Abstract: The execution of software may be controlled by a security policy expressed in a manifest. The software vendor or distributor specifies requirements for the use of software (e.g., which modules may be loaded into the software's address space, which module-signing keys are trustworthy, etc.), using a manifest specification language. A generation tool reads the specification and creates a manifest based on the specification. The tool may handle such details as retrieving keys from key files, computing software hashes, and the like. The manifest is distributed with the software and used by the environment in which the software executes to enforce the security policy.

Abstract: The execution of software may be controlled by a security policy expressed in a manifest. The software vendor or distributor specifies requirements for the use of software (e.g., which modules may be loaded into the software's address space, which module-signing keys are trustworthy, etc.), using a manifest specification language. A generation tool reads the specification and creates a manifest based on the specification. The tool may handle such details as retrieving keys from key files, computing software hashes, and the like. The manifest is distributed with the software and used by the environment in which the software executes to enforce the security policy.

Abstract: A system debugs a computer application that employs rights-managed (RM) content. A first, non-isolated process has the application and a shell version of the trusted component, where such shell version receives each request by the application for RM services. The shell version is unconcerned whether a debugger is monitoring the first process. A second, isolated process is separate from the first process and has a debugging version of the trusted component. The shell version in the first process forwards the received request to the debugging version in the second process, and such debugging version acts upon same. The debugging version ensures that the debugger is not monitoring the second process, but is unconcerned whether the debugger is monitoring the first process.