Secure kernel transactions
First Claim
Patent Images
1. A kernel-level transaction system, comprising:
- plural kernel objects to implement a transaction having plural operations; and
a security descriptor, applied to at least one of the kernel objects, to identify at least one user, to identify one of the operations of the transaction that may be performed on the kernel object to which the security descriptor is applied, and to identify a right indicating that the identified user is permitted or prohibited to perform the operation.
2 Assignments
0 Petitions
Accused Products
Abstract
Kernel objects for implementing a transaction have a security descriptor applied thereto. The kernel objects include, at least, a transaction object, a resource management object, and an enlistment object. The security descriptor, otherwise known as an access control list, identifies at least one user, an operation to be performed on the kernel object to which the security descriptor is applied, and a right indicating that the identified user is permitted or prohibited to perform the operation.
-
Citations
33 Claims
-
1. A kernel-level transaction system, comprising:
-
plural kernel objects to implement a transaction having plural operations; and
a security descriptor, applied to at least one of the kernel objects, to identify at least one user, to identify one of the operations of the transaction that may be performed on the kernel object to which the security descriptor is applied, and to identify a right indicating that the identified user is permitted or prohibited to perform the operation. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of implementing a kernel-level transaction, comprising:
-
attaching a security descriptor to at least one of plural kernel objects utilized in a transaction; and
performing an operation for a transaction on the at least one kernel object in accordance with the rights accorded by the security descriptor attached to the at least one kernel object. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium having stored thereon an object attached to a kernel object, the object comprising:
-
a first data entry identifying at least one user;
a second data entry identifying an operation capable of being performed on the kernel object by the user identified by the first data entry; and
a third data entry indicating a right for the user identified by the first data entry to perform the operation identified by the second data entry. - View Dependent Claims (16, 17, 18)
-
-
19. A transaction method, comprising:
-
implementing a transaction among kernel objects; and
securing the transaction utilizing The Microsoft®
Windows®
operating system security model. - View Dependent Claims (20)
-
-
21. A method of implementing a transaction, comprising:
-
attaching a security descriptor to at least one of plural objects utilized in a transaction; and
performing an operation for a transaction on the at least one object in accordance with the rights accorded by the security descriptor attached to the at least one object. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A kernel-level transaction system, comprising:
-
means for implementing a transaction among kernel objects; and
means for securing the transaction by applying a security descriptor to at least one of the kernel objects, wherein the security descriptor identifies at least one user, an operation to be performed on the kernel object to which the security descriptor is applied, and a right indicating that the identified user is permitted or prohibited to perform the operation. - View Dependent Claims (30, 31, 32, 33)
-
Specification