Recently, researchers have determined that malicious computer programs (“malware”) may be evolving faster than security-software programs can react. In an attempt to address this problem, security-software providers have begun migrating towards various “whitelisting” approaches. In many whitelisting systems, only applications or files that are contained within a defined list may be accessed or executed by a computing system. One of the more deterministic whitelisting approaches requires that executable files be signed by the publisher of the file and/or a trusted certificate authority. In this approach, the whitelisting system may only allow a computing system to access or execute files that can be verified as originating from a publisher that has been authenticated by a trusted certificate authority.
Unfortunately, not all executable files require the same level of privileges in order to perform their intended tasks. For example, some executable files require high-level privileges (such as the ability to open a network connection or inject code into an additional process), while others merely require low-level privileges (such as the ability to execute or access a local file system). Traditional signing techniques, however, fail to account for these varying privilege needs. For example, a conventional signing certificate (issued, for example, by a certificate authority) may grant a publisher all available privileges, even if an executable file generated by the publisher only requires various low-level privileges. Moreover, the vetting process for obtaining signing certificates from certificate authorities is traditionally the same for all publishers, regardless of the purpose or needs of the executable files to be signed by the signing certificate.