Security policy applied to common data security architecture
First Claim
1. A security architecture for a computer platform comprising at least one data processor and at least one memory means said architecture comprising:
- an applications layer for containing a plurality of user security applications;
a layered services layer for containing a plurality of security services protocols;
a common security services manager (CSSM) layer underlying the layered services layer comprising a plurality of security services management means, a set of integrity services, a manager of security contexts, and a plurality of interfaces for interfacing with add-in security modules; and
an add-in security modules layer underlying the common security services manager layer, configured to accept a plurality of add-in security modules implementing a set of standard security services;
a generic trust policy library within the add-in security modules layer and supporting a set of standard trust policy Application Programming Interfaces (APIs);
a trust policy description file containing a set of domain-specific trust policies written in a policy description language common to said architecture; and
a policy interpreter, said policy interpreter operating to interpret a set of policies contained in said policy description file.
2 Assignments
0 Petitions
Accused Products
Abstract
An improved architecture is provided, based upon the prior art common data security architecture, with the modification of adding in a generic trust policy library (217) at an add-in security modules layer (215) and a policy interpreter (224) at a common security services manager layer (202), so that individual users may provide sets of trust policies in the form of a trust policy description file (223), which uses a generic policy description language provided by the architecture. The architecture provides a generic method of incorporating trust policies into a computing platform in a manner which avoids a prior art problem of the semantics of trust policies which are hard-coded in prior art trust policy modules (117). The architecture also improves management flexibility. In the present disclosure, a generic policy description language is provided, which enables different users to define the semantics of a plurality of trust policies.
-
Citations
9 Claims
-
1. A security architecture for a computer platform comprising at least one data processor and at least one memory means said architecture comprising:
-
an applications layer for containing a plurality of user security applications;
a layered services layer for containing a plurality of security services protocols;
a common security services manager (CSSM) layer underlying the layered services layer comprising a plurality of security services management means, a set of integrity services, a manager of security contexts, and a plurality of interfaces for interfacing with add-in security modules; and
an add-in security modules layer underlying the common security services manager layer, configured to accept a plurality of add-in security modules implementing a set of standard security services;
a generic trust policy library within the add-in security modules layer and supporting a set of standard trust policy Application Programming Interfaces (APIs);
a trust policy description file containing a set of domain-specific trust policies written in a policy description language common to said architecture; and
a policy interpreter, said policy interpreter operating to interpret a set of policies contained in said policy description file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification