EXECUTABLE IDENTITY BASED FILE ACCESS
First Claim
Patent Images
1. A method (110) of allowing an executable to access a data file comprising:
- initiating (114) a file access request from the executable (12) to the data file (24);
accessing (126) an executable identity based access control list (26) to determine (126) whether the executable (12) is allowed to access the data file (24);
allowing (132) the executable (12) to access the data file (24) if the executable (12) is allowed to access the data file (24); and
prohibiting (124) the executable (12) from accessing the data file (24) if the executable (12) is not allowed to access the data file (24).
1 Assignment
0 Petitions
Accused Products
Abstract
In examples of the present invention, an executable seeks to access a data file. An executable identity based access control list is accessed to determine whether the executable should be allowed to access the data tile.
48 Citations
15 Claims
-
1. A method (110) of allowing an executable to access a data file comprising:
-
initiating (114) a file access request from the executable (12) to the data file (24); accessing (126) an executable identity based access control list (26) to determine (126) whether the executable (12) is allowed to access the data file (24); allowing (132) the executable (12) to access the data file (24) if the executable (12) is allowed to access the data file (24); and prohibiting (124) the executable (12) from accessing the data file (24) if the executable (12) is not allowed to access the data file (24). - View Dependent Claims (2, 3, 4, 5)
-
-
6. Readable media (44) having computer executable program segments stored thereon, the computer executable program segments including:
-
a policy enforcement manager (20) for determining whether an executable (12) is allowed to access a data file (24) by accessing an executable identity based access control list (26); and a file system module (18) for servicing a file access request from the executable (12) to the data. file (24), wherein the file system module (18) communicates with the policy enforcement manager (20) to determine whether the executable (12) is allowed to access the data file (24), and services the file access request if access is allowed, and denies the file access request if access is prohibited. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computing environment (10, 30) comprising:
-
a CPU (34); persistent media (22) coupled to the CPU (34), the persistent media (22) including a data file (24) and an executable identity based access control list (26); memory (38) coupled to the CPU (34), wherein an executable (12), a file system module (18) and a policy enforcement manager (20) are executed by the CPU (34) from the memory (38), and wherein the executable (12) initiates an I/O request to the file system module (18) to access the data file (24), the file system module (18) cooperates with the policy enforcement manger (20) to access the executable identity based access control list (26) to determine whether the executable (12) is allowed to access the data file (24), and the file system module (18) allows the executable (12) to access the data file (24) if the executable (12) is allowed to access the data file (24), and prohibits the executable (12) from accessing the data file (24) if the executable (12) is not allowed to access the data file (24). - View Dependent Claims (12, 13, 14, 15)
-
Specification