Automatic object caller chain with declarative impersonation and transitive trust

US 6,604,198 B1
Filed: 05/03/2002
Issued: 08/05/2003
Est. Priority Date: 11/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. In an object runtime security services system for accommodating a plurality of secured objects on a computer, a computer-implemented method for providing a list of caller identities for a particular secured object called by a calling object in a chain of a plurality of calling programs, wherein calls directed to the secured objects are associated with identities, the method comprising:

for the calls directed to the secured objects, performing the steps;

intercepting the call to redirect the call to the security services system;

acquiring an identity associated with the call; and

adding the identity associated with the call to the list of caller identities.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.

Citations

26 Claims

1. In an object runtime security services system for accommodating a plurality of secured objects on a computer, a computer-implemented method for providing a list of caller identities for a particular secured object called by a calling object in a chain of a plurality of calling programs, wherein calls directed to the secured objects are associated with identities, the method comprising:
- for the calls directed to the secured objects, performing the steps;
  
  intercepting the call to redirect the call to the security services system;
  
  acquiring an identity associated with the call; and
  
  adding the identity associated with the call to the list of caller identities.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A computer-readable medium having computer-executable instructions for performing the steps of claim 1.
  - 3. The method of claim 1 further comprising:
4. The method of claim 1 further comprising:
- when intercepting a call to the particular secured object, performing an access check for the particular secured object by comparing an identity in the list of caller identities against a set of permitted identities; and
  
  blocking the call directed to the particular secured object as a result of determining the identity is not in the set.
5. The method of claim 1 further comprising:
- consulting the list of caller identities with the particular secured object to determine if access to the secured object is permitted.
6. The method of claim 1 wherein calls to the secured objects are associated with an authentication level, the method further comprising:
- tracking a minimum authentication level for the list of caller identities;
  
  when intercepting a call to the particular secured object, performing an access check for the particular secured object by comparing the minimum authentication level with a specified acceptable authentication level; and
  
  blocking the call directed to the particular secured object as a result of determining the minimum authentication level does not satisfy the specified acceptable authentication level.
7. A computer-readable medium having computer-executable instructions for performing the steps of claim 6.

8. In a runtime security service, a computer-implemented method for building a called object'"'"'s caller chain from a list of caller identities for a calling object, the method comprising:
- receiving a caller chain transfer style;
  
  receiving the list of caller identities for the calling object;
  
  if the caller chain transfer style indicates copy, providing the list of caller identities for the calling object as the called object'"'"'s caller chain; and
  
  if the caller chain transfer style does not indicate copy, performing the following steps;
  
  acquiring an identity associated with the calling object; and
  
  providing the list of caller identities for the calling object with the identity associated with the calling object added thereto as the called object'"'"'s caller chain.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 wherein the called object'"'"'s caller chain is provided responsive to a request for a caller chain from the called object.
  - 10. The method of claim 8 wherein a most recently added caller in the called object'"'"'s caller chain is provided responsive to a request for the direct caller to the called object.
  - 11. The method of claim 8 further comprising:
12. The method of claim 11 wherein identities in a role'"'"'s membership are permitted to access the called object, the method further comprising:
- blocking a call to the called object if a direct caller in the called object'"'"'s caller chain indicates an identity not in the role'"'"'s membership.

13. A computer-implemented method of providing security services during a series of calls to a plurality of objects, the method comprising performing the following steps for the calls:
- receiving an incoming call directed to a method of a secured object, wherein the call is associated with a value indicative of a transfer style and an incoming list of caller identities;
  
  if the value indicative of a transfer style indicates a copy transfer style, storing the incoming list of caller identities in a caller list for the secured object;
  
  if the value indicative of a transfer style does not indicate a copy transfer style, consulting a system service to determine an identity associated with the incoming call and storing the incoming list of caller identities and the identity associated with the incoming call in the caller list for the secured object;
  
  consulting the caller list for the secured object to determine if a most recently added caller in the caller list is permitted to access the method;
  
  blocking the call directed to the method if the caller is not permitted; and
  
  if the call is permitted, forwarding the call to the secured object.

