitoring program based on a different predetermined criteria.
  - 13. A computer device as claimed in claim 12, wherein the integrity and/or privacy label assigned to each monitoring program is based on criteria associated with the program being installed.
  - 14. A computer device as claimed in claim 13, wherein the criteria is chosen from a group that includes a signature file included in the program being installed and code that defines the origination of the program being installed.
  - 15. A computer device as claimed in claim 12, wherein the integrity and/or privacy label assigned to each monitoring program and the integrity and/or privacy label assigned to the program being installed cannot be altered unless the program being installed is altered.
  - 16. A computer device as claimed in claim 12, wherein the SRM uses trusted computing base (TCB) data that includes the integrity and/or privacy label of the data and another program on the computer device, and the remote network resource connected to the computer device that the installed program is requesting access to decide whether to grant or deny the request.
  - 17. A computer device as claimed in claim 11, wherein the SRM decides whether to grant or deny the request based on comparing the integrity and/or privacy label assigned by the monitoring program to the program being installed and an integrity and/or privacy label associated with the data and another program on the computer device, and the remote network resource connected to the computer device.
  - 18. A computer device as claimed in claim 17, wherein the integrity and/or privacy label assigned to the program being installed and the integrity and/or privacy label assigned to the data and another program on the computer device, and the remote network resource connected to the computer device are stored in a table located in a trusted section of a memory of the computer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kurien, Thekkthalackal Varugis, Nagampalli, Narasimha Rao, Field, Scott, Hamblin, Jeffrey B, Brundrett, Peter T
Primary Examiner(s)
ZIA, SYED

Application Number

US11/472,052
Publication Number

US 20080022093A1
Time in Patent Office

2,065 Days
Field of Search

713/150, 713164-167, 726/2, 726/4, 726 22- 25, 726/27, 726/29
US Class Current

713/164
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

Integrating security protection tools with computer device integrity and privacy policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

323 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Integrating security protection tools with computer device integrity and privacy policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

323 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others