SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL
First Claim
Patent Images
1. A method for program access control, comprising:
- for at least one typestate, providing typestate properties;
assigning a role to the at least one typestate in a program in accordance with the typestate properties; and
limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.
26 Citations
20 Claims
-
1. A method for program access control, comprising:
-
for at least one typestate, providing typestate properties; assigning a role to the at least one typestate in a program in accordance with the typestate properties; and limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for analyzing role consistency for program access control, comprising:
-
computing, for each object in a program having a plurality of objects, a set of methods that directly access an object; checking a role assignment for the object by determining if the object'"'"'s role is a least upper bound of the roles assigned to the methods of the set; and permitting access to the set of methods if an accessor'"'"'s role is at least equal to the least upper bound of the roles assigned to the methods that access the object. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for analyzing role consistency for program access control, comprising:
-
constructing a pointer graph for a program having a plurality of objects having assigned roles; checking each object O to determine if O role escapes a role R by determining if there exists another path to that object O in the pointer graph that can be reached by some node O′
that is accessed in another role R′ and
a lifetime of the method R′
exceeds the life time of R; anddetermining that information is leaked based upon role escaped objects. - View Dependent Claims (15, 16)
-
-
17. A computer program product comprising a computer useable medium having a computer readable program for program access control, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
-
for at least one typestate, providing typestate properties; assigning a role to the at least one typestate in a program in accordance with the typestate properties; and limiting access to operations of the at least one typestate in the program based on the role assigned to the at least one typestate and an access permission level. - View Dependent Claims (18, 19, 20)
-
Specification