Access control method and device in an embedded system

US 20050005079A1
Filed: 12/11/2002
Published: 01/06/2005
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. ) Method to control the access to objects (5) stored in a memory space of a computer system by a subject (3) stored in a program space of said system wanting to perform an operation on said objects (5), characterised in that it controls the access to said objects (5) via a dynamic attribute (8) linked to said subject (3) whose value is updated according to the present and previous status(es) of the subject.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention concerns a method to control the access to objects (5) stored in a memory space of a computer system by a subject (3) stored in a program space of said system. The subject wants to perform an operation on said objects (5). The method according to the invention controls the access to said objects (5) via a dynamic attribute (8) linked to said subject (3) whose value is updated according to the present and previous status(es) of the subject. This invention also concerns the access control device implementing the method described above.

44 Citations

View as Search Results

10 Claims

1. ) Method to control the access to objects (5) stored in a memory space of a computer system by a subject (3) stored in a program space of said system wanting to perform an operation on said objects (5), characterised in that it controls the access to said objects (5) via a dynamic attribute (8) linked to said subject (3) whose value is updated according to the present and previous status(es) of the subject.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. ) Access control method according to claim 1, characterised in that it includes the following steps:
    - a step to update the dynamic attribute (8) of the subject and manage said update;
      
      a step to compare an item of information characterising the targeted object (5) which is the attribute of the object and an item of information characterising the present and past status of the subject (3) which is said dynamic attribute of the subject;
      
      an action step to accept or reject the access depending on the result of said comparison and optionally on the type of operation and/or predefined and saved rules.
  - 3. ) Method according to claim 1 or 2, characterised in that it controls the access to said object(s) according to the chaining of inter-module calls and the choice of each module to access its own object.
  - 4. ) Method according to one of claims 1 to 3, characterised in that the dynamic attribute update mechanism is of type stack, the dynamic attribute used for access control being at the top of the stack.
  - 5. ) Method according to one of claims 1 to 3, characterised in that the dynamic attribute update mechanism is of type list, the dynamic attribute used for access control being all of said list.
  - 6. ) Method according to one of claims 1 to 5, characterised in that it consists in managing said update by checking the identity and the rights of the module part of the subject and requesting the update of the attribute (8) whether this update is implicit or explicit and in only making said update if the module is authorised to do so.

7. ) Device to control the access of a subject (3) stored in a program space of a computer system comprising at least memory means and computation means, and wanting to perform an operation on objects (5) stored in a memory space of said system, characterised in that it comprises means to perform an access control to said objects using a dynamic attribute (8) linked to said subject (3) and placed in memory whose value is updated according to the present and previous status(es) of the subject.
- View Dependent Claims (8, 9)
- - 8. ) Device according to claim 7, characterised in that it comprises:
    - a mechanism to update a dynamic attribute of the subject and manage the update depending on the present and previous status(es) of the subject;
      
      a mechanism to compare an item of information characterising the targeted object which is the attribute of the object and an item of information characterizing the subject status which is the subject dynamic attribute (8), said items of information being stored in the memory means;
      
      an action mechanism to accept or reject the operation depending on the previous result, the type of operation and/or predefined rules.
  - 9. ) Embedded system, characterised in that it comprises the device according to claim 7 or 8.

10. ) Computer program including program code instructions to execute the steps of the method according to one of claims I to 6 when said program is run in a data processing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alain Boudou, Christoph Siegelin, Jean-Claude Marcetaux
Original Assignee
Alain Boudou, Christoph Siegelin, Jean-Claude Marcetaux
Inventors
Marcetaux, Jean-Claude, Siegelin, Christoph, Boudou, Alain

Granted Patent

US 7,363,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/156
CPC Class Codes

G06F 12/1441 for a range

G06F 12/1483 using an access-table, e.g....

Access control method and device in an embedded system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Access control method and device in an embedded system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links