Techniques for minimum permissions detection and verification

US 8,321,837 B2
Filed: 01/23/2006
Issued: 11/27/2012
Est. Priority Date: 01/23/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for determining a minimum set of permissions for a software component comprising:

enabling all user permissions;

performing iterative testing by;

disabling only one of said all user permissions on each iteration with all other user permissions enabled,determining whether the software component can properly execute on each iteration; and

recording information about the permissions when the software component does not properly execute on a iteration; and

determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said software component will properly execute.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for determining a minimum set of permissions for a software component. A first set of minimum permissions is determined for proper execution of the software component. The first set designates one or more permissions. Determining the first set includes performing iterative testing to determine whether one or more user permissions are included in the first set by only disabling one of the user permissions on an iteration. Verification processing may be performed in which a second set of minimum permissions is determined and the first set may be compared to the second set to determine whether the first set is equivalent to the second set.

Citations

19 Claims

1. A method for determining a minimum set of permissions for a software component comprising:
- enabling all user permissions;
  
  performing iterative testing by;
  
  disabling only one of said all user permissions on each iteration with all other user permissions enabled,determining whether the software component can properly execute on each iteration; and
  
  recording information about the permissions when the software component does not properly execute on a iteration; and
  
  determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said software component will properly execute.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - performing verification processing and determining a second set of minimum permissions; and
      
      comparing said first set to said second set to determine whether said first set is equivalent to said second set, andwherein said determining, said performing and said comparing are performed using a test harness.
  - 3. The method of claim 2, wherein said test harness executes in an auto-detection mode to perform said method for determining, and a verification mode to perform said performing and said comparing steps.
  - 4. The method of claim 2, wherein said first set is determined to be said minimum set if said first set is equivalent to said second set.
  - 5. The method of claim 3, wherein if said first set includes user permissions, said verification processing further comprises:
    - determining whether said software component successfully executes using said first set of permissions.
  - 6. The method of claim 5, further comprising:
    - if said software component does not successfully execute using said first set of permissions, reperforming processing associated with said auto-detection mode.
  - 7. The method of claim 6, further comprising:
    - if said software component does not execute properly when only said one user permission is disabled, determining that said one user permission is included in said second set.
  - 8. The method of claim 1, wherein said iterative testing includes testing one or more administrative permissions, said one or more administrative permissions forming a hierarchy in which only one administrative permission can be designated for a user account.
  - 9. The method of claim 2, wherein said test harness automatically creates a user account and automatically sets permissions for said user account in accordance with processing performed by said test harness.
  - 10. The method of claim 3, wherein a mode for executing said test harness is indicated by an indicator associated with an invocation of a test function for testing said software component.
  - 11. The method of claim 3, wherein said first set of permissions is passed as an input to said test harness when executing in said verification mode.
  - 12. The method of claim 1, wherein said software component executes in an environment including at least one overlapping permission.
  - 13. The method of claim 1, wherein said software component executes in an environment which does not include any overlapping permissions.

14. A test harness for determining a minimum set of permissions for a software component, said test harness comprising computer executable instructions stored on a computer readable storage medium for performing the steps of:
- receiving a first set of minimum permissions for proper execution of said software component, wherein said first set designates one or more permissions, said first set of minimum permissions being determined by executing a first set of processing steps, wherein said first set of minimum permissions includes the smallest set of permissions for which said code component will properly execute;
  
  enabling all of the first set of minimum permissions;
  
  executing a second set of processing steps when in a verification mode, said second set of processing steps including;
  
  iteratively disabling only one of said first set of minimum permissions on each iteration with all other first set of minimum permissions enabled,determining whether the software component can properly execute on each iteration; and
  
  recording information about the permissions when the software component does not properly execute on an iteration;
  
  performing verification processing and determining a second set of minimum permissions according to the recorded information; and
  
  comparing said first set to said second set to determine whether said first set is equivalent to said second set.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The test harness of claim 14, further comprising:
    - executing said first set of processing steps when in an auto-detection mode, said first set of processing steps including;
      
      determining said first set of minimum permissions for proper execution of said software component, wherein said first set designates one or more permissions, said determining including performing iterative testing to determine whether one or more user permissions are included in said first set by only disabling one of said user permissions on an iteration; and
      
      wherein if said first set includes one or more user permissions, said second set of processing steps further comprises;
      
      determining whether said software component successfully executes using said first set of permissions.
  - 16. The test harness of claim 15, wherein said second set of processing steps further comprises:
    - if said software component does not successfully execute using said first set of permissions, reperforming processing associated with said auto-detection mode.
  - 17. The test harness of claim 16, wherein said second set of processing steps further comprises:
    - performing iterative testing by disabling only one of said user permissions included in said first set on an iteration.
  - 18. The test harness of claim 17, wherein said second set of processing steps further comprises:
    - if said software component does not execute properly when only said one user permission is disabled, determining that said one user permission is included in said second set.

19. A computer readable storage medium having computer executable instructions stored thereon for performing steps for determining a minimum set of permissions for executing a code component, the steps comprising:
- enabling all user permissions;
  
  performing iterative testing by;
  
  disabling only one of said all user permissions on each iteration with all other permissions enabled,determining whether the software component can properly execute on each iteration; and
  
  recording information about the permissions when the software component does not properly execute on a iteration;
  
  determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said code component will properly execute; and
  
  performing verification processing using said first set of minimum permissions, said verification processing including;
  
  determining a second set of minimum permissions; and
  
  comparing said first set to said second set to determine whether said first set is equivalent to said second set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cohen, Matthew, Broberg, Eric D., Jeffries, Matthew B.
Primary Examiner(s)
Nahar, Qamrun

Application Number

US11/337,725
Publication Number

US 20070174899A1
Time in Patent Office

2,500 Days
Field of Search

717/124, 717/125, 717/134, 717/135, 726/4
US Class Current

717/124
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Techniques for minimum permissions detection and verification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for minimum permissions detection and verification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links