JP2014521184A - 信頼レベルのアクティブ化 - Google Patents
信頼レベルのアクティブ化 Download PDFInfo
- Publication number
- JP2014521184A JP2014521184A JP2014521651A JP2014521651A JP2014521184A JP 2014521184 A JP2014521184 A JP 2014521184A JP 2014521651 A JP2014521651 A JP 2014521651A JP 2014521651 A JP2014521651 A JP 2014521651A JP 2014521184 A JP2014521184 A JP 2014521184A
- Authority
- JP
- Japan
- Prior art keywords
- component
- trust
- application
- execution environment
- instructions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
・オペレーティングシステム276
・レジストリ278
・ユーザプロセス108、アプリケーション102、トークン110及び基礎信頼オブジェクト120を有する分離実行環境104
・信頼アクティブ化エンジン106
・APIデータベース114
・部分的信頼オブジェクト138を有するブローカプロセス134
・アプリケーション282及びマニフェストファイル284を有するパッケージ280
・様々な他のアプリケーション及びデータ286
Claims (10)
- プロセッサ実行可能な命令を格納するコンピュータ読取可能記憶媒体であって、
アプリケーションを実行する分離実行環境を作成する命令と、
前記アプリケーションによって要求されたコンポーネントを実行するブローカプロセスを作成する命令であって、前記コンポーネントは、オペレーティングシステムによって制御されるリソースにアクセスするのに使用される、命令と、
前記コンポーネントが部分的信頼レベルに関連付けられるとき、前記コンポーネントを前記ブローカプロセスにおいて実行する命令と
を含む、コンピュータ読取可能記憶媒体。 - コンポーネントに関連付けられる複数の信頼レベルを認識する命令をさらに含む、請求項1に記載のコンピュータ読取可能記憶媒体。
- コンポーネントが完全信頼レベルに関連付けられるとき、前記分離実行環境における当該コンポーネントの実行を拒否する、請求項1に記載のコンピュータ読取可能記憶媒体。
- 前記コンポーネントが部分的信頼レベルに関連付けられるとき、前記ブローカプロセスにおいて実行される前記コンポーネントに関連付けられるAPIオブジェクトを生成する命令をさらに含む、請求項1に記載のコンピュータ読取可能記憶媒体。
- 前記コンポーネントが部分的信頼レベルに関連付けられるとき、前記ブローカプロセスにおいて実行される前記コンポーネントに関連付けられるAPIオブジェクトを生成する命令をさらに含む、請求項1に記載のコンピュータ読取可能記憶媒体。
- プロセッサと、
前記プロセッサに接続されるメモリと
を備えた装置であって、前記メモリが信頼アクティブ化モジュールを有し、前記信頼アクティブ化モジュールは、前記プロセッサによって実行されると、選択的特権レベルに関連付けられるアプリケーションが選択的信頼レベルを有するコンポーネントにアクセスすることができるかどうかを決定する命令を含み、前記アプリケーションは、前記信頼アクティブ化モジュールとは別個の実行環境において動作し、前記コンポーネントは、オペレーティングシステムによって制御されるリソースにアクセスするのに使用される、装置。 - 前記信頼アクティブ化モジュールは、前記プロセッサにおいて実行されると、低特権アプリケーションが、完全信頼レベルを有するコンポーネントを実行するのを回避する命令をさらに含む、請求項6に記載の装置。
- 前記信頼アクティブ化モジュールは、前記プロセッサにおいて実行されると、高特権アプリケーションが任意の信頼レベルコンポーネントを実行するのを可能にする命令をさらに含む、請求項6に記載の装置。
- 前記信頼アクティブ化モジュールは、前記プロセッサにおいて実行されると、前記コンポーネントが基礎信頼レベルを有するとき、低特権アプリケーションに、分離実行環境において実行するように構成された実行可能コードを提供する命令をさらに含む、請求項6に記載の装置。
- 前記信頼アクティブ化モジュールは、前記プロセッサにおいて実行されると、低特権アプリケーションを分離実行環境において実行し、部分的信頼レベルを有するコンポーネントを前記分離実行環境とは別個の実行環境において実行するブローカプロセスを構成する命令をさらに含む、請求項6に記載の装置。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/186,474 | 2011-07-20 | ||
US13/186,474 US8973158B2 (en) | 2011-07-20 | 2011-07-20 | Trust level activation |
PCT/US2012/045998 WO2013012592A1 (en) | 2011-07-20 | 2012-07-10 | Trust level activation |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016153045A Division JP6248153B2 (ja) | 2011-07-20 | 2016-08-03 | 信頼レベルのアクティブ化 |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2014521184A true JP2014521184A (ja) | 2014-08-25 |
JP2014521184A5 JP2014521184A5 (ja) | 2015-08-27 |
JP5985631B2 JP5985631B2 (ja) | 2016-09-06 |
Family
ID=47556777
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2014521651A Active JP5985631B2 (ja) | 2011-07-20 | 2012-07-10 | 信頼レベルのアクティブ化 |
JP2016153045A Active JP6248153B2 (ja) | 2011-07-20 | 2016-08-03 | 信頼レベルのアクティブ化 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016153045A Active JP6248153B2 (ja) | 2011-07-20 | 2016-08-03 | 信頼レベルのアクティブ化 |
Country Status (6)
Country | Link |
---|---|
