| 摘要 |
A method and system for securely enforcing a computer policy uses a secure computer resource (102) which includes both data (106) and policy rules (110) to be applied. The resource also includes a control set (108) which specifies the operations that are permitted on the resource, and the criteria under which permission will be given. An external agent (104) wishing to use the resource sends a request to a secure processor (100), which uses an access processor (120) to confiim that the operation is approved. As the operation proceeds, an operation processor (118) checks against a list of conditions (124) and stops when one occurs. If the condition corresponds to a trigger within the policy, control is passed to a policy processor (122) which securely executes a corresponding method, also defined within the policy. The resource is digitally signed by its owner who can therefore be sure that the embedded policy will always be followed when an approved operation is applied to the resource by an approved user.
|
