CA2469633A1 - Software safety execution system - Google Patents
Software safety execution system Download PDFInfo
- Publication number
- CA2469633A1 CA2469633A1 CA002469633A CA2469633A CA2469633A1 CA 2469633 A1 CA2469633 A1 CA 2469633A1 CA 002469633 A CA002469633 A CA 002469633A CA 2469633 A CA2469633 A CA 2469633A CA 2469633 A1 CA2469633 A1 CA 2469633A1
- Authority
- CA
- Canada
- Prior art keywords
- file
- execution system
- storage unit
- file name
- pot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
A mechanism for safely executing software which is appropriate for software distribution. At site (312) of a transmitter side, an execution file (332) and a data file (334) processed by the execution file are encapsulated. Two remaining files (336, 338) do not exist physically at a pot (320) of the transmitter site. An archive file (320) is transmitted to the receiver site (314). At the receiver site (314), according to the rule of the security policy (340), a program (332) can map the file (336, 338) substantially not existing in the port to the file (354) of the local file system and file (356) of another pot (350) and perform processing by using the file (334) in the pot and the mapped files (354, 356).
Claims (21)
1. A secure software execution system allowing secure software execution comprising:
a pot that, includes a file name storage unit, which stores the names of files to be used including an executable file, and a file storage unit, which stores files; and a mapping means that translates a file name in the file name storage unit into the file name of an execution system, wherein the mapping means limits accessible files to only those described in the file name storage unit in the pot.
a pot that, includes a file name storage unit, which stores the names of files to be used including an executable file, and a file storage unit, which stores files; and a mapping means that translates a file name in the file name storage unit into the file name of an execution system, wherein the mapping means limits accessible files to only those described in the file name storage unit in the pot.
2. The secure software execution system of Claim 1, wherein the mapping means extracts a file from the file storage unit and provides it to an execution system before excecution.
3. The secure software execution system of Claim 1, wherein the mapping means extracts a file from the file storage unit and provides it to an execution system when required during execution.
4. The secure software execution system of any of Claims 1 through 3, wherein an executable file name to be initiated first can be stored in the file name storage unit.
5. The secure software execution system of any of Claims 1 through 4, wherein the file name storage unit stores a file name of a file other than those in the file storage unit, and the mapping means maps that file name to a file for an execution system and/
or a file in another pot.
or a file in another pot.
6. The secure software execution system of any of Claims 1 through 5, wherein the file name storage unit can store directory names, and the mapping means maps each of those directory names to a directory for an execution system and/ or a directory in another pot.
7. The secure software execution system of Claim 6, wherein the mapping means associates the directory names with a plurality of directories in a predetermined order, and maps them to files in the directories in that order.
8. The secure software execution system of any of Claims 1 through 7, wherein the file name storage unit, can store file names in a site on a network, and the mapping means transfers a file having the file name from a site to an execution system.
9. The secure software execution system of any of Claims 1 through 8, wherein the mapping moans can map a process as a file.
10. The secure software execution system of any of Claims 1 through 9, wherein the mapping means can map to a file created by a process.
11. The secure software execution system of any of Claims 1 through 10, wherein the mapping means carries out mapping in conformity with a security policy specification for a execution system.
12. The secure software execution system of Claim 11, wherein the security policy specification includes specification of system calls that can be issued during execution.
13. The secure software execution system of Claim 11 or 12, wherein the security policy specification can be downloaded from another site on the network.
14. The secure software execution system of Claims 1 to 13, wherein specifications of file access authority of each user can be stored in the file name storage unit, and the mapping means controls access to a file in conformity with the specification of the access authority.
15. The secure software execution system of Claim 14, wherein the mapping means decrypts and reads out a tile by each user's read-out key.
16. The secure software execution system of Claim 14, wherein the mapping means decrypts a read-out key by each user's secret key, and decrypts and reads out a tile using that decrypted key.
17. The secure software execution system of Claim 14, wherein the mapping means decrypts a pair of a public key and a secret key or a read-out key and a write-in key by each user's secret key, and decrypts or encrypts a file using that decrypted key.
l8. A server system including pot information and security policy information comprising:
a datatase, which stores pot information and security policy specification corresponding to the pot information; and a retrieving means, which can retrieve the security policy by identifying a pot.
a datatase, which stores pot information and security policy specification corresponding to the pot information; and a retrieving means, which can retrieve the security policy by identifying a pot.
19. A recording medium that records a pot including a file name storage unit, which stores the names of files to be used including an executable file, and a file storage unit, which stores files.
20. A recording medium that records a program describing implementation of a mapping means in a computer system, which translates a file name in a file name storage unit in a pot into a file name for an execution system, wherein the pot includes a file name storage unit, which stores the names of files to be used including an executable file, and a file storage unit, which stores files; wherein the mapping means limits accessible files to only those described in the file name storage unit in the pot when executing that program.
21. A program describing information of a mapping means in a computer system, which translates a file name in a file name storage unit in a hot into a file name for an execution system, wherein the pot includes a file name storage unit, which stores the names of files to be used including an executable file, and a file storage unit, which stores files; wherein the mapping means limits accessible files to only those described in the file name storage unit in the pot when executing that program.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2001-380629 | 2001-12-13 | ||
| JP2001380629 | 2001-12-13 | ||
| PCT/JP2002/012659 WO2003050662A1 (en) | 2001-12-13 | 2002-12-03 | Software safety execution system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2469633A1 true CA2469633A1 (en) | 2003-06-19 |
| CA2469633C CA2469633C (en) | 2011-06-14 |
Family
ID=19187209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2469633A Expired - Fee Related CA2469633C (en) | 2001-12-13 | 2002-12-03 | Software safety execution system |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US7690023B2 (en) |
| JP (1) | JP4522705B2 (en) |
| CA (1) | CA2469633C (en) |
| WO (1) | WO2003050662A1 (en) |
Families Citing this family (66)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4512331B2 (en) * | 2003-07-11 | 2010-07-28 | 株式会社リコー | Encapsulated document creation device |
| US8539063B1 (en) | 2003-08-29 | 2013-09-17 | Mcafee, Inc. | Method and system for containment of networked application client software by explicit human input |
| US7464408B1 (en) * | 2003-08-29 | 2008-12-09 | Solidcore Systems, Inc. | Damage containment by translation |
| US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
| US7546286B2 (en) * | 2004-02-19 | 2009-06-09 | Microsoft Corporation | Offline multi-table data editing and storage |
| US7716168B2 (en) | 2005-06-29 | 2010-05-11 | Microsoft Corporation | Modifying table definitions within a database application |
| US7546291B2 (en) * | 2004-02-19 | 2009-06-09 | Microsoft Corporation | Data source task pane |
| US8135755B2 (en) | 2005-06-29 | 2012-03-13 | Microsoft Corporation | Templates in a schema editor |
| US7783735B1 (en) * | 2004-03-22 | 2010-08-24 | Mcafee, Inc. | Containment of network communication |
| JP2005293109A (en) * | 2004-03-31 | 2005-10-20 | Canon Inc | Software execution management device, software execution management method, and control program |
| US8607299B2 (en) * | 2004-04-27 | 2013-12-10 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
| JP4745238B2 (en) * | 2004-08-12 | 2011-08-10 | 富士通株式会社 | Java applet, JAR file generation method, JAR file generation program, JAR file generation apparatus |
| US7873955B1 (en) | 2004-09-07 | 2011-01-18 | Mcafee, Inc. | Solidifying the executable software set of a computer |
| JP4376233B2 (en) * | 2005-02-04 | 2009-12-02 | 株式会社エヌ・ティ・ティ・ドコモ | Client apparatus, device verification apparatus, and verification method |
| US7603552B1 (en) | 2005-05-04 | 2009-10-13 | Mcafee, Inc. | Piracy prevention using unique module translation |
| US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
| US7617534B1 (en) | 2005-08-26 | 2009-11-10 | Symantec Corporation | Detection of SYSENTER/SYSCALL hijacking |
| US7685638B1 (en) | 2005-12-13 | 2010-03-23 | Symantec Corporation | Dynamic replacement of system call tables |
| US7743026B2 (en) * | 2006-01-31 | 2010-06-22 | Microsoft Corporation | Redirection to local copies of server-based files |
| US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
| US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
| US8893111B2 (en) | 2006-03-31 | 2014-11-18 | The Invention Science Fund I, Llc | Event evaluation using extrinsic state information |
| US7870387B1 (en) | 2006-04-07 | 2011-01-11 | Mcafee, Inc. | Program-based authorization |
| US8352930B1 (en) | 2006-04-24 | 2013-01-08 | Mcafee, Inc. | Software modification by group to minimize breakage |
| US8555404B1 (en) | 2006-05-18 | 2013-10-08 | Mcafee, Inc. | Connectivity-based authorization |
| US20080127142A1 (en) * | 2006-11-28 | 2008-05-29 | Microsoft Corporation | Compiling executable code into a less-trusted address space |
| US9424154B2 (en) | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
| US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
| US7671567B2 (en) * | 2007-06-15 | 2010-03-02 | Tesla Motors, Inc. | Multi-mode charging system for an electric vehicle |
| KR100897849B1 (en) | 2007-09-07 | 2009-05-15 | 한국전자통신연구원 | Apparatus and Method for finding malicious process |
| US8195931B1 (en) | 2007-10-31 | 2012-06-05 | Mcafee, Inc. | Application change control |
| US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
| US8615502B2 (en) | 2008-04-18 | 2013-12-24 | Mcafee, Inc. | Method of and system for reverse mapping vnode pointers |
| US20100125830A1 (en) * | 2008-11-20 | 2010-05-20 | Lockheed Martin Corporation | Method of Assuring Execution for Safety Computer Code |
| US8544003B1 (en) | 2008-12-11 | 2013-09-24 | Mcafee, Inc. | System and method for managing virtual machine configurations |
| US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
| US8341627B2 (en) | 2009-08-21 | 2012-12-25 | Mcafee, Inc. | Method and system for providing user space address protection from writable memory area in a virtual environment |
| US9552497B2 (en) | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
| US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
| US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
| US8549003B1 (en) | 2010-09-12 | 2013-10-01 | Mcafee, Inc. | System and method for clustering host inventories |
| US9075993B2 (en) | 2011-01-24 | 2015-07-07 | Mcafee, Inc. | System and method for selectively grouping and managing program files |
| US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
| KR20120100046A (en) * | 2011-03-02 | 2012-09-12 | 삼성전자주식회사 | Apparatus and method for access control of contents in distributed environment network |
| US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
| US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
| US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
| US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
| US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
| US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
| US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
| JP5591883B2 (en) * | 2012-07-23 | 2014-09-17 | 株式会社東芝 | Information processing apparatus and program |
| US8826432B2 (en) | 2012-12-06 | 2014-09-02 | Airwatch, Llc | Systems and methods for controlling email access |
| US9021037B2 (en) | 2012-12-06 | 2015-04-28 | Airwatch Llc | Systems and methods for controlling email access |
| US8832785B2 (en) | 2012-12-06 | 2014-09-09 | Airwatch, Llc | Systems and methods for controlling email access |
| US8978110B2 (en) | 2012-12-06 | 2015-03-10 | Airwatch Llc | Systems and methods for controlling email access |
| US8862868B2 (en) | 2012-12-06 | 2014-10-14 | Airwatch, Llc | Systems and methods for controlling email access |
| US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
| US8935781B1 (en) | 2013-02-01 | 2015-01-13 | Google Inc. | Native code module security for arm 64-bit instruction set architectures |
