Process restriction within file system hierarchies

US 6,026,402 A
Filed: 01/07/1998
Issued: 02/15/2000
Est. Priority Date: 01/07/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems, comprising the steps of:

providing a host computer system within which multiple processes operate;

each process having simultaneous access to multiple, discrete, hierarchically-organized file systems,permitting a privileged process, operating on behalf of a specially authorized user, to designate sub-hierarchies within one or more of the available file systems,changing the behavior of the host system such that for each such file system sub-hierarchy assigned to a process, the process is prevented from accessing or even addressing any file system objects outside the assigned sub-hierarchy in the respective file system, andchanging the behavior of the host system such that, after the assignment of such sub-hierarchies to a process, the restriction is also assigned to and enforced against any further process it subsequently creates.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and apparatus for restricting a process or process hierarchy to a subset of a computer host'"'"'s file system(s) in an environment where all file systems are simultaneously available to an application. A caller is provided with the ability to arrange for the restriction of a process hierarchy (consisting of a process and all the processes it may subsequently create) to a set of file system sub-hierarchies. When a process executes within a restriction domain in which a sub-hierarchy has been specified for each of the available file systems, an embodiment of the invention will modify the usual operation of the host computer'"'"'s operating system interface such that any file system access attempts by the affected process are constrained to occur logically within the restriction domain.

Citations

11 Claims

1. A method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems, comprising the steps of:
- providing a host computer system within which multiple processes operate;
  
  each process having simultaneous access to multiple, discrete, hierarchically-organized file systems,permitting a privileged process, operating on behalf of a specially authorized user, to designate sub-hierarchies within one or more of the available file systems,changing the behavior of the host system such that for each such file system sub-hierarchy assigned to a process, the process is prevented from accessing or even addressing any file system objects outside the assigned sub-hierarchy in the respective file system, andchanging the behavior of the host system such that, after the assignment of such sub-hierarchies to a process, the restriction is also assigned to and enforced against any further process it subsequently creates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems in an environment where many discrete file systems may be simultaneously accessible to the processes as claimed in claim 1, further comprising creating and managing a set of data structures in association with each process to which the restrictions are applied such that each process can be separately controlled, wherein, subsets of file system hierarchies are simultaneously specified in a system call to identify which process or processes are to be restricted.
  - 3. A method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems as claimed in claim 2, the system call further comprising, a SetProcessRootDirectrories( ) call applied to an identified process, wherein, the file system hierarchy for each designated file system is completely unrelated to the path specified for other file systems.
  - 4. The method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems as claimed in claim 3, further comprising a restricted domain to which a process hierarchy is restricted and contains exactly one such sub-hierarchy corresponding to each file system or potential file system available to processes executing on the computer system.
  - 5. The method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems as set forth in claim 4, wherein, when a process executes within a restriction domain in which a sub-hierarchy has been specified for each of the available file systems, any file system access attempts by the affected process are constrained to occur logically within the restriction domain, wherein, a process may access only those file system objects contained within the previously specified file system sub-hierarchies.
  - 6. The method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems as set forth in claim 5, further comprising the method steps of:
    - hiding the actual location of all accessible file system objects from the affected process by causing the operating system to interpret file system path names (for such a process) such that the file system node specified as the root of the restriction sub-hierarchy is the apparent root of the entire file system hierarchy for that file system, and wherein, if the restriction domain contains an empty sub-hierarchy for a file system, the operating system is modified to simply disallow all attempts to access file system nodes residing on that file system.
  - 7. The method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems as set forth in claim 5, the method further comprising the step of, before returning to the kernel driver loader, the process restriction filter driver inserting itself in the I/O execution path for all devices currently holding a file system--i.e., it must attach itself to the driver that is currently at the top of the driver stack that deals with each file system.
  - 8. A method for restricting a process or set of processes to a subset of a host computer system'"'"'s file systems in an environment where many discrete file systems may be simultaneously accessible to the processes as claimed in claim 1, further comprising the step of inheriting restrictions by subsequently created processes in which a new set of data structures are created by copying the data structures of the creator, and wherein the new set of data structures is maintained in association with the new process such that the new process is subjected to the same restrictions as its creator.

9. A method for restricting a process or set of processes in which the process state is conceptually a list of pairs, each pair consisting of a device and a restriction hierarchy to apply to that device, wherein another component can register to receive notification of such an event, comprising the method steps of:
- calling PsSetCreateProcessNotifyRoutine( ) to register itself for the notification,identifying a first process,locating a first set of state data structures associated with the first process,allocating memory for a new set of data structures,copying the contents of first set of state data structures to the new set of data structures, wherein, the new of data structures are inserted into the first set of data structures using the new process ID as a key,distinguishing the device, further comprising the steps of;
  
  identifying each local file system by its own file system device object as the corresponding object created by the process restriction filter driver is sufficient to distinguish the device, andidentifying removable media file systems by assigning a serial number to each device such that when file system restrictions are imposed against a process, the serial number of each respective file system device is recorded in the process state data structures.
- View Dependent Claims (10, 11)
- - 10. A method for restricting a process or set of processes on remote file systems provided by the redirectors as claimed in claim 9, further comprising:
    - storing an additional piece of information on the process restriction filter to distinguish one "drive" or file system from another, and further comprising the step of, when the drive is connected, the user provides a drive name (F;
      
      , G;
      
      , etc.); and
      
      passing the drive name, as the first component of file path names, to the redirector on I/O requests referring to the remote file system.
  - 11. A method for restricting a process or set of processes on remote file systems provided by the redirectors as claimed in claim 10, further comprising the step of the filter detecting situations in which it is being asked to restrict a process within a network file system by recognizing that the request has been sent through the device object corresponding to the redirector file system ("\Device\LanmanRedirector"), andretrieving the name associated with the specified hierarchy, andparsing the name as follows:
    - drive name (with a colon) followed by host computer name and share name, wherein the device object along with the initial path name including the drive name, host and share name forms the "file system identifier" for that file system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Barber, Jeffrey S., Vossen, Joseph K.
Primary Examiner(s)
Homere, Jean R.

Application Number

US09/004,131
Time in Patent Office

769 Days
Field of Search

707/9, 707/10, 707/101, 707/102, 395/200.31, 395/200.47, 395/200.55, 395/200.59
US Class Current

1/1
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 21/6218   to a system of files or obj...

G06F 2221/2145   Inheriting rights or proper...

G06F 9/46   Multiprogramming arrangements

G06F 9/468   Specific access rights for ...

Y10S 707/99939   Privileged access

Process restriction within file system hierarchies

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Process restriction within file system hierarchies

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links