SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL

US 20080306958A1
Filed: 08/22/2008
Published: 12/11/2008
Est. Priority Date: 06/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for program access control, comprising:

for at least one typestate, providing typestate properties;

assigning a role to the at least one typestate in a program in accordance with the typestate properties; and

limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.

26 Citations

View as Search Results

20 Claims

1. A method for program access control, comprising:
- for at least one typestate, providing typestate properties;
  
  assigning a role to the at least one typestate in a program in accordance with the typestate properties; and
  
  limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, further comprising generating a typestate hierarchy tree and assigning roles to nodes of the hierarchy tree wherein the nodes represent typestates.
  - 3. The method as recited in claim 1, wherein providing typestate properties includes associating a security property with the typestate to assign the role to the typestate.
  - 4. The method as recited in claim 1, further comprising performing a role consistency analysis to determine if assigning the role is consistent throughout the program.
  - 5. The method as recited in claim 1, further comprising performing a role escape analysis to determine if any program objects escape a role assignment.
  - 6. The method as recited in claim 1, wherein limiting access to operations includes denying access to the at least one typestate if a role is junior to an assigned role.
  - 7. The method as recited in claim 1, wherein limiting access to operations includes permitting access to the at least one typestate if a role is senior to an assigned role.
  - 8. The method as recited in claim 1, wherein the method is included with and extends a method-based access control method.

9. A method for analyzing role consistency for program access control, comprising:
- computing, for each object in a program having a plurality of objects, a set of methods that directly access an object;
  
  checking a role assignment for the object by determining if the object'"'"'s role is a least upper bound of the roles assigned to the methods of the set; and
  
  permitting access to the set of methods if an accessor'"'"'s role is at least equal to the least upper bound of the roles assigned to the methods that access the object.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method as recited in claim 9, wherein computing includes generating a pointer graph of the program.
  - 11. The method as recited in claim 10, wherein pointer graph includes a method-annotated pointer graph.
  - 12. The method as recited in claim 9, further comprising performing a role escape analysis to determine if any program objects escape a role assignment.
  - 13. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to analyze role consistency for program access control as recited in claim 9.

14. A method for analyzing role consistency for program access control, comprising:
- constructing a pointer graph for a program having a plurality of objects having assigned roles;
  
  checking each object O to determine if O role escapes a role R by determining if there exists another path to that object O in the pointer graph that can be reached by some node O′
  
  that is accessed in another role R′ and
  
  a lifetime of the method R′
  
  exceeds the life time of R; and
  
  determining that information is leaked based upon role escaped objects.
- View Dependent Claims (15, 16)
- - 15. The method as recited in claim 14, further comprising performing a role consistency analysis to determine if assigning the role is consistent throughout the program.
  - 16. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to analyze role consistency for program access control as recited in claim 14.

17. A computer program product comprising a computer useable medium having a computer readable program for program access control, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
- for at least one typestate, providing typestate properties;
  
  assigning a role to the at least one typestate in a program in accordance with the typestate properties; and
  
  limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product as recited in claim 17, further comprising performing a role consistency analysis to determine if assigning the role is consistent throughout the program.
  - 19. The computer program product as recited in claim 17, further comprising performing a role escape analysis to determine if any program objects escape a role assignment.
  - 20. The computer program product as recited in claim 17, wherein limiting access to operations includes at least one of denying access to the at least one typestate if a role is junior to an assigned role and permitting access to the at least one typestate if a role is senior to an assigned role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vugranam Chakravarthy Sreedhar
Original Assignee
Vugranam Chakravarthy Sreedhar
Inventors
Sreedhar, Vugranam Chakravarthy

Granted Patent

US 8,543,607 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 21/629 to features or functions of...

SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others