摘要 |
A computerized method provides unshared local storage space to a process distributed by a trusted source through the use of an identity associated with the process that specifies local capabilities for the identity on a computer. The method obtains the identity and allocates the local storage space based on the information on the local capabilities, securing the space with the identity so that only a process with the same identity can access the space. The method also enforces the local capabilities on the process by monitoring the use of the local storage space. The identity is uniquely defined by a digital certificate or similar security facility. The identity is associated with a data structure, such as a digital signature, that includes the size of the local storage space and, optionally, whether the process is subject to global storage limits set by the computer. A computerized system which executes the method is also disclosed.
|