Process for transparently enforcing protection domains and access control as well as auditing operations in software components

US 6,317,868 B1
Filed: 10/07/1998
Issued: 11/13/2001
Est. Priority Date: 10/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for modifying a software component to conform to predefined security and access policies, which may include collecting measurement information relating to the execution of the software component, comprising the steps of:

(a) providing a set of security and access policies that may be applicable during the execution of the software component;

(b) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;

(c) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and

(d) enforcing the security and access policies on the modified software component during its execution.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An original software component is modified in accordance with a site'"'"'s security policy provisions prior to being executed by a component system or computer at the site. The original software component is intercepted by an introspection service running on a server or on the component system prior to execution on the component system. The introspection service analyzes the software component by parsing it, and based on the information it determines, a security policy service instructs an interposition service how to modify the software component so that it conforms to the security policy service requirements. The interposition service thus produces a modified software component by inserting code for security initialization and for imposing security operations on the original component operations. When the modified software component is executed, an enforcement service follows the security operations that were injected into the software component, which instruct the enforcement service on associating component system objects with security identifiers. For example, a security identifier is associated with the software component. In addition, the enforcement service determines when and how to perform access checks, protection domain transfers, and auditing during execution of the modified software component. Any of the services noted above can be executed by the computer intended to execute the software component or by a separate server.

219 Citations

36 Claims

1. A method for modifying a software component to conform to predefined security and access policies, which may include collecting measurement information relating to the execution of the software component, comprising the steps of:
- (a) providing a set of security and access policies that may be applicable during the execution of the software component;
  
  (b) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;
  
  (c) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and
  
  (d) enforcing the security and access policies on the modified software component during its execution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the step of analyzing includes the step of parsing code comprising the software component to determine abstractions or object types supported thereby, and the operation of said abstractions or object types.
  - 3. The method of claim 2, wherein the step of analyzing further includes the steps of determining any authorization information for the software component;
    - and, based on the abstractions or object types, operations on said abstractions or object types, and the authorization information, determining each security and access policy that is applicable to the software component.
  - 4. The method of claim 3, further comprising the step of determining the operations that require at least one of an access control check, a protection domain transfer, and auditing.
  - 5. The method of claim 2, wherein the step of modifying comprises the steps of adding a security initialization code to the software component;
    - and, imposing security operations on the operation of the software component consistent with the security and access policies.
  - 6. The method of claim 5, wherein the security operations indicate how to associate component system objects with security identifiers, and when and how to perform access checks, protection domain transfers, and auditing.
  - 7. The method of claim 1, wherein if the set of security and access policies is revised, further comprising the step of changing the modified software component to provide a new modified software component that incorporates changes consistent with the revised set of security and access policies.
  - 8. The method of claim 1, further comprising the step of authenticating a user prior to permitting the user to execute the modified software component.
  - 9. The method of claim 8, wherein during execution of the software component, if a new thread of control is detected, a security identifier for a subject is identified and an association between the subject and its security identifier is registered to facilitate enforcement of the security and access policies.
  - 10. The method of claim 1, wherein the step of enforcing the security and access policies includes the step of invoking an enforcement service before the software component is executed, said enforcement service determining whether it is necessary to associate a component system object with a security identifier, and if so, establishing an association between the component system object and the security identifier.
  - 11. The method of claim 10, wherein the step of enforcing further comprises the step of the enforcement service determining whether access checks should be performed on the modified software component prior to permitting it to execute, and if said access checks are not successful, the enforcement service precludes the modified software component from executing.
  - 12. The method of claim 10, wherein the step of enforcing further comprises the steps of the enforcement service determining whether a protection domain transfer is required, and if so, determining a new security identifier for a subject.
  - 13. The method of claim 1, further comprising the step of creating an audit record during the execution of the modified software component.
  - 14. The method of claim 1, further comprising the step of providing a cache that temporarily stores data previously obtained from referencing the security policies relating to the software component, to make said data more readily available during the step of enforcing the security and access policies.
  - 15. The method of claim 14, wherein the data stored within the cache indicates at least one of an association between a security identifier and an object of the software component, between a security identifier and an access mode, and between a security identifier and a name, said data being determined by reference to the security and access policies.
  - 16. The method of claim 1, further comprising the step of storing the modified software component in a cache to enable it to be loaded from the cache and executed when the software component again needs to be executed, so that it is not necessary to reproduce the modified software component.
  - 17. The method of claim 1, wherein the security and access policies define how the software component is modified to enable the information related to its execution to be collected, further comprising the step of collecting the information related to the execution of the modified software component.

18. A computer system that enables modification of a software component to conform to predefined security and access policies prior to execution of the software component, where said security and access policies may include collecting measurement information related to execution of the software component, comprising:
- (a) at least one memory in which a plurality of machine instructions and a set of security and access policies are stored; and
  
  (b) at least one processor that communicates with said at least one memory and which executes the machine instructions to implement a plurality of functions, said functions being implemented by one or more different processors comprising the computer system and including;
  
  (i) accessing the set of security and access policies stored in the memory;
  
  (ii) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;
  
  (iii) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and
  
  (iv) enforcing the security and access policies on the modified software component during its execution.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 19. The computer system of claim 18, wherein a processor included in one of the computer system and a different computer system executes the modified software component.
  - 20. The computer system of claim 18, wherein the modified software component is executed by a different processor disposed in a computer that is different than that in which a processor that implements at least some of functions (i) through (iv) is disposed.
  - 21. The computer system of claim 18, wherein the software instructions cause a processor to parse code comprising the software component to determine abstractions or object types supported thereby, and the operation of said abstractions or object types.
  - 22. The computer system of claim 20, wherein the machine instructions further cause a processor to determine any authorization information for the software component;
    - and, based on the abstractions or the object types, operations of the abstractions or the object types, and the authorization information, to determine each security policy that is applicable to the software component.
  - 23. The computer system of claim 22, wherein the machine instructions further cause a processor to determine the operations performed by the software component that require at least one of an access control check, a protection domain transfer, and auditing.
  - 24. The computer system of claim 21, wherein a security initialization code is added to the software component when the software component is modified by a processor, and security operations are imposed on the operation of the software component consistent with the security and access policies.
  - 25. The computer system of claim 24, wherein while analyzing the software component, a processor associates component system objects with security identifiers, and the security operations indicate when and how to perform access checks, protection domain transfers, and auditing during execution of the software component.
  - 26. The computer system of claim 18, wherein if the set of security and access policies is revised, the machine instructions cause a processor to further modify the modified software component so that a new modified software component is created that incorporates changes consistent with the revised set of security and access policies.
  - 27. The computer system of claim 18, wherein the machine instructions cause a processor to authenticate a user prior to permitting the user to execute the modified software component.
  - 28. The computer system of claim 27, wherein during execution of the software component, if a new thread of control is detected by a processor, a security identifier for a subject is identified and an association between the subject and its security identifier are registered to facilitate enforcement of the security and access policies.
  - 29. The computer system of claim 18, wherein to enforce the security and access policies, an enforcement service is invoked before the software component is executed, said enforcement service determining whether it must associate a component system object with a security identifier, and if so, establishing an association between the component system object and the security identifier.
  - 30. The computer system of claim 29, wherein the enforcement service determines whether access checks should be performed on the modified software component prior to permitting it to execute, and if said access checks are not successful, the enforcement service precludes the modified software component from executing.
  - 31. The computer system of claim 29, wherein the enforcement service determines whether a protection domain transfer is required, and if so, determines a new security identifier for a subject.
  - 32. The computer system of claim 18, wherein the machine instructions further cause a processor to create an audit record during the execution of the modified software component.
  - 33. The computer system of claim 18, wherein the machine instructions further cause a processor to provide a cache in the memory that temporarily stores data previously obtained from referencing the security and access policies relating to the software component, said cache making said data more readily available for enforcing the security and access policies.
  - 34. The computer system of claim 33, wherein the data stored within the cache provides at least one of an association between a security identifier and an object of the software component, between a security identifier and an access mode, and between a security identifier and a name, said data being provided by reference to the security and access policies.
  - 35. The computer system of claim 18, wherein the machine instructions further cause a processor to provide a cache in the memory that stores the modified software component once it is produced, so that subsequently when the software component must again be executed, the modified software component can be loaded from the cache for execution, avoiding the need to again produce the modified software component.
  - 36. The computer system of claim 18, wherein the machine instructions further cause a processor to modify the software component to enable information related to the execution of the modified software component to be collected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Washington, Washington University In St Louis
Original Assignee
University of Washington
Inventors
Grimm, Robert, Bershad, Brian N.
Primary Examiner(s)
Chaki, Kakali
Assistant Examiner(s)
DAM, TUAN QUANG

Application Number

US09/168,125
Time in Patent Office

1,133 Days
Field of Search

717/2-4, 717/11, 713/200, 713/201, 713/151, 713/156, 713/165, 713/167, 714/47, 705/51, 707/203, 707/200, 709/316, 709/315, 709/332, 709/246, 709/232, 709/225, 709/223
US Class Current

717/127
CPC Class Codes

G06F 21/125 by manipulating the program...

Process for transparently enforcing protection domains and access control as well as auditing operations in software components

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

219 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Process for transparently enforcing protection domains and access control as well as auditing operations in software components

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links