Gregory D. Fee - Seattle WA, US Aaron Goldfeder - Seattle WA, US John M. Hawkins - Duvall WA, US Jamie L. Cool - Redmond WA, US Sebastian Lange - Seattle WA, US Sergey Khorun - Redmond WA, US
Evidence-based application security may be implemented at the application and/or application group levels. A manifest may be provided defining at least one trust condition for the application or application group. A policy manager evaluates application evidence (e. g. , an XrML license) for an application or group of applications relative to the manifest. The application is only granted permissions on the computer system if the application evidence indicates that the application is trusted. Similarly, a group of applications are only granted permissions on the computer system if the evidence indicates that the group of applications is trusted. If the application evidence satisfies the at least one trust condition defined by the manifest, the policy manager generates a permission grant set for each code assembly that is a member of the at least one application. Evidence may be further evaluated for code assemblies that are members of the trusted application or application group.
Aaron R. Goldfeder - Seattle WA, US John M. Hawkins - Duvall WA, US Sergey A. Khorun - Redmond WA, US Viresh N. Ramdatmisier - Seattle WA, US Joseph Thomas Farro - Bothell WA, US Gregory Darrell Fee - Seattle WA, US Jeremiah S. Epling - Redmond WA, US Andrew G. Bybee - Duvall WA, US Jingyang Xu - Redmond WA, US Tony Edward Schreiner - Redmond WA, US Jamie L. Cool - Redmond WA, US
Assignee:
Microsoft Corporation - Redmond WA
International Classification:
G06F 11/30 G06F 12/14
US Classification:
726 25, 713189, 713188, 726 24
Abstract:
Described is a mechanism for collectively evaluating security risks associated with loading an application. A hosting environment associated with loading the application invokes a trust manager to evaluate the security risks. The trust manager invokes a plurality of trust evaluators, where each trust evaluator is responsible for analyzing and assessing a different security risk. Upon completion of each security risk evaluation, results of those individual security risk evaluations are returned to the trust manager. The trust manager aggregates the variety of security risk evaluation results and makes a security determination based on the aggregated evaluation results. That determination may be to move forward with loading the application, to block the load of the application, or perhaps to prompt the user for a decision about whether to move forward with the load.
System And Method For Automatically Upgrading A Software Application
Jamie Cool - Redmond WA, US Bradley Abrams - Kirkland WA, US Eric Zinda - Seattle WA, US
Assignee:
Microsoft Corporation - Redmond WA
International Classification:
G06F009/44
US Classification:
717/170000, 717/173000
Abstract:
Described is a mechanism for enabling software applications to be upgraded from a remote location without forcing an immediate termination or restart of the application. A starter component is associated with the application such that the starter component is executed on behalf of the application. When executed, the starter component launches an executable file associated with a current version of the application. An updater component then periodically polls a remote location to determine if a newer version of the application is available for download. If so, the updater component downloads the newer version of the application to local storage. The updater component then updates configuration information such that the newer version of the application is executed on subsequent launches of the application by the application starter component.
System And Method For Validation Of Arguments Provided To An Application
Jamie Cool - Redmond WA, US Vivek Dalvi - Bellevue WA, US
Assignee:
Microsoft Corporation - Redmond WA
International Classification:
G06F 9/45
US Classification:
717140000
Abstract:
A system and method for validating arguments in a request to activate an application is provided. An application may include declarations with information for validating arguments provided with a request to activate the application. A compiler may then compile the source code of the application to generate an assembly with information for validating the arguments and may also generate an entry in a manifest with information identifying the assembly with the information for validating the arguments. The compiler may also generate an activation executable with executable code used for validating the arguments before the application may be executed. When a request may be received with arguments for activation of the application, activation code may validate the arguments and then execute the application code which may access the validated arguments.