| 发明名称 | Generating security permissions | ||
| 摘要 | Embodiments of the invention relate to generating security permissions for applications. A static analysis on an application is carried out to determine security exceptions and to determine the application components responsible for the security exceptions. The determined security exceptions are analyzed to calculate permissions required for each component. A security policy file that includes a hierarchy of the required permissions suitable for the type of application is formatted and applied to the application to provide a security enabled application. | ||
| 申请公布号 | US8931103(B2) | 申请公布日期 | 2015.01.06 |
| 申请号 | US201213561574 | 申请日期 | 2012.07.30 |
| 申请人 | International Business Machines Corporation | 发明人 | Deakin Hannah;Jiang Fenghui;McNamara John;Whittick Emlyn |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00;G06F21/00;G06F21/62;G06F21/60 | 主分类号 | G06F11/00 |
| 代理机构 | Cantor Colburn LLP | 代理人 | Cantor Colburn LLP ;Johnson Prentiss |
| 主权项 | 1. A computer-implemented method for generating security permissions for computer applications, the method comprising: carrying out static analysis on the source code of an application to determine security exceptions and to determine components of the source code of the application responsible for the security exceptions; analysing the determined security exceptions to calculate permissions required for each of the components during execution of the application; formatting a security policy file to include a hierarchy of required permissions based on the calculated permissions, the required permissions of the hierarchy of required permissions each being required by at least one of a node and a plurality of descendants of the node, the formatting based on a type of the application, wherein formatting the security policy file comprises: determining that each of the plurality of descendants of the node requires a first particular permission that is the same for each of the plurality of descendants;pulling up the first particular permission from a level of each of the plurality of descendants to a level of the node in the hierarchy of required permissions based on determining that each of the plurality of descendants requires the first particular permission; andbased on only a single descendent of the plurality of descendants requiring a second particular permission, leaving the second particular permission linked only to the single descendant in the hierarchy of permissions; and applying the security policy file comprising the hierarchy of required permissions to the application during execution of the application to provide a security enabled application. | ||
| 地址 | Armonk NY US | ||