Process for transparently enforcing protection domains and access control as well as auditing operations in software components
First Claim
1. A method for modifying a software component to conform to predefined security and access policies, which may include collecting measurement information relating to the execution of the software component, comprising the steps of:
- (a) providing a set of security and access policies that may be applicable during the execution of the software component;
(b) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;
(c) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and
(d) enforcing the security and access policies on the modified software component during its execution.
3 Assignments
0 Petitions
Accused Products
Abstract
An original software component is modified in accordance with a site'"'"'s security policy provisions prior to being executed by a component system or computer at the site. The original software component is intercepted by an introspection service running on a server or on the component system prior to execution on the component system. The introspection service analyzes the software component by parsing it, and based on the information it determines, a security policy service instructs an interposition service how to modify the software component so that it conforms to the security policy service requirements. The interposition service thus produces a modified software component by inserting code for security initialization and for imposing security operations on the original component operations. When the modified software component is executed, an enforcement service follows the security operations that were injected into the software component, which instruct the enforcement service on associating component system objects with security identifiers. For example, a security identifier is associated with the software component. In addition, the enforcement service determines when and how to perform access checks, protection domain transfers, and auditing during execution of the modified software component. Any of the services noted above can be executed by the computer intended to execute the software component or by a separate server.
219 Citations
36 Claims
-
1. A method for modifying a software component to conform to predefined security and access policies, which may include collecting measurement information relating to the execution of the software component, comprising the steps of:
-
(a) providing a set of security and access policies that may be applicable during the execution of the software component;
(b) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;
(c) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and
(d) enforcing the security and access policies on the modified software component during its execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer system that enables modification of a software component to conform to predefined security and access policies prior to execution of the software component, where said security and access policies may include collecting measurement information related to execution of the software component, comprising:
-
(a) at least one memory in which a plurality of machine instructions and a set of security and access policies are stored; and
(b) at least one processor that communicates with said at least one memory and which executes the machine instructions to implement a plurality of functions, said functions being implemented by one or more different processors comprising the computer system and including;
(i) accessing the set of security and access policies stored in the memory;
(ii) analyzing the software component to determine prior to its execution if any of the security and access policies are applicable to the software component;
(iii) modifying operations of the software component as necessary to conform it and its execution to the security and access policies, producing a modified software component; and
(iv) enforcing the security and access policies on the modified software component during its execution. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification