Object security boundaries

US 6,487,665 B1
Filed: 11/30/1998
Issued: 11/26/2002
Est. Priority Date: 11/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing security services to a secured object residing in a process and called from a calling object residing in the process, the method comprising:

interposing security logic between the secured object and the calling object to monitor calls directed to the secured object;

responsive to a call directed to the secured object by the calling object, wherein an identity is associated with the call, automatically executing the security logic to evaluate the associated identity; and

selectively blocking the call as a result of evaluating the associated identity with the security logic to enforce a security boundary between the calling object and the secured object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An object-based security framework provides for intra-process security boundaries. An application developer can define security settings declaratively at the object, interface, and method level using a graphical interface. When the application is deployed, the settings are placed into a central store and can be modified at a later time. At runtime, logic outside the application objects enforces the security boundaries, relieving the developer of having to incorporate security logic into the application. Changes to the security can be implemented by changing the settings without having to change the application objects. In addition to checking for identity, the security framework supports roles and enforces specified authentication levels. The integrity of an application'"'"'s security scheme is retained when the application is combined with another application in the framework.

Citations

24 Claims

1. A method for providing security services to a secured object residing in a process and called from a calling object residing in the process, the method comprising:
- interposing security logic between the secured object and the calling object to monitor calls directed to the secured object;
  
  responsive to a call directed to the secured object by the calling object, wherein an identity is associated with the call, automatically executing the security logic to evaluate the associated identity; and
  
  selectively blocking the call as a result of evaluating the associated identity with the security logic to enforce a security boundary between the calling object and the secured object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer-readable medium having computer-executable instructions for performing the steps of claim 1.
  - 3. The method of claim 1 wherein the blocking step further evaluates an authentication level to determine whether to block the call, the method further comprising:
4. The method of claim 1 wherein the security logic compares the associated identity with a list of identities in a central store to determine whether to block the call, wherein the central store resides outside the secured object and is generated from settings specified through a graphical user interface.
5. The method of claim 1 wherein the security logic is a security policy invoked by a wrapper interposed between the calling object and the secured object when the secured object is instantiated.
6. The method of claim 1 wherein the security logic is a security policy invoked by a wrapper interposed between the calling object and the secured object when a reference to the secured object is unmarshaled.
7. The method of claim 1 wherein the call invokes a method on the secured object and the security logic compares the associated identity with a list of identities permitted to access the method to determine whether to block the call.
8. The method of claim 7 wherein calls by any identity are permitted to the calling object.

9. In a computer system executing a program in a process, wherein calls from the program are associated with an identity, a method of enforcing a security boundary within the process comprising:
- maintaining a security settings store comprising security settings for a secured object executing in the process, the security settings indicative of which identities are authorized to access the secured object;
  
  before allowing access to the secured object by the program, consulting the store with logic outside the secured object and outside the program to determine if the associated identity is authorized to access the secured object; and
  
  blocking access to the object with the logic if the store does not indicate the associated identity is authorized to access the object.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A computer-readable medium having computer-executable instructions for performing the steps of claim 9.
  - 11. The method of claim 9 wherein the object is grouped with other objects into an application for deployment on a host computer system, the method further comprising:
12. The method of claim 9 whereinthe store indicates a minimum acceptable authentication level for the secured object;
- a call to the secured object has an associated authentication level; and
  
  the blocking step blocks access to the secured object whenever the associated authentication level is insufficient to satisfy the minimum acceptable authentication level.
13. The method of claim 9 whereinthe program accesses the secured object through an invoked interface to the object, the store comprises settings indicative of which identities are authorized to access particular interfaces to the secured object;
- and the blocking step blocks access to the object as a result of determining the store indicates the associated identity is not authorized to access the invoked interface to the object.
14. The method of claim 9 whereinthe client program accesses the secured object through a called method of an interface to the object, the store comprises settings indicative of which identities are authorized to access particular methods of the secured object;
- and the blocking step blocks access to the object as a result of determining the store indicates the associated identity is not authorized to access the called method of the interface to the object.
15. The method of claim 9 further comprising:
- placing a wrapper between the client program and the secured object to redirect calls to the secured object to the wrapper, wherein the blocking step is performed by the wrapper.
16. The method of claim 9 further comprising:
- collecting at least some of the security settings in the store through a graphical interface depicting the secured object.

17. A method of enforcing a per-method security boundary within a process in a computer system, the method comprising:
- maintaining at the computer system a central security settings store comprising security settings for a first secured object having a plurality of methods, the security settings indicative of which user identities are permitted to access the methods, wherein a first method of the methods has different security settings than a second method of the methods and at least some of the security settings in the security settings store are configurable using a graphical user interface depicting the first object and the first object'"'"'s methods;
  
  creating the first object in the process;
  
  creating a second object in the process;
  
  interposing a wrapper between the first object and the second object to redirect a second object'"'"'s call to the first object to the wrapper, wherein the call is associated with a user identity;
  
  upon receiving the call to the first object, invoking a security policy with the wrapper to perform a security check upon receiving the call, wherein the security check comprises consulting the security settings;
  
  store to determine if the user identity associated with the second object is permitted to access the first object; and
  
  as a result of the security check choosing between forwarding the call to the first object if the security settings store indicates the user identity is permitted to access the first object and blocking the call if the security settings store indicates the user identity is not permitted to access the first object.

18. An object-based security framework for providing a security boundary between a secured object executing in a process and a program calling the secured object, wherein the program is executing in the process and calls from the program are associated with an identity, the security framework comprising:
- a store for maintaining security settings indicative of an authorized set of identities authorized to call the secured object;
  
  a wrapper operative to selectively forward calls to the secured object and further operative to invoke logic for monitoring calls to the secured object to enforce an intra-process security boundary between the secured object and the program by consulting the store to block calls to the secured object from the calling program if the associated identity is not in the authorized set of identities authorized to call the secured object;
  
  an activator operative to execute responsive to a request to create the secured object and interpose the wrapper between the program and the secured object to redirect calls to the secured object to the wrapper.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The framework of claim 18 wherein the wrapper is a lightweight wrapper operative to perform security functions without performing marshaling of parameters other than interface pointers.
  - 20. The framework of claim 18 wherein
21. The framework of claim 18 wherein the activator is one of a plurality of activators in an activation chain, the activator invoked by an object activation service.
22. The framework of claim 18 wherein the security policy is a replaceable object employing a predefined interface convention for receiving events.
23. The framework of claim 18 wherein security boundaries are selectively placed between a first object and a second object whenever the first object and the second object are members of different applications.

24. A method of providing a requesting client program with a reference to an object of a requested class to enforce a security boundary between the client program and the object transparently to the client program and the object, wherein a call from the client program is associated with an identity, the method comprising:
- instantiating an instance of an object of the requested class in a same process as the client program;
  
  acquiring an interface to the instance of the object; and
  
  interposing a security policy between the client program and the interface of the object by providing the client program with a reference to a wrapper operative to invoke the security policy transparently to the client program, wherein the wrapper automatically invokes the security policy to selectively block calls to the interface based on the identity associated with the client program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Andrews, Anthony D., Hill, Richard D., Thatte, Satish R., Norlander, Rebecca A., Armanasu, Alexander A.
Primary Examiner(s)
Wright, Norman M.

Application Number

US09/201,060
Time in Patent Office

1,457 Days
Field of Search

713/200, 713/201, 713/202, 707/103, 709/3, 709/5, 709/229, 380/3, 380/4
US Class Current

726/26
CPC Class Codes

G06F 21/629   to features or functions of...

G06F 9/468   Specific access rights for ...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

Object security boundaries

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Object security boundaries

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links