| 发明名称 |
Inter-process message security |
| 摘要 |
An inter-process messaging security management may be provided. A message comprising an operation to be performed may be sent from a process operating in a process chamber to a second process operating in another chamber. Before the message is allowed to be delivered, the validity of the operation contained in the message may be verified and a security policy may be examined to determine whether the message is permitted to be sent from the first process to the second process. If the security policy permits the second process to execute the operation requested by the first process, the message may be delivered to the second process. If the operation is not permitted, the message may not be delivered and an error message may be returned to the first process. |
| 申请公布号 |
US9418219(B2) |
申请公布日期 |
2016.08.16 |
| 申请号 |
US200812101243 |
申请日期 |
2008.04.11 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Bathula Avinashreddy;Alexander Jimmy;Bentley Keith C.;Coles Neil L.;Hudson Brian;Lyons Matthew G.;Miller John Mark;Rogers Andrew M.;Sandadi Upender R.;Shell Scott R.;Vincent Jon |
| 分类号 |
G06F17/00;G06F21/53;G06F21/55;G06F9/46;G06F21/54;G06F21/52 |
主分类号 |
G06F17/00 |
| 代理机构 |
|
代理人 |
Yee Judy;Minhas Micky |
| 主权项 |
1. A method for providing inter-process messaging security, the method comprising:
receiving a message from a first process associated with a first set of processes governed by a first set of security policies, the message comprising a request to perform an operation by a destination application; determining a destination process for the message; determining whether the destination process is associated with a second set of processes governed by a second set of security policies; in response to determining that the destination process is associated with the second set of processes, determining whether at least one security policy permits interaction between the first set of processes and the second set of processes; in response to determining that the at least one security policy permits interaction between the first set of processes and the second set of processes, sending the message to the destination process, wherein sending the message to the destination process comprises sending the message via an application programming interface between the first process and the second process; determining whether the message requires the destination process to send a second message to at least one other process, wherein the at least one other process is associated with at least one other set of processes; in response to determining that the message requires the destination process to send the second message to the at least one other process, determining whether the at least one security policy permits interaction between the second set of processes and the at least one other set of processes; in response to determining that the at least one security policy and the at least one other set of processes permits interaction between the second set of processes and the at least one other set of processes, determining whether the at least one security policy permits interaction between the first set of processes and the at least one other set of processes; and in response to determining that the at least one security policy permits interaction between the first set of processes and the at least one other set of processes, sending the message to the at least one other process. |
| 地址 |
Redmond WA US |