US (2) | US8973158B2 (ja) |
EP (1) | EP2734949B1 (ja) |
JP (2) | JP5985631B2 (ja) |
KR (1) | KR101970744B1 (ja) |
CN (1) | CN103649963B (ja) |
WO (1) | WO2013012592A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018084866A (ja) * | 2016-11-21 | 2018-05-31 | キヤノン株式会社 | 情報処理装置、情報処理方法及びプログラム |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130061316A1 (en) * | 2011-09-06 | 2013-03-07 | Microsoft Corporation | Capability Access Management for Processes |
US8990561B2 (en) | 2011-09-09 | 2015-03-24 | Microsoft Technology Licensing, Llc | Pervasive package identifiers |
US9773102B2 (en) | 2011-09-09 | 2017-09-26 | Microsoft Technology Licensing, Llc | Selective file access for applications |
US9800688B2 (en) | 2011-09-12 | 2017-10-24 | Microsoft Technology Licensing, Llc | Platform-enabled proximity service |
US9524477B2 (en) * | 2012-05-15 | 2016-12-20 | Apple Inc. | Utilizing a secondary application to render invitational content in a separate window above an allocated space of primary content |
US10356204B2 (en) | 2012-12-13 | 2019-07-16 | Microsoft Technology Licensing, Llc | Application based hardware identifiers |
US9515832B2 (en) | 2013-06-24 | 2016-12-06 | Microsoft Technology Licensing, Llc | Process authentication and resource permissions |
US9282100B2 (en) * | 2013-12-02 | 2016-03-08 | Cisco Technology, Inc. | Privilege separation |
US9483636B2 (en) | 2014-01-17 | 2016-11-01 | Microsoft Technology Licensing, Llc | Runtime application integrity protection |
CN105404819A (zh) * | 2014-09-10 | 2016-03-16 | 华为技术有限公司 | 一种数据访问控制方法、装置以及终端 |
US9600682B2 (en) * | 2015-06-08 | 2017-03-21 | Accenture Global Services Limited | Mapping process changes |
US9785783B2 (en) * | 2015-07-23 | 2017-10-10 | Ca, Inc. | Executing privileged code in a process |
US20170149828A1 (en) | 2015-11-24 | 2017-05-25 | International Business Machines Corporation | Trust level modifier |
EP3314516B1 (en) | 2016-01-26 | 2022-04-13 | Hewlett-Packard Development Company, L.P. | System management mode privilege architecture |
US10360135B2 (en) * | 2016-03-31 | 2019-07-23 | Microsoft Technology Licensing, Llc | Privilege test and monitoring |
KR20180071679A (ko) | 2016-12-20 | 2018-06-28 | 삼성전자주식회사 | 사용자 단말 장치 및 그의 제어 방법 |
US10503908B1 (en) | 2017-04-04 | 2019-12-10 | Kenna Security, Inc. | Vulnerability assessment based on machine inference |
US10728500B2 (en) | 2018-06-13 | 2020-07-28 | At&T Intellectual Property I, L.P. | Object-managed secured multicast system |
US11171983B2 (en) * | 2018-06-29 | 2021-11-09 | Intel Corporation | Techniques to provide function-level isolation with capability-based security |
US10762244B2 (en) * | 2018-06-29 | 2020-09-01 | Intel Corporation | Securely exposing an accelerator to privileged system components |
JP2020135555A (ja) * | 2019-02-21 | 2020-08-31 | Necソリューションイノベータ株式会社 | 処理実行方法 |
US20200364354A1 (en) * | 2019-05-17 | 2020-11-19 | Microsoft Technology Licensing, Llc | Mitigation of ransomware in integrated, isolated applications |
US11895105B2 (en) * | 2020-06-19 | 2024-02-06 | Apple, Inc. | Authenticated interface element interactions |
US11880719B2 (en) * | 2022-01-20 | 2024-01-23 | Dell Products L.P. | Trust-aware and adaptive system to aid virtual/human intervention using an API-based mechanism |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002517852A (ja) * | 1998-06-12 | 2002-06-18 | マイクロソフト コーポレイション | 信頼できないコンテントを安全に実行するための方法およびシステム |
JP2004252584A (ja) * | 2003-02-18 | 2004-09-09 | Nec Corp | データアクセス制御装置 |
JP2008102838A (ja) * | 2006-10-20 | 2008-05-01 | Canon Inc | 情報処理方法およびプログラム |
JP2010191681A (ja) * | 2009-02-18 | 2010-09-02 | Ntt Docomo Inc | データ処理装置、データ処理方法、データ処理プログラム |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6167522A (en) | 1997-04-01 | 2000-12-26 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
US6275938B1 (en) | 1997-08-28 | 2001-08-14 | Microsoft Corporation | Security enhancement for untrusted executable code |
US6691230B1 (en) | 1998-10-15 | 2004-02-10 | International Business Machines Corporation | Method and system for extending Java applets sand box with public client storage |
AU8000800A (en) * | 1999-10-05 | 2001-05-10 | Ejasent Inc. | Virtual network environment |
US7284124B1 (en) * | 2000-06-05 | 2007-10-16 | Microsoft Corporation | Trust level based platform access regulation application |
US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
US7216369B2 (en) | 2002-06-28 | 2007-05-08 | Intel Corporation | Trusted platform apparatus, system, and method |
US7694328B2 (en) * | 2003-10-21 | 2010-04-06 | Google Inc. | Systems and methods for secure client applications |
US7380087B2 (en) | 2004-08-25 | 2008-05-27 | Microsoft Corporation | Reclaiming application isolated storage |
WO2006090384A2 (en) * | 2005-02-22 | 2006-08-31 | Kidaro (Israel) Ltd. | Data transfer security |
US20070260577A1 (en) | 2006-03-30 | 2007-11-08 | Microsoft Corporation | Providing COM access to an isolated system |
JP2010282242A (ja) * | 2007-08-20 | 2010-12-16 | Nec Corp | アクセス制御システム、アクセス制御方法およびアクセス制御用プログラム |
US9218200B2 (en) * | 2008-08-21 | 2015-12-22 | Vmware, Inc. | Selective class hiding in open API component architecture system |
US8745361B2 (en) | 2008-12-02 | 2014-06-03 | Microsoft Corporation | Sandboxed execution of plug-ins |
US20100199357A1 (en) | 2009-02-02 | 2010-08-05 | Microsoft Corporation | Secure hosting for untrusted code |
US8850601B2 (en) * | 2009-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Systems and methods of determining a trust level from system management mode |
US8627451B2 (en) | 2009-08-21 | 2014-01-07 | Red Hat, Inc. | Systems and methods for providing an isolated execution environment for accessing untrusted content |
-
2011
- 2011-07-20 US US13/186,474 patent/US8973158B2/en active Active
-
2012
- 2012-07-10 CN CN201280035888.1A patent/CN103649963B/zh active Active
- 2012-07-10 JP JP2014521651A patent/JP5985631B2/ja active Active
- 2012-07-10 KR KR1020147001337A patent/KR101970744B1/ko active IP Right Grant
- 2012-07-10 EP EP12814655.2A patent/EP2734949B1/en active Active
- 2012-07-10 WO PCT/US2012/045998 patent/WO2013012592A1/en active Application Filing
-
2014
- 2014-11-30 US US14/556,221 patent/US9465948B2/en active Active
-
2016
- 2016-08-03 JP JP2016153045A patent/JP6248153B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002517852A (ja) * | 1998-06-12 | 2002-06-18 | マイクロソフト コーポレイション | 信頼できないコンテントを安全に実行するための方法およびシステム |
JP2004252584A (ja) * | 2003-02-18 | 2004-09-09 | Nec Corp | データアクセス制御装置 |
JP2008102838A (ja) * | 2006-10-20 | 2008-05-01 | Canon Inc | 情報処理方法およびプログラム |
JP2010191681A (ja) * | 2009-02-18 | 2010-09-02 | Ntt Docomo Inc | データ処理装置、データ処理方法、データ処理プログラム |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018084866A (ja) * | 2016-11-21 | 2018-05-31 | キヤノン株式会社 | 情報処理装置、情報処理方法及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
WO2013012592A1 (en) | 2013-01-24 |
EP2734949A1 (en) | 2014-05-28 |
US20150106915A1 (en) | 2015-04-16 |
CN103649963A (zh) | 2014-03-19 |
EP2734949B1 (en) | 2020-11-04 |
US8973158B2 (en) | 2015-03-03 |
US9465948B2 (en) | 2016-10-11 |
JP2017016669A (ja) | 2017-01-19 |
KR20140045502A (ko) | 2014-04-16 |
EP2734949A4 (en) | 2015-05-13 |
JP6248153B2 (ja) | 2017-12-13 |
US20130024929A1 (en) | 2013-01-24 |
JP5985631B2 (ja) | 2016-09-06 |
KR101970744B1 (ko) | 2019-04-22 |
CN103649963B (zh) | 2016-02-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6248153B2 (ja) | 信頼レベルのアクティブ化 | |
US20220308941A1 (en) | Sharing extension points to allow an application to share content via a sharing extension | |
US10949247B2 (en) | Systems and methods for auditing a virtual machine | |
Holla et al. | Android based mobile application development and its security | |
KR101565230B1 (ko) | 샌드박스에 참조들을 유지하는 시스템 및 방법 | |
US8887152B1 (en) | Android application virtual environment | |
US9871800B2 (en) | System and method for providing application security in a cloud computing environment | |
JP2010511227A (ja) | 信頼性の低いアドレス空間への実行コードのコンパイル | |
US10171502B2 (en) | Managed applications | |
Sensaoui et al. | An in-depth study of MPU-based isolation techniques | |
US10482034B2 (en) | Remote attestation model for secure memory applications | |
US20160342788A1 (en) | Generating packages for managed applications | |
Ahmadpanah et al. | Securing node-red applications | |
Zhang et al. | ReACt: A Resource-centric Access Control System for Web-app Interactions on Android | |
Zhang et al. | Achieving resource-centric access control for web-app interactions on android | |
Chiaramida | Reliability Issues among Android Components: Analysis, Testing and Solutions | |
Davidson | Enhancing Mobile Security and Privacy through App Splitting | |
Antukh | BLACKBERRY Z10 RESEARCH PRIMER |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A711 | Notification of change in applicant |
Free format text: JAPANESE INTERMEDIATE CODE: A711 Effective date: 20150523 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20150707 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20150707 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20160630 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20160705 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20160803 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5985631 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |