1. Field of the Invention
This invention pertains in general to computer security and in particular to determining the set of permissions to grant an executing process.
2. Description of the Related Art
Computer security has become increasingly important in recent times. Server computers that store confidential data, such as credit card numbers or medical records, must be protected from attempts by malicious attackers to obtain the data. Likewise, other computers such as home computers must be protected from malicious software including viruses, worms, spyware, Trojan horse programs, and other similar threats that an end-user is likely to encounter when connected to the Internet. Modern operating systems, such as Unix, Linux, and MICROSOFT WINDOWS XP incorporate security paradigms that are intended to protect the computers from malicious behaviors.
Until recently, computer security paradigms relied on the concept of “transitive security” to protect the computer. A end-user having a defined role is assigned a set of permissions by the operating system. All code executed by that user always has the same set of permissions as the end-user. Transitive security can be problematic if an end-user having broad permissions executes malicious software because the malicious software will also have broad permissions.
Newer operating systems support paradigms that specify the permissions based at least in part on the code itself. Microsoft's new operating systems, for example, provide a feature called “.NET Security.” .NET Security is based on three aspects: 1) managed code; 2) identity/role-based security; and 3) code evidence-based security. Managed code is supervised by the operating system as it is executed to ensure that it does not perform any operations that exceed the scope of its permissions. Identity/role-based security means that the code has permissions defined in part by the identity and role of the end-user that executes the code. Under code evidence-based security, the permissions of the code are determined in part by the trustworthiness of the code itself.
However, the code and end-user are not the only entities on the computer that can instigate malicious behavior. Many attacks on computers are instigated by data, or by executable code that is disguised within data. The data are specially-crafted to exploit a vulnerability of legitimate code that processes the data. The exploit causes the legitimate code to perform a malicious action and/or transfers execution to malicious code hidden within the data. If both the end-user and legitimate code are trusted, the malicious activities can cause considerable damage to the computer.
Therefore, there is a need in the art for a way to protect computers from malicious data and/or malicious code disguised as data.