Method for enforcing a Java security policy in a multi virtual machine system
First Claim
1. A method of enforcing a security policy in a multiple virtual machine system comprising:
- transmitting a request to a target virtual machine to access a receiving program residing on the target virtual machine;
receiving a request from the target virtual machine to examine a call stack residing on an originating virtual machine to determine whether a requesting program is permitted to access the receiving program; and
indicating to the target virtual machine if the requesting program is not permitted to access the receiving program.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for enforcing a security policy in a distributed system. A request is transmitted to a receiving program on a first virtual machine to permit a requesting program on a second virtual machine to access the receiving program. A first call stack is accessed in the target virtual machine to determine whether the requesting program is permitted to access the receiving program. A second call stack, in the originating virtual machine, is accessed to determine whether the requesting program is permitted to access the receiving program. If the requesting program is permitted to access the receiving program, the receiving program is invoked. If the requesting program is not permitted to access the receiving program a signal indicating access is not allowed is transmitted.
42 Citations
18 Claims
-
1. A method of enforcing a security policy in a multiple virtual machine system comprising:
-
transmitting a request to a target virtual machine to access a receiving program residing on the target virtual machine;
receiving a request from the target virtual machine to examine a call stack residing on an originating virtual machine to determine whether a requesting program is permitted to access the receiving program; and
indicating to the target virtual machine if the requesting program is not permitted to access the receiving program. - View Dependent Claims (2, 3, 4)
-
-
5. A method of enforcing a security policy in a multiple virtual machine system comprising:
-
receiving a request from a requesting program residing on an originating virtual machine to use a service of a receiving program residing on a target virtual machine;
receiving a request from the receiving program to determine whether the requesting program is permitted to use the service of the receiving program;
checking a call stack residing on the target virtual machine;
determining whether the entire call stack is visible on the target virtual machine;
if the entire call stack is not visible, transmitting a access control request to the originating virtual machine; and
if the requesting program is not permitted to access the receiving program, sending an indication to the originating virtual machine. - View Dependent Claims (6, 7)
-
-
8. A computer program product for enforcing a security policy in a multiple virtual machine system comprising:
-
computer code for transmitting a request to a target virtual machine, to access a receiving program residing on the target virtual machine;
computer code for receiving a request from the target virtual machine to examine a call stack residing on an originating virtual machine to determine whether a requesting program is permitted to access the receiving program; and
computer code for, if the requesting program is not permitted to access the receiving program, transmitting a signal to the originating virtual machine.
-
-
9. A computer program product for enforcing a security policy in a multiple virtual machine system comprising:
-
computer code for receiving a request from a requesting program residing on an originating virtual machine to use a service of a receiving program residing on a target virtual machine;
computer code for accessing a call stack residing on the target virtual machine to determine whether the requesting program is permitted to access the receiving program;
computer code for, if a portion of the call stack is not visible, transmitting an access control request to the originating virtual machine; and
computer code for, if the requesting program is not permitted to access the receiving program, sending an indication to the originating virtual machine. - View Dependent Claims (10)
-
-
11. An electronic device comprising:
-
a processor for processing information; and
a memory unit, including;
computer code for transmitting a request to a target virtual machine, to access a receiving program residing on a target virtual machine;
computer code for receiving a request from the target virtual machine to examine a call stack residing on an originating virtual machine to determine whether a requesting program is permitted to access the receiving program; and
computer code for, indicating to the target virtual machine if the requesting program is not permitted to access the receiving program.
-
-
12. An electronic device comprising:
-
a processor for processing information; and
a memory unit, including;
computer code for receiving a request from a requesting program residing on an originating virtual machine to use a service of a receiving program residing on a target virtual machine;
computer code for accessing a call stack residing on the target virtual machine to determine whether the requesting program is permitted to access the receiving program;
computer code for, if a portion of the call stack is not visible, transmitting an access control request to the originating virtual machine; and
computer code for, indicating to the target virtual machine if the requesting program is permitted to access the receiving program.
-
-
13. A system for enforcing a security policy in a multiple virtual machine architecture comprising the steps of:
-
transmitting a request to a receiving program residing on a target virtual machine to access the receiving program;
examining a call stack residing on the target virtual machine to determine whether a requesting program is permitted to access the receiving program;
examining the call stack residing on an originating virtual machine to determine whether the requesting program is permitted to access the receiving program; and
if the requesting program is not permitted to access the receiving program, indicating access is not allowed. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification