Managing the risk of executing a software process using a capabilities assessment and a policy

摘要

A method and apparatus for managing the risk of executing a software process on a computer by programmatically determining the capabilities of the software process before it executes and determining whether these capabilities are authorized within an access control policy. The capabilities define what functions a software process can perform in the context of a virtual machine. The method comprises the steps of assessing the software process to determine what capabilities it possesses, maintaining one or more policies which list potential capabilities and corresponding authorizations for one or more contexts, and a unit for comparing the software process capabilities with a policy.