Trust level activation

摘要

An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

主权项

1. A computer-implemented method, comprising:
associating one of a plurality of trust levels with a component, the component including executable instructions that access a resource controlled by an operating system, the trust level associates a security level with the resource; associating a privilege level with an application, the privilege level associates a security level with the application, the trust level of the component separate from the privilege level of the application; executing the application in an isolation execution environment when the privilege level of the application is a first level; requesting, by the application, activation of the component; and based on the trust level of the component and the privilege level of the application, executing the component requested by the application in a broker process, the broker process accesses the resource in an execution environment that is separate from the isolation execution environment.