Process Authentication and Resource Permissions

摘要

The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.

主权项

1. A system, comprising:
a computing node configured to implement a process authentication component and a resource permissions component; the process authentication component being configured to:
receive an executable file that includes a digital signature;select a decryption key corresponding to the digital signature;authenticate the executable file based on the digital signature and the decryption key; andin response to authentication of the executable file, create a process for executing the executable file, and assign to the process a dimension and level based on the decryption key; and the resource permission component being configured to:
receive, from the process, a request to access a system resource;determine a trust level sufficient to access the system resource; andgrant access to the system resource based on the trust level assigned to the process satisfying the dimensions and level sufficient to access the system resource.