Data access security

摘要

An execution environment of a computer computes an initial effective permissions set for managed code based on user identity evidence, code evidence and/or a security policy and executes the code with this permissions set. If the managed code requests a data access, the execution environment considers data evidence that indicates the trustworthiness of the requested data. The data evidence can be based on the source of the data, the location of the data, the content of the data itself, or other factors. The execution environment computes a new effective permissions set for the managed code based on the data evidence and the security policy. This new effective permissions set is applied to the managed code while the code accesses the data. The execution environment restores the initial permissions set once the managed code completes the data access.

主权项

1. A computer-implemented method for securing a computer, comprising:
determining a user group associated with a user of the computer; considering code evidence indicating a trustworthiness of code on which a process executed on the computer by the user is based; computing an initial permissions set for the process responsive to the code evidence, the user group, and a security policy; applying the initial permissions set to the process; receiving a request from the process having the initial permissions set to access data; considering data evidence indicating a trustworthiness of the requested data; computing an effective permissions set for the process responsive to the code evidence, the user group, the data evidence and the security policy, wherein the effective permissions set is a subset of the initial permissions set; applying the effective permissions set to the process for the data access; and restoring the initial permissions set to the process responsive to completion of the data access.