发明名称 |
Process Authentication and Resource Permissions |
摘要 |
The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions. |
申请公布号 |
US2014380058(A1) |
申请公布日期 |
2014.12.25 |
申请号 |
US201313925703 |
申请日期 |
2013.06.24 |
申请人 |
Microsoft Corporation |
发明人 |
Agarwal Vishal;Gottumukkala Sunil P.;Kishan Arun U.;McPherson Dave M.;Andes Jonathan M.;Sridharan Giridharan;Kinshumann Kinshuman;Damiano Adam;Khan Salahuddin J.;Kannan Gopinathan |
分类号 |
H04L9/08;H04L9/32 |
主分类号 |
H04L9/08 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system, comprising:
a computing node configured to implement a process authentication component and a resource permissions component; the process authentication component being configured to:
receive an executable file that includes a digital signature;select a decryption key corresponding to the digital signature;authenticate the executable file based on the digital signature and the decryption key; andin response to authentication of the executable file, create a process for executing the executable file, and assign to the process a dimension and level based on the decryption key; and the resource permission component being configured to:
receive, from the process, a request to access a system resource;determine a trust level sufficient to access the system resource; andgrant access to the system resource based on the trust level assigned to the process satisfying the dimensions and level sufficient to access the system resource. |
地址 |
Redmond WA US |