Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a permission list; allocate an executable, the executable to have permissions according to the permission list; designate a child object of the executable; allocate a certificate for the child object; and after a system reboot, grant the child object permissions of the executable after validating the certificate.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a permission list; allocate an executable, the executable to have permissions according to the permission list; designate a child object of the executable; allocate a certificate for the child object; and after a system reboot, grant the child object permissions of the executable after validating the certificate.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a whitelist; an updater, the updater being an executable object authorized to modify files within the whitelist and to launch one or more child processes; and instructions encoded within the memory to provide a system management agent to: maintain a chain of trust between the one or more child processes and the updater, wherein the one or more child processes inherit whitelist permissions associated with the updater; and track the chain of trust across a system reboot, including granting a child process the chain of trust after a reboot only if the child process has associated with it a valid certificate.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a whitelist; an updater, the updater being an executable object authorized to modify files within the whitelist and to launch one or more child processes; and instructions encoded within the memory to provide a system management agent to: maintain a chain of trust between the one or more child processes and the updater, wherein the one or more child processes inherit whitelist permissions associated with the updater; and track the chain of trust across a system reboot, including granting a child process the chain of trust after a reboot only if the child process has associated with it a valid certificate.

Abstract: In an example, a system and method are described for providing trusted updaters and trusted processes. An updater may be subject to a whitelist of files that it, and any child processes, are allowed to modify. But trust inheritance may break across reboots and over interprocess communication. Thus, it is desirable to provide a system and method to maintain trust across such events. In the case of a trusted installer, inheritance may be maintained by cross referencing a digital certificate to a workflow grid. In the case of updater processes, trust may be maintained by using a combination of digital certificates that are part of a trust chain and a unique identifier for each trust chain workflow.

Abstract: In an example, there is disclosed a security architecture for enhanced, non-invasive whitelisting of executable objects. When an executable object tries to perform an action, a security engine seamlessly intercepts the action and determines whether the action is whitelisted, blacklisted, or graylisted, assigning the action a corresponding security score. Whitelisted actions may be allowed, blacklisted actions may be disallowed, and graylisted actions may require additional verification from a user. Because the score is assigned to the combination of the executable object and the action, false positives may be avoided, such as those that may occur when an executable object is prefetched but has not yet tried to perform any useful work.

Abstract: In an example, a system and method are described for providing trusted updaters and trusted processes. An updater may be subject to a whitelist of files that it, and any child processes, are allowed to modify. But trust inheritance may break across reboots and over interprocess communication. Thus, it is desirable to provide a system and method to maintain trust across such events. In the case of a trusted installer, inheritance may be maintained by cross referencing a digital certificate to a workflow grid. In the case of updater processes, trust may be maintained by using a combination of digital certificates that are part of a trust chain and a unique identifier for each trust chain workflow.

Abstract: In an example, there is disclosed a security architecture for enhanced, non-invasive whitelisting of executable objects. When an executable object tries to perform an action, a security engine seamlessly intercepts the action and determines whether the action is whitelisted, blacklisted, or graylisted, assigning the action a corresponding security score. Whitelisted actions may be allowed, blacklisted actions may be disallowed, and graylisted actions may require additional verification from a user. Because the score is assigned to the combination of the executable object and the action, false positives may be avoided, such as those that may occur when an executable object is prefetched but has not yet tried to perform any useful work.