Compartment-based data security
First Claim
1. A non-transitory computer-readable storage medium storing instructions which, when processed by a processor, cause the processor to implement a method of securing data, the method comprising:
- storing, by a first user, a data set as an object in a data storage system accessible by multiple users, and associating the object with an object security label;
creating a user-controlled compartment and storing the user-controlled compartment in the object security label, the object security label being represented as a text string having a syntax of a tuple, the user-controlled compartment configured to be administered by the first user and having an identifier, the first user being associated with a first security label;
associating the first security label with the user-controlled compartment, the user-controlled compartment defining a plurality of access rights to the object as set by the user; and
defining, by the first user, one or more of the plurality of access rights to be given to a second user, and storing the one or more of the plurality of access rights in a common compartment stored in a second security label, the second security label associated with the second user, the common compartment having the identifier and configured to be administered by the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment of a non-transitory computer-readable storage medium stores instructions which, when processed by a processor, cause the processor to implement a method of securing data. The method includes: creating a user-controlled compartment associated with an object security label, the user-controlled compartment configured to be administered by a first user, the first user being associated with a first security label; storing, by the first user, a data set as an object in a data storage system accessible by multiple users, and associating the object with the object security label; and associating the first user security label with the user-controlled compartment, the user-controlled compartment defining access to the object as set by the user.
47 Citations
18 Claims
-
1. A non-transitory computer-readable storage medium storing instructions which, when processed by a processor, cause the processor to implement a method of securing data, the method comprising:
-
storing, by a first user, a data set as an object in a data storage system accessible by multiple users, and associating the object with an object security label; creating a user-controlled compartment and storing the user-controlled compartment in the object security label, the object security label being represented as a text string having a syntax of a tuple, the user-controlled compartment configured to be administered by the first user and having an identifier, the first user being associated with a first security label; associating the first security label with the user-controlled compartment, the user-controlled compartment defining a plurality of access rights to the object as set by the user; and defining, by the first user, one or more of the plurality of access rights to be given to a second user, and storing the one or more of the plurality of access rights in a common compartment stored in a second security label, the second security label associated with the second user, the common compartment having the identifier and configured to be administered by the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securing data, the method comprising:
-
storing, by a first user, a data set as an object in a data storage system accessible by multiple users, and associating the object with an object security label; creating a user-controlled compartment and storing the user-controlled compartment in the object security label, the object security label being represented as a text string having a syntax of a tuple, the user-controlled compartment configured to be administered by the first user and having an identifier, the first user being associated with a first security label; associating the first security label with the user-controlled compartment, the user-controlled compartment defining a plurality of access rights to the object as set by the user; and defining, by the first user, one or more of the plurality of access rights to be given to a second user, and storing the one or more of the plurality of access rights in a common compartment stored in a second security label, the second security label associated with the second user, the common compartment having the identifier and configured to be administered by the first user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification