Several methods are provided for applying minimization to computer
systems. A unified security profile is created and applied to a computer
system. This provides a listing of software packages required to be
installed on the computer system. Extraneous files not associated with a
required software package are identified. In one method, a software
module interposes between calls to filesystem operations and the
filesystem. This module allows or denies access to files based on a
configuration information source (which is itself based on the unified
security profile), the zone from which the access request originates, and
the privileges of the user making the request. Reference to each file
minimized is removed from the computer system's package manifest. Files
thus minimized are neither visible nor accessible to unauthorized
entities on the computer system. If the unified security profile of the
system is required to change, minimization actions can therefore be
reversed.