A system and method for generating an updated version of, or
reconstructing a previously enforced version of, a local client security
policy stored in an application guard. A policy manager distributes a
change (or an accumulation of changes) to the currently enforced version
of the security policy through a network to the application guard. The
application guard uses the distributed change to update the currently
enforced version of the local client security policy. To reconstruct a
previously enforced version of a local security policy, the policy
manager generates a reversing delta equal to the reverse of the change
(or accumulation of changes) from a previously enforced version to the
currently enforced version of the security policy, and distributes the
reversing delta through the network to the application guard. The
application guard applies the distributed reversing delta to the
currently enforced version to reconstruct the previously enforced
version.