US2013086678A1PendingUtilityA1

Integrating security protection tools with computer device integrity and privacy policy

52
Assignee: MICROSOFT CORPPriority: Jun 20, 2006Filed: Nov 29, 2012Published: Apr 4, 2013
Est. expiryJun 20, 2026(expired)· nominal 20-yr term from priority
G06F 21/50G06F 21/53G06F 21/51
52
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 assigning, by a security program operating on a computing device, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and   monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.   
     
     
         2 . The method of  claim 1  where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program. 
     
     
         3 . The method of  claim 1  where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program. 
     
     
         4 . The method of  claim 1  where the another integrity label of the security program is based on a characterization of the program. 
     
     
         5 . The method of  claim 4  where the characterization considers a check, of maliciousness of the program. 
     
     
         6 . The method of  claim 4  where the characterization considers at least one characteristic of an entity from which the program originates. 
     
     
         7 . The method of  claim 4  where the characterization considers at least one listing of “known good” or “known bad” programs. 
     
     
         8 . A system comprising:
 a computing device configured for assigning, to a program by a security program, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and   the computing device further configured for monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.   
     
     
         9 . The system of  claim 8  where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program. 
     
     
         10 . The system of  claim 8  where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program. 
     
     
         11 . The system of  claim 8  where the another integrity label of the security program is based on a characterization of the program. 
     
     
         12 . The system of  claim 11  where the characterization considers a check, of maliciousness of the program. 
     
     
         13 . The system of  claim 11  where the characterization considers at least one characteristic of an entity from which the program originates. 
     
     
         14 . The system of  claim 11  where the characterization considers at least one listing of “known good” or “known bad” programs. 
     
     
         15 . At least one computer storage media storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:
 assigning, to a program by a security program operating, an integrity label to a program, where the security program comprises another integrity label and is configured for assigning integrity labels that indicate a level of integrity that is less than that of the security program as indicated by the another integrity label, and where a relatively low level of integrity indicated by an integrity label assigned to any program designates a correspondingly high potential that the any program could compromise security of a device or any of its components; and   monitoring the program by the security program based at least in part on the assigned integrity label, the monitoring comprising preventing the monitored program from unauthorized-modifying any data with a higher level of integrity than that of the monitored program.   
     
     
         16 . The at least one computer storage media of  claim 15  where the level of integrity indicated by the assigned integrity label resembles that indicated by the another integrity label of the security program. 
     
     
         17 . The at least one computer storage media of  claim 15  where the program is monitored by a plurality of security programs, each of which are configured for further monitoring the program based on a unique criterion of the program, 
     
     
         18 . The at least one computer storage media of  claim 15  where the another integrity label of the security program is based on a characterization of the program. 
     
     
         19 . The at least one computer storage media of  claim 18  where the characterization considers a check of maliciousness of the program. 
     
     
         20 . The at least one computer storage media of  claim 18  where the characterization considers at least one characteristic of an entity from which the program originates, or where the characterization considers at least one listing of “known good” or “known bad” programs.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.