Merging mandatory access control (MAC) policies in a system with multiple execution containers
US8479256B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 26, 2008 |
| Grant date | Jul 2, 2013 |
| Priority date | — |
| Expiry date | Mar 20, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/53
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Application of a local instance of a general security policy is described. In a system with an instance of a program executing in a path container, a security policy applicable the the instance of the program is managed locally for the path container. The path container provides a confined execution environment for the program instance, and the security policy defines permitted operations for the program an all its instances. The instance of the security policy is associated with the path container, which allows the program instance to “see” management within the path container as though with the security policy, while entities having permissions outside the path container “see” the program instance limited to the path container and its associated security policy instance.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.