WO2002019076A3 - Hybrid privilege enforcement in a restricted execution environment - Google Patents
Hybrid privilege enforcement in a restricted execution environment Download PDFInfo
- Publication number
- WO2002019076A3 WO2002019076A3 PCT/US2001/041732 US0141732W WO0219076A3 WO 2002019076 A3 WO2002019076 A3 WO 2002019076A3 US 0141732 W US0141732 W US 0141732W WO 0219076 A3 WO0219076 A3 WO 0219076A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- enforcement
- trust state
- execution environment
- access
- resources
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/54—Link editing before load time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45529—Embedded in an application, e.g. JavaScript in a Web browser
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001285441A AU2001285441A1 (en) | 2000-08-31 | 2001-08-15 | Hybrid privilege enforcement in a restricted execution environment |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US22948100P | 2000-08-31 | 2000-08-31 | |
US60/229,481 | 2000-08-31 | ||
US67103400A | 2000-09-27 | 2000-09-27 | |
US09/671,034 | 2000-09-27 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002019076A2 WO2002019076A2 (en) | 2002-03-07 |
WO2002019076A3 true WO2002019076A3 (en) | 2003-09-18 |
Family
ID=26923333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/041732 WO2002019076A2 (en) | 2000-08-31 | 2001-08-15 | Hybrid privilege enforcement in a restricted execution environment |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2001285441A1 (en) |
WO (1) | WO2002019076A2 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8245270B2 (en) | 2005-09-01 | 2012-08-14 | Microsoft Corporation | Resource based dynamic security authorization |
US8112745B2 (en) | 2006-03-22 | 2012-02-07 | Honeywell International Inc. | Apparatus and method for capabilities verification and restriction of managed applications in an execution environment |
US10019570B2 (en) | 2007-06-14 | 2018-07-10 | Microsoft Technology Licensing, Llc | Protection and communication abstractions for web browsers |
EP2312485B1 (en) | 2009-08-31 | 2018-08-08 | BlackBerry Limited | System and method for controlling applications to mitigate the effects of malicious software |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996007961A1 (en) * | 1994-09-09 | 1996-03-14 | Cheyenne Advanced Technology Limited | Method of operating a computer system |
US5987608A (en) * | 1997-05-13 | 1999-11-16 | Netscape Communications Corporation | Java security mechanism |
-
2001
- 2001-08-15 AU AU2001285441A patent/AU2001285441A1/en not_active Abandoned
- 2001-08-15 WO PCT/US2001/041732 patent/WO2002019076A2/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996007961A1 (en) * | 1994-09-09 | 1996-03-14 | Cheyenne Advanced Technology Limited | Method of operating a computer system |
US5987608A (en) * | 1997-05-13 | 1999-11-16 | Netscape Communications Corporation | Java security mechanism |
Non-Patent Citations (2)
Title |
---|
DIETMULLER P R: "VIRUS PROTECTION USING DYNAMIC LINKING", MICROPROCESSING AND MICROPROGRAMMING, ELSEVIER SCIENCE PUBLISHERS, BV., AMSTERDAM, NL, vol. 40, no. 9, 1 November 1994 (1994-11-01), pages 599 - 604, XP000483399, ISSN: 0165-6074 * |
PARDYAK P ET AL: "DYNAMIC BINDING FOR AN EXTENSIBLE SYSTEM", OPERATING SYSTEMS REVIEW (SIGOPS), ACM HEADQUARTER. NEW YORK, US, vol. 30, no. SPECIAL ISSUE, 21 December 1996 (1996-12-21), pages 201 - 212, XP000643513 * |
Also Published As
Publication number | Publication date |
---|---|
WO2002019076A2 (en) | 2002-03-07 |
AU2001285441A1 (en) | 2002-03-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2429148A3 (en) | Contents transmission method and contents transmission system | |
US7624111B2 (en) | Active content trust model | |
ATE511671T1 (en) | MINIMAL USER RIGHTS THROUGH RESTRICTED ACCESS PERMISSIONS | |
WO2002013010A3 (en) | Method, system, and program for invoking stored procedures and accessing stored procedure data | |
US20080127142A1 (en) | Compiling executable code into a less-trusted address space | |
WO2003014911A3 (en) | Method, system, and program for generating and using configuration policies | |
CA2400940A1 (en) | Controlling access to a resource by a program using a digital signature | |
CA2104192A1 (en) | Method for Establishing Licensor Changeable Limits on Software Usage | |
RU2004107491A (en) | USE OF POWERS FOR DISTRIBUTION OF DEVICE RESOURCES TO THE APPLICATION | |
WO2000034858A3 (en) | Accelerating a distributed component architecture over a network using a modified rpc communication | |
WO2004051966A3 (en) | System and methodology providing intelligent resource fork | |
WO1999044137A3 (en) | Stack-based access control | |
EP0853279A3 (en) | Method and apparatus for controlling software access to system resources | |
WO2000055732A3 (en) | Resource scheduling | |
WO2001037170A3 (en) | Forms creation method and e-commerce method | |
Druschel et al. | Beyond micro-kernel design: Decoupling modularity and protection in Lipto | |
Dean et al. | Java security: Web browsers and beyond | |
WO2001077797A3 (en) | Method and system for managing credentials | |
WO2002019076A3 (en) | Hybrid privilege enforcement in a restricted execution environment | |
WO2007035327A3 (en) | System and method for component trust model in peer-to-peer service composition | |
WO2003032158A3 (en) | System and method for specifying access to resources in a mobile code system | |
WO2001018650A3 (en) | Resource access control system | |
Wobber et al. | Authorizing applications in singularity | |
CN114372255A (en) | Identity authentication method and device based on application software fingerprint | |
EP0869442A4 (en) | Device and method for accelerating memory access speed |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |