Method and apparatus to retain applet security privileges outside of the Java virtual machine

US 6,941,552 B1
Filed: 07/30/1998
Issued: 09/06/2005
Est. Priority Date: 07/30/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A process for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:

using a thread identifier of the current thread, locating a linked list;

searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and

retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The Java Virtual Machine (JVM) can be decoupled from its Java-enabled browser. To maintain access to certain system resources (a “privilege”) by applets, each Java thread that enables the privilege will now create an entry that describes the privilege in a linked list based on the stack frame address. Sufficient information is stored in the link list for validation purposes. Further, system classes that require specific privileges will have them implicitly granted by an implicit privilege list.

44 Citations

View as Search Results

18 Claims

1. A process for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
- using a thread identifier of the current thread, locating a linked list;
  
  searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
  
  retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The process of claim 1, wherein the step of locating a linked list further comprises:
    - locating the linked list within a stack frame shadow apparatus comprising a plurality of linked lists, each linked list of the plurality of linked lists being associated with a thread.
  - 3. The process of claim 1 wherein the stack frame extension further comprises the stack frame pointer of the method and validation information.
  - 4. The process of claim 3 wherein the validation information comprises the name of the method, the signature of the method, and the return address of the method.
  - 5. The process of claim 1, further comprising:
    - adding an entry to the linked list if no matching entries are found in response to a request to enable a privilege for the method.

6. A process for providing a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
- using a thread identifier of the current thread, locating a linked list;
  
  searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
  
  removing a matching entry from the linked list if a matching entry is found in response to a request to revert a privilege for the method.

7. A process for providing a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
- using a thread identifier of the current thread, locating a linked list;
  
  searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
  
  retrieving privilege information and validation information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.

8. A process for enabling and reverting a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
- storing privilege information in a stack frame shadow apparatus to enable a privilege for a method;
  
  querying a stack frame shadow apparatus for privilege information for a method; and
  
  deleting privilege information in a stack frame shadow apparatus to revert a privilege for a method.

9. A data structure on a computer-readable medium for use in a data processing system, the data structure comprising:
- a set of stack frame extensions, wherein a stack frame extension comprises;
  
  a pointer to a stack frame for a method;
  
  a data field for privilege data for the method;
  
  a data field for validation data for the method;
  
  a linked list of stack frame extension entries, wherein the linked list is identifiable by a thread identifier.
- View Dependent Claims (18)
- - 18. The data structure of claim 9, wherein the privilege data for the method is security privilege data for the method.

10. A data processing system for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
- locating means for locating a linked list using a thread identifier of the current thread;
  
  searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
  
  retrieving means for retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The data processing system of claim 10 further comprising:
    - a stack frame shadow apparatus comprising a plurality of linked lists, each linked list of the plurality of linked lists being associated with a thread.
  - 12. The data processing system of claim 10 wherein the stack frame extension further comprises the stack frame pointer of the method and validation information.
  - 13. The data processing system of claim 12 wherein the validation information comprises the name of the method, the signature of the method, and the return address of the method.
  - 14. The data processing system of claim 10 further comprising:
    - adding means for adding an entry to the linked list if no matching entries are found in response to a request to enable a privilege for the method.

15. A data processing system for providing a privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
- locating means for locating a linked list using a thread identifier of the current thread;
  
  searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
  
  removing means for removing a matching entry from the linked list if a matching entry is found in response to a request to revert a privilege for the method.

16. A data processing system for providing a privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
- locating means for locating a linked list using a thread identifier of the current thread;
  
  searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
  
  retrieving means for retrieving privilege information and validation information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.

17. A computer program product for use in a data processing system for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the computer program product comprising:
- first instructions for locating a linked list using a thread identifier of the current thread;
  
  second instructions for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
  
  third instructions for retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nizinski, Leonard Robert Jr., Brown, Michael Wayne, Rothert, Douglas S., Beadle, Bruce Anthony
Primary Examiner(s)
An, Meng-Al T.
Assistant Examiner(s)
ANYA, CHARLES E

Application Number

US09/126,683
Time in Patent Office

2,595 Days
Field of Search

713164-167, 713/200, 717147-148, 717/7, 712/202, 712/245, 718/1, 718/100, 709200-253, 709102-106
US Class Current

718/1
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 9/4484 Executing subprograms

Method and apparatus to retain applet security privileges outside of the Java virtual machine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to retain applet security privileges outside of the Java virtual machine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links