摘要 |
The present invention provides a method and apparatus for a cryptographically assisted computer system designed to deter viruses and malware via enforced accountability and access policies. The Security Enforcement System (1000) comprises a security policies enforcement engine (400) configured to enforce security policies (200) to executable software files, based on their compliance with defined cryptographic policies (100). In a preferred embodiment, cryptographic policies (100) include the unequivocal identification of the software author or authors, and the security policies (200) are defined such that properly encrypted software files are given full access rights to the computer system resources (600, 700, 800, 900), whereas non-compliant files are given limited access rights to neuter potential malicious behaviour goals. The security enforcement system engine (400) applies the security policies (200) to a software file and all its dependants, including spawn processes and threads as well as dynamic link libraries and other independent executable file objects.
|