Security platform and method using object oriented rules for computer-based systems using UNIX-line operating systems
First Claim
1. A security platform for a UNIX-based system comprising:
- at least one rule, each rule directly defining a type of access in terms of subject, a subject being an entity type for which access is permitted by the rule and which encompasses users, system resources and other entity types, and two or more objects, an object being the entity types to which the access relates in the order listed and which encompass users, system resources and other entity types;
means for comparing requested access by an entity type, requested access being defined by an access demand which identifies the access type of interest and defines that access type in terms of subject and objects, to the defined at least one rule to determine if requested access is permitted based upon the correspondence between the terms making up the requested access with the terms defining the at least one rule; and
means for providing a positive response when access is permitted and a negative response when access is not permitted.
3 Assignments
0 Petitions
Accused Products
Abstract
A security platform, for stand-alone or networked processors using UNIX or similar operating systems, limits access to system resources, including software and hardware, by personnel using the system and by other resources within the system. The platform implements a rules-based naming and rule convention for types of access of security interest to one or more served application programs, providing rule sets each of which associate an access type with a subject and, optionally, one or more objects to which are compared access demands made by the served application to the platform in the same form as the rule sets to determine whether the access demanded is permissible. Internal platform security is provided by limiting users who can modify the platform and its resident rules.
-
Citations
16 Claims
-
1. A security platform for a UNIX-based system comprising:
-
at least one rule, each rule directly defining a type of access in terms of subject, a subject being an entity type for which access is permitted by the rule and which encompasses users, system resources and other entity types, and two or more objects, an object being the entity types to which the access relates in the order listed and which encompass users, system resources and other entity types; means for comparing requested access by an entity type, requested access being defined by an access demand which identifies the access type of interest and defines that access type in terms of subject and objects, to the defined at least one rule to determine if requested access is permitted based upon the correspondence between the terms making up the requested access with the terms defining the at least one rule; and means for providing a positive response when access is permitted and a negative response when access is not permitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for limiting access within a computer system having a UNIX-like operating system to provide security therefor, comprising the steps of:
-
specifying each type of access of interest by an identifier; defining, for each type of access of interest, at least one rule which identifies the access type by the identifier and specifies access in terms of a user for which the access of interest is defined as permitted and two or more system resources to which the access of interest relates in the order listed in the rule; accepting an access demand sent by a user which identifies the access type of interest, and demands access in terms of the user for which access is demanded and the system resources to which the access demand relates in the order listed in the access demand; matching the access demand against the at least one rule for correspondence between the access type of interest, the user and the system resources in the order stated in the access demand with the identifier, user and system resources in the order stated in the at least one rule; and sending a positive access response for a direct match. - View Dependent Claims (10, 11, 12)
-
-
13. A security platform for a UNIX-based system comprising:
-
at least one rule, each rule directly defining a type of access in terms of subjects, a subject being an entity type for which access is permitted by the rule and which encompasses users, system resources and other entity types, and two or more objects, an object being the entity types to which the access relates in the order listed and which encompass users, system resources and other entity types; means for comparing requested access, requested access being defined by an access demand which identifies the access type of interest and defines that access type in terms of subject and objects, to the defined at least one rule to determine if requested access is permitted based upon the correspondence between the terms making up the requested access with the terms defining the at least one rule; wherein the comparing means determines if the access type identified in the access demand is the same as the access type of the at least one rule, and if no match exists, determines that access is not permitted; but if a match exists between the access demand and the at least one rule, the comparing means determines if the subject of the access demand is the same as the subject of the at least one rule with which the access type matched; if a match exists between the access demand subject and the subject of the at least one rule with which the access type of the access demand matched, the comparing means determines if the first object of the access demand is the same as the first object of the at least one rule with which the access type and subject matched; if there exists a match between the first object of the access demand and the first object of the at least one rule, the comparing means continues to attempt to find matches through the nth object of the access demand and the nth object of the at least one rule; and
