Techniques for minimum permissions detection and verification
First Claim
1. A method for determining a minimum set of permissions for a software component comprising:
- enabling all user permissions;
performing iterative testing by;
disabling only one of said all user permissions on each iteration with all other user permissions enabled,determining whether the software component can properly execute on each iteration; and
recording information about the permissions when the software component does not properly execute on a iteration; and
determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said software component will properly execute.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for determining a minimum set of permissions for a software component. A first set of minimum permissions is determined for proper execution of the software component. The first set designates one or more permissions. Determining the first set includes performing iterative testing to determine whether one or more user permissions are included in the first set by only disabling one of the user permissions on an iteration. Verification processing may be performed in which a second set of minimum permissions is determined and the first set may be compared to the second set to determine whether the first set is equivalent to the second set.
-
Citations
19 Claims
-
1. A method for determining a minimum set of permissions for a software component comprising:
-
enabling all user permissions; performing iterative testing by; disabling only one of said all user permissions on each iteration with all other user permissions enabled, determining whether the software component can properly execute on each iteration; and recording information about the permissions when the software component does not properly execute on a iteration; and determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said software component will properly execute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A test harness for determining a minimum set of permissions for a software component, said test harness comprising computer executable instructions stored on a computer readable storage medium for performing the steps of:
-
receiving a first set of minimum permissions for proper execution of said software component, wherein said first set designates one or more permissions, said first set of minimum permissions being determined by executing a first set of processing steps, wherein said first set of minimum permissions includes the smallest set of permissions for which said code component will properly execute; enabling all of the first set of minimum permissions; executing a second set of processing steps when in a verification mode, said second set of processing steps including; iteratively disabling only one of said first set of minimum permissions on each iteration with all other first set of minimum permissions enabled, determining whether the software component can properly execute on each iteration; and recording information about the permissions when the software component does not properly execute on an iteration; performing verification processing and determining a second set of minimum permissions according to the recorded information; and comparing said first set to said second set to determine whether said first set is equivalent to said second set. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer readable storage medium having computer executable instructions stored thereon for performing steps for determining a minimum set of permissions for executing a code component, the steps comprising:
-
enabling all user permissions; performing iterative testing by; disabling only one of said all user permissions on each iteration with all other permissions enabled, determining whether the software component can properly execute on each iteration; and recording information about the permissions when the software component does not properly execute on a iteration; determining a first set of minimum permissions according to the recorded information, wherein said first set of minimum permissions includes the smallest set of permissions for which said code component will properly execute; and performing verification processing using said first set of minimum permissions, said verification processing including; determining a second set of minimum permissions; and comparing said first set to said second set to determine whether said first set is equivalent to said second set.
-
Specification