Method and apparatus for enforcing security policies in Java applications

US 20030018909A1
Filed: 07/17/2001
Published: 01/23/2003
Est. Priority Date: 07/17/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method in a data processing system for enforcing security policies, the method comprising:

responsive to loading a class, determining whether a security policy exists for the class; and

responsive to a determination that a security policy exists for the class, inserting code into the class, wherein the code inserted is based on the security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and computer implemented instructions for enforcing security policies in a data processing system. In response to loading a class, a determination is made as to whether a security policy exists for the class. In the depicted examples, the class is a Java. Code is inserted into the class, wherein the code inserted is based on the policy in response to a determination that a security policy exists for the class.

63 Citations

View as Search Results

40 Claims

1. A method in a data processing system for enforcing security policies, the method comprising:
- responsive to loading a class, determining whether a security policy exists for the class; and
  
  responsive to a determination that a security policy exists for the class, inserting code into the class, wherein the code inserted is based on the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the code is a set of bytecodes.
  - 3. The method of claim 1, wherein the class is a Java class.
  - 4. The method of claim 1, wherein the determining step and the inserting step are performed in a class loader.
  - 5. The method of claim 1, wherein the class is code nonspecific to the data processing system.
  - 6. The method of claim 1, wherein the code is for a security check.
  - 7. The method of claim 1 further comprising:
    - loading the class into a memory.

8. A method in a data processing system for enforcing security policies, the method comprising:
- analyzing a set of bytecodes for a class loaded into memory to form an analysis; and
  
  selectively inserting bytecodes for a security check into the set of bytecodes based on the analysis.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8, wherein the class is a Java class.
  - 10. The method of claim 8, wherein the analyzing step comprises:
    - comparing a class name of the class being loaded to the classes for which security policies exist.

11. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes a set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to determine whether a security policy exists for a class in response to loading the class; and
  
  insert code into the class, wherein the code inserted is based on the policy in response to a determination that a security policy exists for the class.
- View Dependent Claims (12, 13, 14, 15, 17, 18, 19, 20)
- - 12. The data processing system of claim 11, wherein the bus system is a single bus.
  - 13. The data processing system of claim 11, wherein the bus system includes a primary bus and a secondary bus.
  - 14. The data processing system of claim 11, wherein the processing unit includes a plurality of processors.
  - 15. The data processing system of claim 11, wherein the communications unit is one of a modem and Ethernet adapter.
  - 17. The data processing system of claim 16, wherein the bus system is a single bus.
  - 18. The data processing system of claim 16, wherein the bus system includes a primary bus and a secondary bus.
  - 19. The data processing system of claim 16, wherein the processing unit includes a plurality of processors.
  - 20. The data processing system of claim 16, wherein the communications unit is one of a modem and Ethernet adapter.

16. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes a set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to analyze a set of bytecodes for a class loaded into memory to form an analysis; and
  
  selectively insert bytecodes for a security check into the set of bytecodes based on the analysis.

21. A data processing system for enforcing security policies, the data processing system comprising:
- determining means, responsive to loading a class, for determining whether a security policy exists for the class; and
  
  inserting means, responsive to a determination that a security policy exists for the class, for inserting code into the class, wherein the code inserted is based on the security policy.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 29, 30)
- - 22. The data processing system of claim 21, wherein the code is a set of bytecodes.
  - 23. The data processing system of claim 21, wherein the class is a Java class.
  - 24. The data processing system of claim 21, wherein the determining means and the inserting means are located in a class loader.
  - 25. The data processing system of claim 21, wherein the class is nonspecific code.
  - 26. The data processing system of claim 21, wherein the code is for a security check.
  - 27. The data processing system of claim 21 further comprising:
    - loading means for loading the class into a memory.
  - 29. The data processing system of claim 28, wherein the class is a Java class.
  - 30. The data processing system of claim 28, wherein the analyzing means comprises:
    - means for comparing at least a portion of the bytecodes to a set of security policies.

28. A data processing system for enforcing security policies, the data processing system comprising:
- analyzing means for analyzing a set of bytecodes for a class loaded into memory to form an analysis; and
  
  inserting means for selectively inserting bytecodes for a security check into the set of bytecodes based on the analysis.

31. A computer program product in a computer readable medium for enforcing security policies, the computer program product comprising:
- first instructions, responsive to loading a class, for determining whether a security policy exists for the class; and
  
  second instructions, responsive to a determination that a security policy exists for the class, for inserting code into the class, wherein the code inserted is based on the security policy.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 39, 40)
- - 32. The computer program product of claim 31, wherein the code is a set of bytecodes.
  - 33. The computer program product of claim 31, wherein the class is a Java class.
  - 34. The computer program product of claim 31, wherein the first instructions and the second instruction are located in a class loader.
  - 35. The computer program product of claim 31, wherein the class is nonspecific code.
  - 36. The computer program product of claim 31, wherein the code is for a security check.
  - 37. The computer program product of claim 31 further comprising:
    - third instructions for loading the class into a memory.
  - 39. The computer program product of claim 38, wherein the class is a Java class.
  - 40. The computer program product of claim 38, wherein the first instructions comprises:
    - sub-instructions comparing at least a portion of the bytecodes to a set of security policies.

38. A computer program product in a computer readable medium for enforcing security policies, the computer program product comprising:
- first instructions for analyzing a set of bytecodes for a class loaded into memory to form an analysis; and
  
  second instructions for selectively inserting bytecodes for a security check into the set of bytecodes based on the analysis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hogstrom, Matt Richard, Nagaratnam, Nataraj, Cuomo, Gennaro A.

Application Number

US09/907,848
Publication Number

US 20030018909A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 9/44521 Dynamic linking or loading;...

Method and apparatus for enforcing security policies in Java applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enforcing security policies in Java applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links