SYSTEM AND METHOD OF ISOLATING RESOURCES USING RESOURCE MANAGERS Russian patent published in 2015 - IPC G06F21/00 

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to protection of operating system resources from unauthorised changes. Method for a client to perform operations on resource data using a resource manager comprises steps of: receiving a request, from a client, to the operating system kernel to perform operations on data stored in a resource which is stored in resource storage means; using a separate process to perform operations on the data stored in a resource which is stored in resource storage means and transmitting, thereto, data provided by the client, indicators for data of said resource and indicators for a resource manager function, required for processing the transmitted data; obtaining a security policy on performing, by the client, operations on said resource, data on operations of all clients on said resource, metadata of said resource; performing the client-requested operations on the resource stored in resource storage means in case of positive analysis results of the obtained data, where the analysis comprises: analysing the metadata for possible change of the current metadata and violation of isolation of said client-requested resource by operations on the resource; analysing information on operations of all system clients on said resource for possible distortion of results of said operations by operations of the current client; analysing information on client rights for performing operations on said resource for possible violation of said rights.

EFFECT: safer access, storage and use of resource content owing to full monitoring of operations on resources and preventing security policy violation.

11 cl, 4 dwg