Securing data on untrusted devices
First Claim
Patent Images
1. A method comprising:
- identifying, by a first process executing in an execution environment on a computing device, a command in an execution environment command queue, the command from a second process executing in the execution environment and indicating an action on secure data, the identifying based on a process ID of the second process or a pathname in the command, and wherein the identifying;
occurs before the execution environment obtains the command from the execution environment command queue for execution, andcomprises identifying an entry in the execution environment command queue associated with a secure storage location;
while the command remains in the execution environment command queue, determining whether the command is permitted based on the action and a user credential, the determining comprising;
accessing an access rules data store, the access rules data store comprising one or more rules associated with commands or user credentials; and
determining whether the command is permitted based on the command and the one or more rules; and
responsive to determining the command is not permitted, removing, by the first process, the command from the command queue before the execution environment obtains the command from the execution environment command queue for execution, the removing preventing the execution environment from executing the command.
2 Assignments
0 Petitions
Accused Products
Abstract
One example method for securing data on untrusted devices includes the steps of identifying, by a first process, a command in a command queue, the command from a second process and comprising an action on secure data; determining whether the command is permitted based on the action and a user credential; and responsive to determining the command is not permitted, removing, by the first process, the command from the command queue.
-
Citations
21 Claims
-
1. A method comprising:
-
identifying, by a first process executing in an execution environment on a computing device, a command in an execution environment command queue, the command from a second process executing in the execution environment and indicating an action on secure data, the identifying based on a process ID of the second process or a pathname in the command, and wherein the identifying; occurs before the execution environment obtains the command from the execution environment command queue for execution, and comprises identifying an entry in the execution environment command queue associated with a secure storage location; while the command remains in the execution environment command queue, determining whether the command is permitted based on the action and a user credential, the determining comprising; accessing an access rules data store, the access rules data store comprising one or more rules associated with commands or user credentials; and determining whether the command is permitted based on the command and the one or more rules; and responsive to determining the command is not permitted, removing, by the first process, the command from the command queue before the execution environment obtains the command from the execution environment command queue for execution, the removing preventing the execution environment from executing the command. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device comprising:
-
a non-transitory computer-readable medium; a processor in communication with the non-transitory computer readable medium, the processor configured to; monitor, by a first process executed in an execution environment on a computing device, an execution environment command queue to identify commands from other processes executed in the execution environment, at least one of the commands indicating an action on secure data, the identifying based on process IDs of other processes or a pathnames in the commands;
wherein the identifying;is configured to occur before the execution environment obtains the command from the execution environment command queue for execution, and comprises identifying an entry in the execution environment command queue associated with a secure storage location; access one or more access rules to determine whether the at least one command is permitted; determining whether the at least one command is permitted based on the at least one command and the one or more rules; and responsive to a determination the command is not permitted, remove the command from the command queue before the execution environment obtains the command from the execution environment command queue for execution, the removing preventing the execution environment from executing the command. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising program code, the program code comprising monitoring software and access rules software executable by a processor in an execution environment, the monitoring software configured to:
-
monitor an execution environment command queue to identify commands from other processes executed in the execution environment; identify a command indicating an action on secure data based on a process ID of one of the other processes or a pathname in the command;
wherein the identifying;is configured to occur before the execution environment obtains the command from the execution environment command queue for execution, and comprises identifying an entry in the execution environment command queue associated with a secure storage location; transmit a request to the access rules software to determine whether the command is permitted; and responsive to a response to the request indicating that the command is not permitted, remove the command from the command queue before the execution environment obtains the command from the execution environment command queue for execution, the removing preventing the execution environment from executing the command; and the access rules software configured to; access an access rules data store, the access rules data store configured to store one or more rules associated with commands or user credentials; receive requests to determine whether commands associated with the requests are permitted; determine whether the commands are permitted based on the respective request and the one or more rules; and transmit a response message to the respective request. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification