Stack-based system and method to combine security requirements of methods
First Claim
Patent Images
1. A system that obtains security requirements for an action requested by a caller executing on a computer, the caller invoking at least one of a plurality of methods during execution, the system comprising:
- a call stack that stores representations of the plurality of methods in an order of invocation by the caller and security requirements for the plurality of methods; and
a determination unit that dynamically combines the method security requirements from the call stack to obtain the security requirements for the requested action.
2 Assignments
0 Petitions
Accused Products
Abstract
A system obtains the security requirements for an action requested by a thread executing on a computer. The thread invokes a plurality of methods during its execution. The system includes a call stack and a determination unit. The call stack stores an identifier and security requirements for each of the methods in the order that the methods were invoked by the thread. The determination unit combines the method security requirements from the call stack to obtain the security requirements for the requested action.
161 Citations
16 Claims
-
1. A system that obtains security requirements for an action requested by a caller executing on a computer, the caller invoking at least one of a plurality of methods during execution, the system comprising:
-
a call stack that stores representations of the plurality of methods in an order of invocation by the caller and security requirements for the plurality of methods; and
a determination unit that dynamically combines the method security requirements from the call stack to obtain the security requirements for the requested action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
a combination unit that combines the method security requirements from the call stack, overriding weaker method security requirements with stronger method security requirements.
-
-
9. The system of claim 1, wherein the caller is a thread executing on the computer.
-
10. The system of claim 1, wherein the caller is a program executing on the computer.
-
11. A system that obtains security requirements for an action requested by a thread executing on a computer, the thread invoking at least one of a plurality of methods during execution, the system comprising:
-
means for storing a method identifier and storing security requirements for a plurality of methods when invoked by the thread;
means for dynamically combining the stored method security requirements; and
means for obtaining the security requirements for the requested action from the combined method security requirements.
-
-
12. A computer-implemented method for determining security requirements of an action requested by an operation executing on a computer, the operation invoking at least one of a plurality of functions during execution, the method comprising the steps of:
-
storing a function identifier and storing security requirements for a plurality of functions when invoked by the operation;
receiving a request for the action from the operation;
dynamically combining the stored function security requirements; and
determining the security requirements of the requested action from the combined function security requirements.
-
-
13. A computer-readable medium containing instructions for controlling a computer to perform an action requested by an operation executing on the computer, the operation invoking a plurality of functions during execution, said instructions comprising:
-
storing a function identifier and storing security requirements for a plurality of functions when invoked by the operation;
receiving a request for the action from the operation;
dynamically combining the stored function security requirements;
determining security requirements of the requested action from the combined function security requirements; and
performing the requested action using the determined security requirements.
-
-
14. A data processing system comprising:
-
a memory including;
a program that invokes a plurality of methods during execution, a call stack that stores identifiers of the methods when invoked by the program and security requirements requested by each of the methods, and a runtime environment that receives a request for an action from the program, that combines the method security requirements of the methods in the call stack, that determines security requirements for the requested action from the combined method security requirements, and that performs the requested action using the determined security requirements; and
a processor for executing the runtime environment and the program.
-
-
15.
A method for determining the security requirements for an action requested by a thread executing on a computer, the method comprising: -
receiving a request for the action from the thread;
storing on a call stack a plurality of frames, including security requirements, corresponding to a plurality of methods invoked by the thread in an order of invocation by the thread; and
dynamically combining the method security requirements from the call stack to obtain the security requirements for the requested action. - View Dependent Claims (16)
-
Specification