Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.

Abstract: A facility for enrolling a software implementer in a code signing. In one example facility, the facility receives information identifying the implementer, and credentials authenticating the implementer. The facility generates secret state for the implementer. Based on at least one or both of (1) at least a portion of the received credentials and (2) at least a portion of the generated secret state, the facility generates for the implementer a key pair comprising a private key and a public key, and persistently stores the secret state.

Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.

Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or noncompliant) applications from leaking data.

Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.

Abstract: A facility for enrolling a software implementer in a code signing. In one example facility, the facility receives information identifying the implementer, and credentials authenticating the implementer. The facility generates secret state for the implementer. Based on at least one or both of (1) at least a portion of the received credentials and (2) at least a portion of the generated secret state, the facility generates for the implementer a key pair comprising a private key and a public key, and persistently stores the secret state.