Filtering a permission set using permission requests associated with a code assembly

Assignee

• Microsoft Corporation · US

Inventors

• Brian A. LaMacchia · Seattle, US
• Loren M. Kohnfelder · Bellevue, US
• Gregory D. Fee · Seattle, US
• Michael J. Toutonghi · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/52
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.