A system and method for establishing a secure execution environment for a
software process analyzes system application program interface (API)
calls to determine whether the system API call executes a new program. If
the system API call executes a new program, the system and method of the
invention analyze the call to determine whether an execution environment,
in the form of a plurality of attributes, is attached to an executable
program file associated with the new program. An execution environment
contains security attributes that are to be associated with the resulting
process invoked by execution of the new program. If an execution
environment is attached, the invention assigns the attributes of the
execution environment to the new process, thereby ensuring that the new
process includes the security features and capabilities specified in the
execution environment.