if all n objects for the access type match all n objects in the at least one rule, the comparing means determines that access is permitted;and wherein the comparing means further determines for any unmatched subject of the access demand if a rule exists within the platform which defines the unmatched subject as a member of a group of subjects, a class, and determines if the class is the subject of the at least one rule with which the access type matched that of the access demand, and if the class is not the subject, determines that access is not permitted, and if the class is the subject, proceeds as though there were a match, and wherein the comparing means also determines for any unmatched object of the access demand if a rule exists within the platform which defines the unmatched object as a member of a group of objects, a class, and determines if the class occupies the object position in the at least one rule with which the access type, subject and preceding objects match that of the access demand and if the class does occupy the object position, proceeds as though there were a match; and wherein the comparing means determines that access is not permitted if no match exists for the access type, the subject, or an object and determines that access is permitted if a match exists for the access type, the subject and the objects between the access demand and the at least one rule; means for providing a positive response when access is permitted and a negative response when access is not permitted; a rules file in which a persistent copy of the at least one rule is kept; shared memory in which a non-persistent copy of the at least one rule is kept; and
wherein the comparing means searches the shared memory for the at least one rule;means for limiting modification of the platform to properly authorized users including defining the request to modify the platform as an access demand in which the user is identified as the subject of the access demand and the comparing means determines if at least one rule matches the access demand and permits access, the means for limiting modification includes validating a security code; a daemon process which modifies rules in the shared memory and in the rules file consistent with the input from a properly authorized user;
then sends the modifications to any other daemon process in the system; anda message queue which accepts all messages input to the platform related to modification of the platform and which keeps any other user'"'"'s input from the daemon process until the daemon process has completed modifying rules consistent with the input from the immediate authorized user.
-
-
14. A method for limiting access within a computer system to provide security therefor, comprising the steps of:
-
specifying each type of access of interest by an identifier; defining, for each type of access of interest, at least one rule which identifies the access type by the identifier and specifies access in terms of users, users being either persons or system resources, for which the access of interest is defined as permitted and two or more system resources to which the access of interest relates in the order listed in the at least one rule; accepting an access demand sent by a user which identifies the access type of interest, and demands access in terms of the user for which access is demanded and the system resources to which the access demand relates in the order listed in the access demand; matching the access demand against the at least one rule; sending a positive access response for a direct match; if there is no direct match between the access demand and the at least one rule, determining if the at least one rule has an identifier which matches the access type of interest of the access demand; if there is no match between the at least one rule identifier and the access type of interest of the access demand, sending a negative access response; if there is a match between the at least one rule identifier and the access type of interest of the access demand, determining if there is a match between the user in the access demand with the user in the at least one rule for which the identifier matched the access type of interest; if there is no match between the user in the access demand and the user in the at least one rule, determining if the user is a member of a class of users and, if it is, determining if the class is the user of the at least one rule for which the access identifier matched that of the access type of interest in the access demand; if the class is not the user, sending a negative access response; if the class is the user, continuing as though there were a match between the user identified in the access demand and the user in the at least one rule; if there is a user match, determining if the at least one rule in which the identifier and the user matches respectively the access type and user of the access demand identifies the first through nth resources in the same position as the position of the first through nth resources identified in the access demand; if the resources match, providing a positive access signal; if there is not a match of the first through n resources between the at least one rule and the access demand, determining for any unmatched first through nth resources of the access demand, if a rule exists which defines the unmatched resource as a member of a class of resources; determining if the class of resources for the unmatched resource occupies the position in the at least one rule with which the access type, user and preceding resources match that of the access demand; if the class does not occupy the resource position, providing a negative access response; if the class does occupy the resource position, proceeding as though there were a match; sending a negative access response if a resource at the location defined in the access demand is unmatched by a comparable resource in the at least one rule; and sending a positive access response if the access type, user and resources at the location defined in the access demand is matched by a comparable identifier, user, and resources in the at least one rule. - View Dependent Claims (15, 16)
-
Specification