摘要 |
A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.
|