1. Field
This disclosure relates generally to information processing system security, and more specifically, to security techniques that employ a whitelist technique for allowing and/or disallowing execution of code.
2. Related Art
Many conventional security solutions employ one of two basic techniques: blacklisting and whitelisting. In general, blacklisting involves blocking specified executions, accesses or behaviors, while whitelisting involves allowing specified executions, accesses or behaviors. Some security solutions employ both techniques.
One problem with conventional blacklisting approaches is that they attempt to block an ever evolving set of “bad things,” typically using pattern matching and/or heuristics/behavioral analysis criteria that must be constantly updated. Unfortunately, the set of known “bad things” has generally defied manageable boundaries to the point that most security products still have false positives (which is bad since they can impede or stop work) and missed vulnerabilities (which is worse, since it can stop work or destroy computer systems completely).
On the other hand, a problem with conventional whitelisting is that, traditionally, implementations have been quite inflexible. Typical computer users are generally not satisfied working within the bounds of their systems. They stretch the bounds of their systems—adding ActiveX controls, scripts, installers, Java applets, applications, etc. By introducing new applications, tools and capabilities, the user is able to accomplish more—but generally, such introductions run counter to constraints enforced or desired (typically by a system administrator) to maintain a secure, managed environment. It is often said that usability and security are mutually exclusive. Indeed, true to the maxim, conventional whitelisting technologies have generally offered a strong whitelisting defense but, in practice, fall short of usability goals due to draconian limitations (or “lockdown” conditions) that constrain even legitimate user activity.
Improved techniques are desired.
The use of the same reference symbols in different drawings indicates similar or identical items.