×

Access control subsystem and method for distributed computer system using compound principals

  • US 5,173,939 A
  • Filed: 10/28/1991
  • Issued: 12/22/1992
  • Est. Priority Date: 09/28/1990
  • Status: Expired due to Term
First Claim
Patent Images

1. A distributed computer system, comprising:

  • a multiplicity of interconnected computers;

    wherein principals working on said multiplicity of computers include simple principals and compound principals, each compound principal being selected from the set consisting essentially of;

    (A) qualified principals, each qualified principle comprising any one of said simple principals whose object access authority is qualified by at least one role adopted by that simple principal;

    (B) any first one of said principals whose object access authority is qualified by delegation of said first principal'"'"'s object access authority to any designated second one of said principals; and

    (C) conjunctions of said simple, qualified and compound principals; and

    object access control apparatus, said object access control apparatus comprising;

    membership means for storing a list of assumptions, said list of assumptions including (A) a first set of assumptions, each assumption in said first set defining relative strengths of at least two specified ones of said principals for purposes of object access authority, and (B) a second set of assumptions, each assumption in said second set defining relative strengths of roles that can be adopted by ones of said principals for purposes of qualifying object access authority of said principals;

    a multiplicity of objects, each stored in one of said multiplicity of interconnected computers and having an associated access control list;

    each object'"'"'s access control list having a list of entries, wherein each entry represents one of said simple principals or compound principals that are authorized to access said object; and

    a plurality of reference monitors, each in a trusted computing base within a different one of said multiplicity of interconnected computers, wherein each reference monitor receives access requests transmitted by ones of said principals working on any of the computers in said distributed computer system, each access request specifying one of said multiplicity of objects for which access is requested and a request principal, said request principal comprising the principal that transmitted said access request;

    each reference monitor including access checking means for (A) comparing said request principal with each entry in the list of entries in said specified object'"'"'s access control list, (B) retrieving from said membership means information concerning relative strengths of said request principal and the principal represented by each said entry and relative strengths of roles adopted by said request principal and roles adopted by the principal represented by each said entry, and (C) granting access to said specified object by said request principal only if said request principal is at least as strong as at least one of said entries in the list of entries in said specified object'"'"'s access control list.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×