System and method for securing a program's execution in a network environment
First Claim
Patent Images
1. In a client-server environment having a first server coupled to receive a program from a second server, a computer-implemented method for securing the execution of the program on said first server, said method comprising:
- configuring said first server to permit execution of the program based on a configurable security characteristic of said program;
receiving at said first server said program transferred from said second server;
checking said program for said configurable security characteristic; and
executing said program on said first server if permitted by said configurable security characteristic and by a configurable security policy of said first server, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for securing a program'"'"'s execution in a network environment is presented. A first server is configured to permit execution of a program from a second server based on a configurable security characteristic of the program. The first server receives the program transferred from the second server. Subsequently, the program is checked for the configurable security characteristic. The program is executed on the first server if permitted by the configurable security characteristic.
-
Citations
26 Claims
-
1. In a client-server environment having a first server coupled to receive a program from a second server, a computer-implemented method for securing the execution of the program on said first server, said method comprising:
-
configuring said first server to permit execution of the program based on a configurable security characteristic of said program;
receiving at said first server said program transferred from said second server;
checking said program for said configurable security characteristic; and
executing said program on said first server if permitted by said configurable security characteristic and by a configurable security policy of said first server, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
configuring said first server to permit the execution of a program based on its network source.
-
-
3. The method of claim 2 wherein said step of checking comprises checking for a digital signature.
-
4. The method of claim 2 wherein said step of configuring comprises:
configuring said first server to permit the execution of a program from any of a predetermined plurality of network sources.
-
5. The method of claim 2 wherein said step of configuring comprises:
configuring said first server to disallow the execution of a program from any of a predetermined plurality of network sources.
-
6. The method of claim 2 wherein said step of configuring comprises:
configuring said first server to allow the execution of only signed programs.
-
7. The method of claim 2 wherein said step of configuring comprises:
configuring said first server to allow the execution of unsigned programs.
-
8. The method of claim 1, further comprising:
rejecting pointers directly to memory above a predetermined level of said program.
-
9. The method of claim 1, further comprising:
strictly checking the usage of types in said program.
-
10. The method of claim 1 wherein said program comprises an object having a public interface, and the method further comprising the step of:
forcing access to said object through said public interface.
-
11. The method of claim 1 wherein before said step of executing the following step occurs:
verifying said program for security purposes.
-
12. The method of claim 11 wherein said step of verifying comprises
checking the format of the code of said program. -
13. The method of claim 1 wherein before said step of executing the following step occurs:
-
ordering a plurality of classes according to the trustedness of the respective source of each class; and
rejecting a requested replacement of a class with a less trusted class.
-
-
14. The method of claim 1 wherein before said step of executing the following step occurs:
-
ordering a plurality of classes according to the trustedness of the respective source of each class; and
enforcing namespaces across said ordered plurality of classes.
-
-
15. The method of claim 1 wherein said step of executing comprises
accessing a resource by means of a predetermined method that checks whether said program can access said resource. -
16. The method of claim 1 wherein said step of executing comprises accessing a resource, including checking said accessing against a configurable security policy.
-
17. The method of claim 16 wherein said step of accessing comprises
checking said accessing against a security policy configured on a per-resource basis. -
18. The method of claim 16 wherein said step of accessing comprises
checking said accessing against a security policy configured on a access-type-per-resource basis. -
19. The method of claim 16 wherein said step of accessing comprises
checking said accessing against a security policy configured to completely trust signed programs. -
20. The method of claim 16 wherein said step of accessing comprises
checking said accessing against a securing policy configured to block unsigned programs from executing any one of Hypertext Transfer Protocol (HTTP) requests, HTTP responses and interservlet communications.
-
21. An article of manufacture comprising a medium for data storage wherein is located a computer program for causing a client-server computer system having a first server coupled to receive a program from a second server to secure the execution of a program on said first server processor by:
-
configuring said first server to permit the execution of the program based on a configurable security characteristic of said program transferred from said second server;
checking said program for said configurable security characteristic; and
executing said program on said first server if permitted by said configurable security characteristic and by a configurable security policy of said first server, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have.
-
-
22. A client-server computer system, comprising:
-
a network;
a first server; and
a second server, coupled to said first server by said network, said second server comprising a medium for data storage wherein is located a computer program for causing said second server to secure the execution of a program on said second server by;
configuring said second server to permit the execution of the program based on a configurable security characteristic of said program;
receiving said program from said first server;
checking said program for said configurable security characteristic; and
executing said program on said second server if permitted by said configurable security characteristic and by a configurable security policy of said second server, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have.
-
-
23. A method for securing execution of a program on a client machine, comprising:
-
configuring the client machine to permit execution of the program based on a configurable security characteristic of the program;
providing the program to the client machine;
determining if the program contains the configurable security characteristic; and
executing the program based on the determination and based on a configurable security policy of a machine, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of machines and the configurable accesses the machines can have.
-
-
24. An article of manufacture specifying a representation of a program stored in a computer-readable storage medium and capable of execution by a machine in a distributed system, the article of manufacture comprising:
the program containing a configurable security characteristic in the computer-readable medium, the configurable security characteristic being detectable by the client machine and used by the client machine for determining whether to execute the program, wherein the client machine also executes the program based on a configurable security policy, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of machines and the configurable accesses the machines can have.
-
25. In a client-server environment having a first server and a second server, a computer implemented method for securing execution of a program on said first server, said method comprising the steps of:
-
receiving the program from the second server;
executing the program on the first server in accordance with a configurable security policy; and
re-configuring the first server during execution of the program to reflect any changes to the configurable security policy determined during execution said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have.
-
-
26. In a client-server environment having a first server coupled to receive a program from a second server, a computer-implemented method for securing execution of a servlet based on a characteristic of the servlet, said method comprising:
-
receiving at said second server a servlet having a configurable security characteristic; and
executing the servlet in accordance with the configurable security characteristic and a security policy associated with the second server, said configurable security policy comprising a list of configurable resources, a list of configurable accesses possible for each resource, and a cross-list of servers and the configurable accesses the servers can have.
-
Specification