| US9787686B2 (en) | 2013-04-12 | 2017-10-10 | Airwatch Llc | On-demand security policy activation |
| JP6079875B2 (en) | 2013-05-27 | 2017-02-15 | 富士通株式会社 | Application execution program, application execution method, and information processing terminal device for executing application |
| WO2015060857A1 (en) | 2013-10-24 | 2015-04-30 | Mcafee, Inc. | Agent assisted malicious application blocking in a network environment |
| EP3108395B1 (en) * | 2014-02-18 | 2018-10-24 | Proofpoint, Inc. | Targeted attack protection using predictive sandboxing |
| WO2016024480A1 (en) * | 2014-08-11 | 2016-02-18 | 日本電信電話株式会社 | Browser-emulator device, construction device, browser emulation method, browser emulation program, construction method, and construction program |
| US11700241B2 (en) * | 2019-02-27 | 2023-07-11 | Sevitech, Llc | Isolated data processing modules |
| US11409864B1 (en) | 2021-06-07 | 2022-08-09 | Snowflake Inc. | Tracing supervisor for UDFs in a database system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6167522A (en) | 1997-04-01 | 2000-12-26 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
| JP2001175526A (en) | 1999-12-20 | 2001-06-29 | Ando Electric Co Ltd | System and method for testing ic |
| US20020092003A1 (en) * | 2000-11-29 | 2002-07-11 | Brad Calder | Method and process for the rewriting of binaries to intercept system calls in a secure execution environment |
-
2002
- 2002-12-03 CA CA2469633A patent/CA2469633C/en not_active Expired - Fee Related
- 2002-12-03 US US10/498,318 patent/US7690023B2/en not_active Expired - Fee Related
- 2002-12-03 JP JP2003551654A patent/JP4522705B2/en not_active Expired - Fee Related
- 2002-12-03 WO PCT/JP2002/012659 patent/WO2003050662A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2003050662A1 (en) | 2003-06-19 |
| JPWO2003050662A1 (en) | 2005-04-21 |
| JP4522705B2 (en) | 2010-08-11 |
| US20050228990A1 (en) | 2005-10-13 |
| US7690023B2 (en) | 2010-03-30 |
| CA2469633C (en) | 2011-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2469633A1 (en) | Software safety execution system | |
| CA2417516C (en) | Method and apparatus for automatic database encryption | |
| US5548721A (en) | Method of conducting secure operations on an uncontrolled network | |
| EP1012691B1 (en) | Encrypting file system and method | |
| CA2253585C (en) | Cryptographic file labeling system for supporting secured access by multiple users | |
| CN106131048B (en) | Non-trust remote transaction file safe storage system for block chain | |
| US7840750B2 (en) | Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof | |
| US7949693B1 (en) | Log-structured host data storage | |
| JP3516591B2 (en) | Data storage method and system and data storage processing recording medium | |
| US7908489B2 (en) | Method for managing external storage devices | |
| EP2043073A1 (en) | Method for encrypting and decrypting shared encrypted files | |
| US20040143733A1 (en) | Secure network data storage mediator | |
| AU2002213436A1 (en) | Method and apparatus for automatic database encryption | |
| JP4167476B2 (en) | Data protection / storage method / server | |
| WO2016128070A1 (en) | Method for storing a data file of a client on a storage entity | |
| KR20130107298A (en) | Managing shared data using a virtual machine | |
| CN110990863B (en) | Method for realizing file access control through timestamp and encryption algorithm | |
| CN101630292A (en) | File encryption-decryption method of USB removable storage device | |
| US20050138398A1 (en) | System of databases of personal data and a method of governing access to databases of personal data | |
| JP4587688B2 (en) | Encryption key management server, encryption key management program, encryption key acquisition terminal, encryption key acquisition program, encryption key management system, and encryption key management method | |
| CN108900510A (en) | Off-line data storage method, device, computer equipment and storage medium | |
| WO2008065342A1 (en) | Data maps | |
| WO2004001561A2 (en) | Computer encryption systems | |
| KR100923394B1 (en) | Method of network-storage implementation in VPN | |
| EP2028603B1 (en) | External storage medium adapter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20141203 |
|
| MKLA | Lapsed |
Effective date: 20141203 |