Stack-based access control
First Claim
1. A system that regulates access to resources requested by an operation executing on a computer, the operation invoking a plurality of methods that operate upon code during execution, the system comprising:
- a policy file that stores permissions for each of the resources, the permissions authorizing types of access to the resource based on a source of the code and an executor of the code;
a call stack that stores the methods and executors in an order of invocation by the operation; and
an execution unit that grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
0 Assignments
0 Petitions
Accused Products
Abstract
A system regulates access to resources requested by an operation executing on a computer. The operation invokes a plurality of methods that operate upon code during execution. The system includes a policy file, a call stack, and an execution unit. The policy file stores permissions for each of the resources. The permissions authorize particular types of access to the resource based on a source of the code and an executor of the code. The call stack stores representations of the methods and executors in an order of invocation by the operation. The execution unit grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
-
Citations
1 Claim
-
1. A system that regulates access to resources requested by an operation executing on a computer, the operation invoking a plurality of methods that operate upon code during execution, the system comprising:
-
a policy file that stores permissions for each of the resources, the permissions authorizing types of access to the resource based on a source of the code and an executor of the code;
a call stack that stores the methods and executors in an order of invocation by the operation; and
an execution unit that grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
-
Specification
-
- Resources
-
Current AssigneeLi Gong, Robert W. Scheifler
-
Original AssigneeLi Gong, Robert W. Scheifler
-
InventorsScheifler, Robert W., Gong, Li
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current709/225
-
CPC Class CodesG06F 12/0261 using reference countingG06F 16/289 Object oriented databasesG06F 21/52 during program execution, e...G06F 21/604 Tools and structures for ma...G06F 21/62 Protecting access to data v...G06F 21/6281 at program execution time, ...G06F 9/4411 Configuring for operating w...G06F 9/468 Specific access rights for ...G06F 9/5011 the resources being hardwar...G06F 9/52 Program synchronisation; Mu...G06F 9/547 Remote procedure calls [RPC...H04L 67/133 Protocols for remote proced...H04L 69/24 Negotiation of communicatio...H04L 9/40 Network security protocols
