Rule-based application access management
First Claim
Patent Images
1. A method, comprising:
- encapsulating resources in a software container;
establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to the resources;
executing an application;
receiving from the application a request for one of the resources;
providing the resource in response to the request if access is granted to the application at the DMZ virtual area.
3 Assignments
0 Petitions
Accused Products
Abstract
A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.
287 Citations
19 Claims
-
1. A method, comprising:
-
encapsulating resources in a software container; establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to the resources; executing an application; receiving from the application a request for one of the resources; providing the resource in response to the request if access is granted to the application at the DMZ virtual area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
encapsulating software components associated with firmware or hardware resources in a software container; establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to one or more of the firmware or hardware resources; executing an application; receiving from the application a request for a selected one of the firmware or hardware resources; providing the selected resource in response to the request if access is granted to the application at the DMZ virtual area. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
software means for encapsulating software components associated with firmware or hardware resources; software means for establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to one or more of the firmware or hardware resources; software means for executing an application; software means for receiving from the application a request for a selected one of the firmware or hardware resources; software means for providing the selected resource in response to the request if access is granted to the application at the DMZ virtual area.
-
Specification