Method and apparatus to retain applet security privileges outside of the Java virtual machine
First Claim
1. A process for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
- using a thread identifier of the current thread, locating a linked list;
searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
1 Assignment
0 Petitions
Accused Products
Abstract
The Java Virtual Machine (JVM) can be decoupled from its Java-enabled browser. To maintain access to certain system resources (a “privilege”) by applets, each Java thread that enables the privilege will now create an entry that describes the privilege in a linked list based on the stack frame address. Sufficient information is stored in the link list for validation purposes. Further, system classes that require specific privileges will have them implicitly granted by an implicit privilege list.
44 Citations
18 Claims
-
1. A process for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
-
using a thread identifier of the current thread, locating a linked list;
searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A process for providing a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
-
using a thread identifier of the current thread, locating a linked list;
searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
removing a matching entry from the linked list if a matching entry is found in response to a request to revert a privilege for the method.
-
-
7. A process for providing a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
-
using a thread identifier of the current thread, locating a linked list;
searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
retrieving privilege information and validation information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
-
-
8. A process for enabling and reverting a privilege for a method of a current thread that is currently executing in a run-time environment in a data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the process comprising the computer-implemented steps of:
-
storing privilege information in a stack frame shadow apparatus to enable a privilege for a method;
querying a stack frame shadow apparatus for privilege information for a method; and
deleting privilege information in a stack frame shadow apparatus to revert a privilege for a method.
-
-
9. A data structure on a computer-readable medium for use in a data processing system, the data structure comprising:
-
a set of stack frame extensions, wherein a stack frame extension comprises;
a pointer to a stack frame for a method;
a data field for privilege data for the method;
a data field for validation data for the method;
a linked list of stack frame extension entries, wherein the linked list is identifiable by a thread identifier. - View Dependent Claims (18)
-
-
10. A data processing system for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
-
locating means for locating a linked list using a thread identifier of the current thread;
searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
retrieving means for retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A data processing system for providing a privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
-
locating means for locating a linked list using a thread identifier of the current thread;
searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
removing means for removing a matching entry from the linked list if a matching entry is found in response to a request to revert a privilege for the method.
-
-
16. A data processing system for providing a privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the data processing system comprising:
-
locating means for locating a linked list using a thread identifier of the current thread;
searching means for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension; and
retrieving means for retrieving privilege information and validation information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
-
-
17. A computer program product for use in a data processing system for providing a security privilege for a method of a current thread that is currently executing in a run-time environment in the data processing system, the run-time environment having a stack comprising stack frames with stack frame pointers for associated methods, the computer program product comprising:
-
first instructions for locating a linked list using a thread identifier of the current thread;
second instructions for searching the linked list for an entry having a stack frame pointer that matches the stack frame pointer of the method, wherein an entry of the linked list is a stack frame extension comprising security privilege information for the method; and
third instructions for retrieving the security privilege information for a matching entry from the linked list if a matching entry is found in response to a request to retrieve privileges for the method.
-
Specification