Computer system security

US 5,347,578 A
Filed: 02/24/1993
Issued: 09/13/1994
Est. Priority Date: 03/17/1992
Status: Expired due to Term

First Claim

Patent Images

1. A computer system comprising(a) a computer providing a plurality of protected resources,(b) a plurality of user access means attached to the computer for allowing each user to send commands to the computer, said commands including a user monitor command containing an argument specifying one of said protected resources, and(c) command execution means in said computer, for executing said user monitor command by checking that predetermined conditions are satisfied and then, provided that said predetermined conditions are satisfied, for acessing said one of said protected resources on behalf of said user, and then returning a result to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system is described in which users can access a protected resource only by way of a call to a user monitor command, specifying the protected resource as a parameter. The user monitor command checks that certain conditions are satisfied and performs specified actions before permitting access to the protected resource. The checks may include checking whether options and argument values supplied by the user satisfy specified conditions. The actions may include dynamically modifying a supplementary groups list of a current process temporarily granting or removing privileges to or from the user.

143 Citations

9 Claims

1. A computer system comprising(a) a computer providing a plurality of protected resources,(b) a plurality of user access means attached to the computer for allowing each user to send commands to the computer, said commands including a user monitor command containing an argument specifying one of said protected resources, and(c) command execution means in said computer, for executing said user monitor command by checking that predetermined conditions are satisfied and then, provided that said predetermined conditions are satisfied, for acessing said one of said protected resources on behalf of said user, and then returning a result to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system according to claim 1 wherein the checks performed by the user monitor command include checking whether options and argument values supplied by the user satisfy specified conditions.
  - 3. A system according to claim 1 including means responsive to said monitor command for performing predetermined actions before access is permitted in order to ensure that access is made in a controlled manner.
  - 4. A system according to claim 3 wherein said actions include dynamically modifying a current process'"'"'s supplementary groups list.
  - 5. A system according to claim 3 wherein said actions include granting or removing privileges to or from the user while said user monitor command is being executed.
  - 6. A system according to claim 1, including a database accessible by said monitoring means, for indicating which users are permitted to indirectly access which resources.
  - 7. A system according to claim 6 wherein said database also indicates the conditions that are to be satisfied and actions that are to be performed before permitting access.
  - 8. A system according to claim 6 wherein said database also indicates which of a predetermined set of roles are available to each user, and indicates which roles are permitted to access which resources.
  - 9. A system according to claim 1 wherein said protected resources comprise means for executing commands.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Computers Limited (Fujitsu Limited)
Original Assignee
International Computers Limited (Fujitsu Limited)
Inventors
Duxbury, Paul
Primary Examiner(s)
Cain, David C.

Application Number

US08/022,058
Time in Patent Office

566 Days
Field of Search

380/3, 380/4, 380/55
US Class Current

707/781
CPC Class Codes

G06F 21/6281   at program execution time, ...

G06F 2221/2101   Auditing as a secondary aspect

Y10S 707/99939   Privileged access

Computer system security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

143 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Computer system security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others