Systems and methods for using tiered signing certificates to manage the behavior of executables

摘要

Computer-implemented methods and systems for using tiered signing certificates to manage the behavior of executables are disclosed. In one example, a method for performing such a task may include: 1) identifying an executable file, 2) identifying a signing certificate associated with the executable file, 3) identifying, within the signing certificate, a privilege level associated with the executable file, and then 4) managing behavior of the executable file in accordance with the privilege level associated with the executable file. Corresponding methods and systems for generating tiered signing certificates for executable files are also disclosed.

主权项

1. A computer-implemented method for using tiered signing certificates to manage the behavior of executables, the method comprising:
identifying, at a computing device that comprises at least one hardware processor, an executable file; identifying, at the computing device, a signing certificate associated with the executable file; decrypting, at the computing device using a public key provided by a certificate authority, the signing certificate associated with the executable file to obtain a privilege level assigned to the executable file by the certificate authority that identifies at least one privileged operation that the executable file is allowed to perform on the computing device; managing, at the computing device, privileged operations performed on the computing device by the executable file in accordance with the privilege level assigned to the executable file by the certificate authority by: preventing the executable file from performing privileged operations that exceed the privilege level assigned to the executable file by the certificate authority; allowing the executable file to perform privileged operations that do not exceed the privilege level assigned to the executable file by the certificate authority.