Integrating security protection tools with computer device integrity and privacy policy
Abstract
At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
Claims
exact text as granted — not AI-modified1 . A method comprising:
assigning, by a security program operating on a computing device, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.
2 . The method of claim 1 where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program.
3 . The method of claim 1 where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program.
4 . The method of claim 1 where the another integrity label of the security program is based on a characterization of the program.
5 . The method of claim 4 where the characterization considers a check, of maliciousness of the program.
6 . The method of claim 4 where the characterization considers at least one characteristic of an entity from which the program originates.
7 . The method of claim 4 where the characterization considers at least one listing of “known good” or “known bad” programs.
8 . A system comprising:
a computing device configured for assigning, to a program by a security program, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and the computing device further configured for monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.
9 . The system of claim 8 where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program.
10 . The system of claim 8 where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program.
11 . The system of claim 8 where the another integrity label of the security program is based on a characterization of the program.
12 . The system of claim 11 where the characterization considers a check, of maliciousness of the program.
13 . The system of claim 11 where the characterization considers at least one characteristic of an entity from which the program originates.
14 . The system of claim 11 where the characterization considers at least one listing of “known good” or “known bad” programs.
15 . At least one computer storage media storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:
assigning, to a program by a security program operating, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.
16 . The at least one computer storage media of claim 15 where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program.
17 . The at least one computer storage media of claim 15 where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program,
18 . The at least one computer storage media of claim 15 where the another integrity label of the security program is based on a characterization of the program.
19 . The at least one computer storage media of claim 18 where the characterization considers a check of maliciousness of the program.
20 . The at least one computer storage media of claim 18 where the characterization considers at least one characteristic of an entity from which the program originates, or where the characterization considers at least one listing of “known good” or “known bad” programs.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.