The present invention relates to creating one or more highly secure application security environments in computing systems. An Application Security Environment is an environment in which a user or a group of users can run one or more tasks or one or more processes or one or more applications and in which privileges of the tasks or processes or applications run by a user or a user group can be more constrained than the privileges of the user or the user group. An application could consist of one or more tasks or processes. A process could consist of one or more threads.
Current technologies provide protection using operating system software and a malicious program or user can get access as a privileged user with limited access restrictions and run programs on behalf of other users or read confidential user data or corrupt user data. It requires hardware support to provide complete protection for user data from malicious programs.
There are different methods for access control such as non-privileged users in UNIX or Windows operating systems who cannot execute privileged instructions or access all parts of volatile or non-volatile memories (storage). But a malicious program or user can sometimes exploit security weaknesses in an operating system, to get access as a privileged user. This will allow malicious users to impersonate privileged users and gain access to critical data belonging to other users or corrupt users' data. UNIX and Windows privileges also do not allow limiting privileges assigned to a privileged user.
High level of application protection is provided by Application Security Environments such as Solaris containers and HPUX Security Containers. Each container ideally has only a subset of the privileges and compromising security of most of the containers poses only a limited risk. However, when either the operating system security is compromised or when the security of a container that is used to create other containers is compromised, it will result in significant risk to both computer user's identity and data.
There is serious risk to users' data and users' identity when their laptops are stolen or when someone gains access to a user's computer in the user's absence.
There is serious risk to users' data and users' identity when a privileged user is malicious. The privileged user may create containers that compromises both user's identity and user's data.
There are many methods for protecting computer users and user data which do not require manual action for enabling and disabling protection; Such protections can be compromised by malicious privileged users or by malicious programs by emulating the required software behavior.
U.S. Pat. No. 6,330,648 illustrates a method of adding protection against malicious programs using a manually controlled hardware with two states. By default the protection is enabled and has a mechanism to manually switch off the protection. This invention will not be able to provide protection for portions of storage belonging to each Application Security Environment, as is possible using our invention. Another drawback of the invention is that the solution cannot be used with mass memories which are already manufactured.
U.S. Patent Application 20060117156 illustrates a method of adding protection for non-volatile memories against malicious programs using a manually controlled hardware with two or more states, but only two states are used for protection. One state has protection enabled and other state has protection disabled. This invention will not be able to provide protection for portions of storage belonging to each Application Security Environment, as is possible using our invention.
U.S. patent application Ser. Nos. 11/514807, 11/515619 and 11/519178 shows different manually controlled hardware solutions that protect data on mass-memories for each user. These patents propose dividing mass-memories into different areas and protecting these areas against malicious access. But these solutions can not provide fine grained protection for each Application Security Environment. The privileges get enabled at user level and if any of the programs that are run by the user is malicious when the state corresponding to a privileged user corresponds to low protection, it can cause serious risk to the user's data and user's identity.
FIG. 1 shows an example of a computer 101 with multiple users and multiple Application Security Environments each containing multiple processes. There are 3 Application Security Environments in the computer. Application Security Environment P 102 contains two processes A 105 and D 106. Application Security Environment Q 103 contains two processes C 107 and E 108. Application Security Environment R 104 contains two processes B 109 and F 110. The Application Security Environment P 102 and Q 103 are owned by User Y 111. The Application Security Environment R 104 is owned by User Group X 112.