1. Field of the Invention
The present invention relates to a computer program product, system, and method for using a declaration of security requirements to determine whether to permit application operations.
2. Description of the Related Art
Security software programs, such as anti-virus and firewall programs, are designed to detect and prevent the execution of malicious software (malware), including viruses, and access by unauthorized users, such as hackers. One type of anti-virus program searches for known patterns of data within executable code that matches code or a slight variation of code included in a signature file including known malicious code. The anti-virus program determines whether subject code being inspected matches or is a slight variation of malicious code included in the signature file. Anti-virus programs employing this signature-based approach may not be able to identify new viruses not indicated in the signature file. Another type of antivirus software determines whether the actions and behavior of code indicates malicious behavior as indicated in a behavior signature file. The behavior monitoring approach may not detect new patterns of behavior by more recent viruses and legitimate software may exhibit the same behavior as malware, such as downloading and uploading files, reading the registry accessing system paths, etc. Further, behavior based approaches may only detect the malevolent software after the actions have been performed.
Security programs that monitor application behavior, such as attempts to write to or access the registry file, specific ports may block activity and then query the user through a graphical user interface (GUI) to indicate whether a requested action by an application is authorized. This user query approach depends on the computer knowledge of the user. Many computer users lack the knowledge to provide an informed decision on whether to allow actions to proceed, and the impact of their decision on the computer security and application performance.
There is a need in the art for improved techniques for detecting and stopping malicious code and unauthorized users from accessing computer resources.