Stack-based access control
First Claim
1. A system that regulates access to resources requested by an operation executing on a computer, the operation invoking a plurality of methods that operate upon code during execution, the system comprising:
- a policy file that stores permissions for each of the resources, the permissions authorizing types of access to the resource based on a source of the code and an executor of the code;
a call stack that stores the methods and executors in an order of invocation by the operation; and
an execution unit that grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
0 Assignments
0 Petitions
Accused Products
Abstract
A system regulates access to resources requested by an operation executing on a computer. The operation invokes a plurality of methods that operate upon code during execution. The system includes a policy file, a call stack, and an execution unit. The policy file stores permissions for each of the resources. The permissions authorize particular types of access to the resource based on a source of the code and an executor of the code. The call stack stores representations of the methods and executors in an order of invocation by the operation. The execution unit grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
-
Citations
1 Claim
-
1. A system that regulates access to resources requested by an operation executing on a computer, the operation invoking a plurality of methods that operate upon code during execution, the system comprising:
-
a policy file that stores permissions for each of the resources, the permissions authorizing types of access to the resource based on a source of the code and an executor of the code;
a call stack that stores the methods and executors in an order of invocation by the operation; and
an execution unit that grants access to the resource when the types of access authorized by the permissions of all of the methods and executors on the call stack encompass the access requested by the operation.
-
Specification