System and method for using security levels to simplify security policy management

US 20050278790A1
Filed: 06/10/2004
Published: 12/15/2005
Est. Priority Date: 06/10/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for providing secure execution of code units, the method comprising:

installing a plurality of code units on a computer system, wherein the code units are adapted to execute in a user-level runtime environment on the computer system;

associating, with at least one of the code units, a privilege level selected from a plurality of privilege levels, wherein the privilege level corresponds to one or more individual runtime permissions associated with the user-level runtime environment;

executing at least a portion of the associated code unit, wherein the portion of the associated code unit calls a process that has an assigned security level;

comparing the associated privilege level with the assigned security level; and

executing the called process in response to a first result of the comparison, thereby providing secure execution of the associated code unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for reducing the complexity and improving the performance of enforcing security restrictions on the execution of program code in a runtime environment. In a preferred embodiment, units of executable code, such as methods or functions, are classified by “security level.” Code units belonging to a “trusted” security level may call any other code unit in the runtime environment, but other security levels are restricted in the code units they can call. In a preferred embodiment, the security levels are represented by corresponding permission objects. Each permission object that is associated with a particular security level includes a numerical value that denotes that security level. Security policies can be enforced with respect to caller and callee code units by comparing numerical values of corresponding permission objects. This security level scheme also improves runtime performance by making it unnecessary to check individually-defined permissions in many cases.

Citations

31 Claims

1. A computer-implemented method for providing secure execution of code units, the method comprising:
- installing a plurality of code units on a computer system, wherein the code units are adapted to execute in a user-level runtime environment on the computer system;
  
  associating, with at least one of the code units, a privilege level selected from a plurality of privilege levels, wherein the privilege level corresponds to one or more individual runtime permissions associated with the user-level runtime environment;
  
  executing at least a portion of the associated code unit, wherein the portion of the associated code unit calls a process that has an assigned security level;
  
  comparing the associated privilege level with the assigned security level; and
  
  executing the called process in response to a first result of the comparison, thereby providing secure execution of the associated code unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1 wherein the called process is not executed in response to a second result of the comparison.
  - 3. The method according to claim 1 wherein the second result is a mismatch between the privilege level and the assigned security level.
  - 4. The method according to claim 3 wherein the mismatch between the privilege level and the assigned security level is identified by comparing a privilege level value associated with the privilege level to a security level value associated with the assigned security level, wherein the privilege level value and security level value are represented in a totally-ordered data type.
  - 5. The method according to claim 4, wherein the totally-ordered data type is a numeric data type.
  - 6. The method according to claim 1 wherein the first result is a match between the privilege level and the assigned security level.
  - 7. The method according to claim 6, wherein the match between the privilege level and the assigned security level is identified by comparing a privilege level value associated with the privilege level to a security level value associated with the assigned security level, wherein the privilege level value and security level value are represented in a totally-ordered data type.
  - 8. The method according to claim 1 wherein the user-level runtime environment comprises a virtual machine.
  - 9. The method according to claim 1 wherein the plurality of privilege levels comprise a trusted level, a provider level, a privileged level, and a standard level.
  - 10. The method according to claim 9, wherein system code executes at the trusted level, library code and utility functions execute at the provider level, and user application code executes at the at least one of the privileged level and the standard level.
  - 11. The method according to claim 1 wherein individual runtime permissions comprise at least one of AllPermission, BasicPermission, FilePermission, SocketPermission, UnresolvedPermission, AudioPermission, AWTPermission, NetPermission, PropertyPermission, ReflectPermission, RuntimePermission, SecurityPermission, SerializablePermission, and SQLPermission.
  - 12. The method according to claim 1 wherein the privilege level and the assigned security levels are associated with corresponding permission objects.
  - 13. The method according to claim 12 wherein the privilege level and assigned security level are compared by comparing numerical values contained within the corresponding permission objects.
  - 14. The method according to claim 1 wherein the called process comprises code for performing an input/output operation.
  - 15. The method according to claim 1 wherein the installing, associating, and comparing steps are performed by a middleware application.
  - 16. The method according to claim 1 wherein the code units comprise interfaces for obtaining services from middleware.
  - 17. The method according to claim 1, further comprising:
    - receiving user input from an administrative user, wherein the user input denotes whether a particular code unit may be assigned a privilege level; and
      
      associating the particular code unit with the privilege level only if indicated by the user input.

18. An information handling system comprising:
- one or more processors;
  
  one or more data storage units accessible by the processors; and
  
  functional descriptive material contained within the data storage units that, when executed by the processors, directs the processors to perform actions of;
  
  installing a plurality of code units on a computer system, wherein the code units are adapted to execute in a user-level runtime environment on the computer system;
  
  associating, with at least one of the code units, a privilege level selected from a plurality of privilege levels, wherein the privilege level corresponds to one or more individual runtime permissions associated with the user-level runtime environment;
  
  executing at least a portion of the associated code unit, wherein the portion of the associated code unit calls a process that has an assigned security level;
  
  comparing the associated privilege level with the assigned security level; and
  
  executing the called process in response to a first result of the comparison, thereby providing secure execution of the associated code unit.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The information handling system according to claim 18 wherein the called process is not executed in response to a second result of the comparison.
  - 20. The information handling system according to claim 18 wherein the second result is a mismatch between the privilege level and the assigned security level.
  - 21. The information handling system according to claim 18 wherein the first result is a match between the privilege level and the assigned security level.
  - 22. The information handling system according to claim 18 wherein the user-level runtime environment comprises a virtual machine.
  - 23. The information handling system according to claim 18 wherein the plurality of privilege levels comprise a trusted level, a provider level, a privileged level, and a standard level.
  - 24. The information handling system according to claim 18 wherein individual runtime permissions comprise at least one of AllPermission, BasicPermission, FilePermission, SocketPermission, UnresolvedPermission, AudioPermission, AWTPermission, NetPermission, PropertyPermission, ReflectPermission, RuntimePermission, SecurityPermission, SerializablePermission, and SQLPermission.
  - 25. The information handling system according to claim 18 wherein the privilege level and the assigned security levels are associated with corresponding permission objects.
  - 26. The information handling system according to claim 25 wherein the privilege level and assigned security level are compared by comparing numerical values contained within the corresponding permission objects.
  - 27. The information handling system according to claim 18 wherein the code units comprise interfaces for obtaining services from middleware.

28. A computer program product stored in a computer-operable media for enforcing security policies with respect to units of executable code, said computer program product comprising:
- installing means for installing a plurality of code units on a computer system, wherein the code units are adapted to execute in a user-level runtime environment on the computer system;
  
  associating means for associating, with at least one of the code units, a privilege level selected from a plurality of privilege levels, wherein the privilege level corresponds to one or more individual runtime permissions associated with the user-level runtime environment;
  
  first executing means for executing at least a portion of the associated code unit, wherein the portion of the associated code unit calls a process that has an assigned security level;
  
  comparing means for comparing the associated privilege level with the assigned security level; and
  
  second executing means for executing the called process in response to a first result of the comparison, thereby providing secure execution of the associated code unit.
- View Dependent Claims (29, 30, 31)
- - 29. The computer program product according to claim 28 wherein the called process is not executed in response to a second result of the comparison.
  - 30. The computer program product according to claim 28 wherein the privilege level and the assigned security levels are associated with corresponding permission objects.
  - 31. The computer program product according to claim 30 wherein the privilege level and assigned security level are compared by comparing numerical values contained within the corresponding permission objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chao, Ching-Yun, Birk, Peter Daniel

Application Number

US10/865,345
Publication Number

US 20050278790A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 2221/2113 Multi-level security, e.g. ...

System and method for using security levels to simplify security policy management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for using security levels to simplify security policy management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links