Data source based application sandboxing
First Claim
1. A method to control access to data stored on a data store of a computing device, the method comprising:
- receiving a request for data from a requesting component;
identifying an assigned access domain of the requesting component;
identifying an assigned data domain of the requested data, the data domain having been assigned to the requested data based on a comparison of one or more data characteristics of the requested data with one or more data classifications defined in a security policy;
determining whether the requesting component is authorized to access the requested data by comparing one or more permissions specified in the security policy with each of the assigned access domain and the assigned data domain; and
,if the assigned access domain is authorized to access the assigned data domain, providing access to the requested data.
7 Assignments
0 Petitions
Accused Products
Abstract
A computing device and a method for a computing device to control access to data stored on a data store of the device. An access component of the device having control over access to the data. The access component being operative to receive a request for data from a requesting component, identify an assigned access domain of the requesting component and an assigned data domain of the requested data and determine whether the requesting component is authorized to access the data by comparing the assigned access domain and the data domain with permissions specified in a security policy. If the assigned access domain is authorized to access the data domain, the access component may provide access to the requested data.
109 Citations
35 Claims
-
1. A method to control access to data stored on a data store of a computing device, the method comprising:
-
receiving a request for data from a requesting component; identifying an assigned access domain of the requesting component; identifying an assigned data domain of the requested data, the data domain having been assigned to the requested data based on a comparison of one or more data characteristics of the requested data with one or more data classifications defined in a security policy; determining whether the requesting component is authorized to access the requested data by comparing one or more permissions specified in the security policy with each of the assigned access domain and the assigned data domain; and
,if the assigned access domain is authorized to access the assigned data domain, providing access to the requested data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
9. A computing device operative to control access to data stored on a data store of the device, the computing device comprising:
-
a processing unit in communication with the data store; a requesting component operative on the device to request data stored in the data store; an access component operative on the device to; control access to data stored in the data store; receive one or more requests for data from the requesting component; identify an assigned access domain of the requesting component; identify an assigned data domain of the requested data, the data domain having been assigned to the requested data based on a comparison of one or more data characteristics of the requested data with one or more data classifications defined in a security policy; determine whether the requesting component is authorized to access the requested data by comparing one or more permissions specified in the security policy with each of the assigned access domain and the assigned data domain; and
,provide access to the requested data if the assigned access domain is authorized to access the assigned data domain. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable medium comprising instructions, which when executed by a processor of a computing device cause the processor to perform instructions for controlling access to data stored on a data store of a computing device, the instructions comprising instructions for:
-
receiving a request for data from a requesting component; identifying an assigned access domain of the requesting component; identifying an assigned data domain of the requested data, the data domain having been assigned to the requested data based on a comparison of one or more data characteristics of the requested data with one or more data classifications defined in a security policy; determining whether the requesting component is authorized to access the requested data by comparing one or more permissions specified in the security policy with each of the assigned access domain and the assigned data domain; and
,if the assigned access domain is authorized to access the assigned data domain, providing access to the requested data.
-
Specification