Method of making secure collaboration between objects of an object-oriented program
First Claim
1. A method of making secure, in an object-oriented program, collaboration between a data processing procedure of a client object and another data processing procedure of a server object of said program, the method comprising:
- assigning an authorization level to the client object;
assigning a dynamic sensitivity level to the data processing procedure of the server object when said server object is instantiated by an object constructor, said dynamic sensitivity level being computed on the basis of static sensitivity levels and the authorization level passed to the object constructor, the static sensitivity levels being held in a memory and being assigned respectively to different logical entities of the program;
causing the authorization level assigned to the client object to be passed to the data processing procedure of the server object along with the message sent by the data processing procedure of the client object to invoke the data processing procedure of said server object; and
checking, in the data processing procedure of the server object, whether the authorization level, which has been passed thereto, corresponds to a sensitivity level sufficient to allow collaboration between the client object and the server object, by comparing the authorization level with the assigned dynamic sensitivity level of the server object.
2 Assignments
0 Petitions
Accused Products
Abstract
A method consists in assigning an authorization level (AUTH) to a client object and a "dynamic" sensitivity level (DSL) to a method (or data processing procedure) of a server object (ProcObjSv). The dynamic sensitivity level is computed based on static sensitivity levels (SSLs) at the moment when the server object is instantiated. The authorization level of the client object is passed to the method of the server object when the method of the server object is invoked by the client object, and this authorization level (AUTH) is compared with the dynamic sensitivity level (DSL) of the method in order to control access. The method makes it possible to implement a multi-level security model.
-
Citations
2 Claims
-
1. A method of making secure, in an object-oriented program, collaboration between a data processing procedure of a client object and another data processing procedure of a server object of said program, the method comprising:
-
assigning an authorization level to the client object; assigning a dynamic sensitivity level to the data processing procedure of the server object when said server object is instantiated by an object constructor, said dynamic sensitivity level being computed on the basis of static sensitivity levels and the authorization level passed to the object constructor, the static sensitivity levels being held in a memory and being assigned respectively to different logical entities of the program; causing the authorization level assigned to the client object to be passed to the data processing procedure of the server object along with the message sent by the data processing procedure of the client object to invoke the data processing procedure of said server object; and checking, in the data processing procedure of the server object, whether the authorization level, which has been passed thereto, corresponds to a sensitivity level sufficient to allow collaboration between the client object and the server object, by comparing the authorization level with the assigned dynamic sensitivity level of the server object. - View Dependent Claims (2)
-
Specification