Methods to generate security profile for restricting resources used by a program based on entitlements of the program
First Claim
1. A computer-implemented method for dynamically compiling a security profile for a program, the method comprising:
- in response to a request for launching a program, determining, by a launch module executed by a processor, a list of one or more application frameworks to be accessed by the program during execution of the program;
determining, by a helper module executed by the processor, zero or more entitlements representing one or more resources entitled by the program during the execution;
determining a set of one or more rules associated with at least one of the application frameworks based on the entitlements of the program, the set of one or more rules specifying one or more of resources associated with the at least one application framework, the at least one application framework providing an operating environment for the program; and
dynamically compiling, by a profile compiler, a security profile for the program based on the set of one or more rules associated with the at least one application framework, wherein the compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.
1 Assignment
0 Petitions
Accused Products
Abstract
In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.
27 Citations
18 Claims
-
1. A computer-implemented method for dynamically compiling a security profile for a program, the method comprising:
-
in response to a request for launching a program, determining, by a launch module executed by a processor, a list of one or more application frameworks to be accessed by the program during execution of the program; determining, by a helper module executed by the processor, zero or more entitlements representing one or more resources entitled by the program during the execution; determining a set of one or more rules associated with at least one of the application frameworks based on the entitlements of the program, the set of one or more rules specifying one or more of resources associated with the at least one application framework, the at least one application framework providing an operating environment for the program; and dynamically compiling, by a profile compiler, a security profile for the program based on the set of one or more rules associated with the at least one application framework, wherein the compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium having instructions stored therein, which when executed by a computer, cause the computer to perform a method for dynamically compiling a security profile for a program, the method comprising:
-
in response to a request for launching a program, determining by a launch module executed by a processor, a list of one or more application frameworks to be accessed by the program during execution of the program; determining zero or more entitlements representing one or more resources entitled by the program during the execution; determining by a helper module a set of one or more rules associated with at least one of the application frameworks based on the entitlements of the program, the set of one or more rules specifying one or more resources associated with the at least one application framework, the at least one application framework providing an operating environment for the program; and dynamically compiling, by a profile compiler, a security profile for the program based on the set of one or more rules associated with the at least one application framework, wherein the compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
a processor; and a memory coupled to the processor; a launch service module executed in the memory by the processor, in response to a request for launching a program, to determine a list of one or more application frameworks to be accessed by the program during execution of the program; a helper module executed in the memory by the processor and coupled to the launch service module to determine zero or more entitlements representing one or more resources entitled by the program during the execution; one or more application frameworks executed in the memory by the processor to provide a set of one or more rules based on the entitlements of the program, the set of one or more rules specifying one or more resources associated with at least one of the application frameworks; and a profile compiler executed in the memory by the processor to dynamically compile a security profile for the program based on the set of one or more rules associated with the at least one application framework, wherein the compiled security profile is used to restrict the program from accessing at least one resource of the at least one application framework during the execution of the program. - View Dependent Claims (18)
-
Specification