Invention Grant
US08479256B2 Merging mandatory access control (MAC) policies in a system with multiple execution containers
有权
在具有多个执行容器的系统中合并强制访问控制(MAC)策略
- Patent Title: Merging mandatory access control (MAC) policies in a system with multiple execution containers
- Patent Title (中): 在具有多个执行容器的系统中合并强制访问控制(MAC)策略
-
Application No.: US12324677Application Date: 2008-11-26
-
Publication No.: US08479256B2Publication Date: 2013-07-02
- Inventor: Henri H. van Riel , Daniel J. Walsh , Warren I. Togami, Jr.
- Applicant: Henri H. van Riel , Daniel J. Walsh , Warren I. Togami, Jr.
- Applicant Address: US NC Raleigh
- Assignee: Red Hat, Inc.
- Current Assignee: Red Hat, Inc.
- Current Assignee Address: US NC Raleigh
- Agency: Lowenstein Sandler LLP
- Main IPC: G06F9/00
- IPC: G06F9/00 ; G06F17/30
Abstract:
Application of a local instance of a general security policy is described. In a system with an instance of a program executing in a path container, a security policy applicable the the instance of the program is managed locally for the path container. The path container provides a confined execution environment for the program instance, and the security policy defines permitted operations for the program an all its instances. The instance of the security policy is associated with the path container, which allows the program instance to “see” management within the path container as though with the security policy, while entities having permissions outside the path container “see” the program instance limited to the path container and its associated security policy instance.
Public/Granted literature
- US20100132012A1 MERGING MANDATORY ACCESS CONTROL (MAC) POLICIES IN A SYSTEM WITH MULTIPLE EXECUTION CONTAINERS Public/Granted day:2010-05-27
Information query