14. A computer-implemented method of securely transferring a list of caller identities for an object, wherein the list of caller identities comprises a direct caller identity most recently added to the caller identities, and the list of caller identities is sent into a method invocation queue by a sending object associated with a sender identity, the method comprising:
- upon retrieving the list of caller identities from the queue, determining if the direct caller identity matches the sender identity; and
  
  if the direct caller identity does not match the sender identity, consulting a list of trusted identities; and
  
  blocking transfer of the list of caller identities if the sender identity is not in the list of trusted identities.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 wherein the sending object is a method invocation queue recorder and the determining step is performed for a method invocation queue player.
  - 16. The method of claim 14 wherein the list of trusted identities is specified using a graphical user interface and stored in a central security settings store outside the object.
  - 17. A computer-readable medium having computer-executable instructions for performing the steps of claim 16.

18. A method for providing an impersonation service in a security framework accommodating objects, wherein calls to the objects are associated with an identity, the method comprising:
- at development time, specifying an object impersonates its callers by designating an impersonation setting;
  
  storing the impersonation setting outside the object in a security setting store;
  
  at runtime, intercepting a call directed to the object to determine if the impersonation setting indicates the object impersonates callers; and
  
  responsive to a request for an identity for calls from the object, providing an identity associated with the call directed to the object as a result of consulting the impersonation setting if the impersonation setting indicates the object impersonates callers.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 wherein the identity associated with the call directed to the object has an impersonation level, the method further comprising:
20. The method of claim 18 wherein the security setting indicates a particular method of the object designated as impersonating callers to the method.

21. A security framework for providing runtime security services to a plurality of programming objects, the framework comprising:
- a store of security settings indicating whether one of the programming objects automatically impersonates callers;
  
  a graphical user interface graphically depicting the programming object; and
  
  a graphical user interface control for designating the programming object as automatically impersonating callers thereto and operative to modify the store indicate the programming object automatically impersonates callers.
- View Dependent Claims (22)
- - 22. The security framework of claim 21 wherein the graphical user interface control is operative to designate a particular method of the programming object as automatically impersonating callers and to designate another method of the programming object as not automatically impersonating callers.

23. A security framework for providing runtime security services to a plurality of secured objects, the framework comprising:
- a list of caller identities associated with calls to a secured object;
  
  a security context object for receiving and recording a caller chain transfer style;
  
  a caller chain builder operative to provide a copy of the list of caller identities associated with a call from a first secured object responsive to a request for the list of caller identities associated with a call to a second secured object if the security context object indicates a caller chain transfer style of copy;
  
  a wrapper positioned to intercept a call directed to the second secured object, invoke the caller chain builder upon intercepting the call, and selectively forward the call to the second object; and
  
  an activator operative to execute responsive to a request for access to the second secured object and interpose the wrapper between the first secured object and the second secured object.
- View Dependent Claims (24, 25, 26)
- - 24. The security framework of claim 23 wherein the security context object is operative to receive the caller chain transfer style from the first secured object through a private interface.
  - 25. The security framework of claim 24 wherein the list of caller identities associated with a call to the second secured object comprises a direct caller, the security framework further comprising:
26. The security framework of claim 25 wherein the set of permitted identities is generated by binding a list of users specified at deployment time of an application to a logical class of users specified at development time of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Beckman, Brian C., Andrews, Anthony D., Armanasu, Alexander A.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US10/137,911
Time in Patent Office

459 Days
Field of Search

713/164, 713/166, 713/168, 713/182, 713/200, 713/201, 713/167
US Class Current

713/167
CPC Class Codes

G06F 21/629   to features or functions of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

Automatic object caller chain with declarative impersonation and transitive trust

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic object caller chain with declarative impersonation and transitive trust

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links