Automatic object caller chain with declarative impersonation and transitive trust
First Claim
1. In an object runtime security services system for accommodating a plurality of secured objects on a computer, a computer-implemented method for providing a list of caller identities for a particular secured object called by a calling object in a chain of a plurality of calling programs, wherein calls directed to the secured objects are associated with identities, the method comprising:
- for the calls directed to the secured objects, performing the steps;
intercepting the call to redirect the call to the security services system;
acquiring an identity associated with the call; and
adding the identity associated with the call to the list of caller identities.
2 Assignments
0 Petitions
Accused Products
Abstract
An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.
-
Citations
26 Claims
-
1. In an object runtime security services system for accommodating a plurality of secured objects on a computer, a computer-implemented method for providing a list of caller identities for a particular secured object called by a calling object in a chain of a plurality of calling programs, wherein calls directed to the secured objects are associated with identities, the method comprising:
-
for the calls directed to the secured objects, performing the steps;
intercepting the call to redirect the call to the security services system;
acquiring an identity associated with the call; and
adding the identity associated with the call to the list of caller identities. - View Dependent Claims (2, 3, 4, 5, 6, 7)
providing the list of caller identities to the particular secured object.
-
-
4. The method of claim 1 further comprising:
-
when intercepting a call to the particular secured object, performing an access check for the particular secured object by comparing an identity in the list of caller identities against a set of permitted identities; and
blocking the call directed to the particular secured object as a result of determining the identity is not in the set.
-
-
5. The method of claim 1 further comprising:
consulting the list of caller identities with the particular secured object to determine if access to the secured object is permitted.
-
6. The method of claim 1 wherein calls to the secured objects are associated with an authentication level, the method further comprising:
-
tracking a minimum authentication level for the list of caller identities;
when intercepting a call to the particular secured object, performing an access check for the particular secured object by comparing the minimum authentication level with a specified acceptable authentication level; and
blocking the call directed to the particular secured object as a result of determining the minimum authentication level does not satisfy the specified acceptable authentication level.
-
-
7. A computer-readable medium having computer-executable instructions for performing the steps of claim 6.
-
8. In a runtime security service, a computer-implemented method for building a called object'"'"'s caller chain from a list of caller identities for a calling object, the method comprising:
-
receiving a caller chain transfer style;
receiving the list of caller identities for the calling object;
if the caller chain transfer style indicates copy, providing the list of caller identities for the calling object as the called object'"'"'s caller chain; and
if the caller chain transfer style does not indicate copy, performing the following steps;
acquiring an identity associated with the calling object; and
providing the list of caller identities for the calling object with the identity associated with the calling object added thereto as the called object'"'"'s caller chain. - View Dependent Claims (9, 10, 11, 12)
specifying a caller chain transfer style of copy with a method invocation queue recorder before traversing a method invocation queue; and
specifying a caller chain transfer style of copy with a method invocation queue player after traversing a method invocation queue.
-
-
12. The method of claim 11 wherein identities in a role'"'"'s membership are permitted to access the called object, the method further comprising:
blocking a call to the called object if a direct caller in the called object'"'"'s caller chain indicates an identity not in the role'"'"'s membership.
-
13. A computer-implemented method of providing security services during a series of calls to a plurality of objects, the method comprising performing the following steps for the calls:
-
receiving an incoming call directed to a method of a secured object, wherein the call is associated with a value indicative of a transfer style and an incoming list of caller identities;
if the value indicative of a transfer style indicates a copy transfer style, storing the incoming list of caller identities in a caller list for the secured object;
if the value indicative of a transfer style does not indicate a copy transfer style, consulting a system service to determine an identity associated with the incoming call and storing the incoming list of caller identities and the identity associated with the incoming call in the caller list for the secured object;
consulting the caller list for the secured object to determine if a most recently added caller in the caller list is permitted to access the method;
blocking the call directed to the method if the caller is not permitted; and
if the call is permitted, forwarding the call to the secured object.
-
-
14. A computer-implemented method of securely transferring a list of caller identities for an object, wherein the list of caller identities comprises a direct caller identity most recently added to the caller identities, and the list of caller identities is sent into a method invocation queue by a sending object associated with a sender identity, the method comprising:
-
upon retrieving the list of caller identities from the queue, determining if the direct caller identity matches the sender identity; and
if the direct caller identity does not match the sender identity, consulting a list of trusted identities; and
blocking transfer of the list of caller identities if the sender identity is not in the list of trusted identities. - View Dependent Claims (15, 16, 17)
-
-
18. A method for providing an impersonation service in a security framework accommodating objects, wherein calls to the objects are associated with an identity, the method comprising:
-
at development time, specifying an object impersonates its callers by designating an impersonation setting;
storing the impersonation setting outside the object in a security setting store;
at runtime, intercepting a call directed to the object to determine if the impersonation setting indicates the object impersonates callers; and
responsive to a request for an identity for calls from the object, providing an identity associated with the call directed to the object as a result of consulting the impersonation setting if the impersonation setting indicates the object impersonates callers. - View Dependent Claims (19, 20)
blocking the call directed to the object if the impersonation level indicates the identity associated with the call is not to be impersonated.
-
-
20. The method of claim 18 wherein the security setting indicates a particular method of the object designated as impersonating callers to the method.
-
21. A security framework for providing runtime security services to a plurality of programming objects, the framework comprising:
-
a store of security settings indicating whether one of the programming objects automatically impersonates callers;
a graphical user interface graphically depicting the programming object; and
a graphical user interface control for designating the programming object as automatically impersonating callers thereto and operative to modify the store indicate the programming object automatically impersonates callers. - View Dependent Claims (22)
-
-
23. A security framework for providing runtime security services to a plurality of secured objects, the framework comprising:
-
a list of caller identities associated with calls to a secured object;
a security context object for receiving and recording a caller chain transfer style;
a caller chain builder operative to provide a copy of the list of caller identities associated with a call from a first secured object responsive to a request for the list of caller identities associated with a call to a second secured object if the security context object indicates a caller chain transfer style of copy;
a wrapper positioned to intercept a call directed to the second secured object, invoke the caller chain builder upon intercepting the call, and selectively forward the call to the second object; and
an activator operative to execute responsive to a request for access to the second secured object and interpose the wrapper between the first secured object and the second secured object. - View Dependent Claims (24, 25, 26)
a security settings store comprising a set of identities permitted to access the second secured object;
an access checker operative to receive the direct caller from the caller chain builder, compare the list of identities associated with the set of permitted identities, and selectively block the call directed to the second secured object if the set of permitted identities does not include the direct caller.
-
-
26. The security framework of claim 25 wherein the set of permitted identities is generated by binding a list of users specified at deployment time of an application to a logical class of users specified at development time of the application.
Specification