Method for enabling a program written in untrusted code to interact with a security subsystem of a hosting operating system

US 7,451,484 B1
Filed: 05/27/1999
Issued: 11/11/2008
Est. Priority Date: 05/27/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for enabling a program written in untrusted code to access a native operating system resource, comprising the steps of:

having a trusted login service listen on a named pipe for login requests;

responsive to a login request, wherein the login request contains an identifier for a uniquely-named response pipe, having the trusted login service request a native operating system identifier;

returning to the program via the uniquely-named response pipe the native operating system identifier, wherein the uniquely-named response pipe and the named pipe are not identical;

in an authentication framework, using the native operating system identifier to create a credential object; and

using the credential object to login to the native operating system to enable the program to access the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A program written in untrusted code (e.g., JAVA) is enabled to access a native operating system resource (e.g., supported in WINDOWS NT) through a staged login protocol. In operation, a trusted login service listens, e.g., on a named pipe, for requests for login credentials. In response to a login request, the trusted login service requests a native operating system identifier. The native operating system identifier is then sent to the program. Using this identifier, a credential object is then created within an authentication framework. The credential object is then used to login to the native operating system to enable the program to access the resource. This technique enables a JAVA program to access a WINDOWS NT operating system resource under the identity of the user running the JAVA program.

Citations

18 Claims

1. A method for enabling a program written in untrusted code to access a native operating system resource, comprising the steps of:
- having a trusted login service listen on a named pipe for login requests;
  
  responsive to a login request, wherein the login request contains an identifier for a uniquely-named response pipe, having the trusted login service request a native operating system identifier;
  
  returning to the program via the uniquely-named response pipe the native operating system identifier, wherein the uniquely-named response pipe and the named pipe are not identical;
  
  in an authentication framework, using the native operating system identifier to create a credential object; and
  
  using the credential object to login to the native operating system to enable the program to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as described in claim 1 wherein the native operating system supports named-pipe servers.
  - 3. The method as described in claim 2 wherein the program is written in an interpreted language.
  - 4. The method as described in claim 1 wherein the authentication framework is a pluggable authentication mechanism (PAM) having a set of application programming interfaces (APIs).
  - 5. The method as described in claim 4 wherein the set of application programming interfaces include login, commit, abort and logout APIs.
  - 6. The method as described in claim 4 wherein the authentication framework is compliant with an authentication service of a virtual machine.

7. A computer program product computer storage readable medium for enabling a program written in untrusted code to access a native operating system resource, which when executed comprising the steps of:
- listening on a named pipe by a trusted login service for login requests;
  
  responding to a login request for requesting a native operating system identifier by the trusted login service, wherein the login request contains an identifier for a uniquely-named response pipe;
  
  returning to the program via the uniquely-named response pipe the native operating system identifier, wherein the uniquely-named response pipe and the named pipe are not identical;
  
  in an authentication framework, using the native operating system identifier to create a credential object; and
  
  using the credential object to login to the native operating system to enable the program to access the resource.
- View Dependent Claims (8, 9, 10)
- - 8. The computer program product as described in claim 7 wherein the program executes in a virtual machine supported by the native operating system and the native operating system supports named-pipe servers.
  - 9. The computer program product as described in claim 7 wherein the program is written in an interpreted language.
  - 10. The computer program product as described in claim 7 wherein the authentication framework is compliant with an authentication service of a virtual machine.

11. An application server, comprising:
- a set of programs that are supported by a virtual machine that is supported by a native operating system;
  
  a processor running the native operating system providing support for executing the set of programs; and
  
  means for enabling each program in the set of programs to run in an operating system thread while impersonating a different native operating system user in accordance with a token that was created during a login operation in the native operating system and that was associated with a program while the program was acting as a named-pipe server to listen for a login response on a named pipe that was uniquely created for a login request to obtain the token, wherein the login request contained an identifier for the named pipe.
- View Dependent Claims (12, 13)
- - 12. The application server as described in claim 11 wherein the native operating system supports named-pipe servers.
  - 13. The application server as described in claim 11 further including a server application executed by the processor for receiving a request for service from a client machine and initiating execution of a program in the set of programs in a given operating system thread.

14. A method for enabling a program written in untrusted code to access in a trusted manner a resource supported on a computing device executing a native operating system, the method comprising:
- listening, by a trusted login service in the native operating system, for login requests on a named request pipe;
  
  generating a login request at the program, wherein the login request contains authentication information and an identifier for a named response pipe, wherein the named request pipe and the named response pipe are not identical;
  
  in response to creating the named response pipe by the program, acting as a named-pipe server on the named response pipe by the program;
  
  in response to receiving the login request on the named request pipe at the trusted login service from the program, performing a login operation with the authentication information by the trusted login service into the native operating system;
  
  in response to performing the login operation, sending a login response on the named response pipe from the trusted login service to the program;
  
  in response to receiving the login response on the named response pipe at the program from the trusted login service, closing the named response pipe such that the named response pipe is uniquely associated with the login request and is not used for additional login requests;
  
  in response to receiving the login response on the named response pipe at the program from the trusted login service, creating a credential object by the program using a token generated during the login operation; and
  
  using the credential object by the program to access the resource within the native operating system.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method as described in claim 14 further comprising:
    - prior to sending the login response but after performing the login operation, performing a first impersonation operation by the trusted login service, wherein the first impersonation operation is based on the token such that the trusted login service impersonates a security context of a user associated with the authentication information; and
      
      prior to closing the named response pipe but after receiving the login response, performing a second impersonation operation by the program, wherein the second impersonation operation is based on the trusted login service acting as a named-pipe client on the named response pipe and the program acting as the named-pipe server on the named response pipe such that the program impersonates a security context of the login response as a most recent message read from the named response pipe.
  - 16. The method as described in claim 15 further comprising:
    - after sending the login response, performing a first revert operation by the trusted login service to terminate its previous impersonation; and
      
      after performing a token duplication operation by the program, performing a second revert operation by the program to terminate its previous impersonation.
  - 17. The method as described in claim 15 further comprising:
    - performing a token duplication operation by the program, wherein the token duplication operation associates the token with a thread that initiated a login in order to obtain access to the resource.
  - 18. The method as described in claim 17 further comprising:
    - after performing the token duplication operation, performing a third impersonation operation by the program, wherein the third impersonation operation is based on the credential object such that a calling thread impersonates a security context of a user associated with the authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shrader, Theodore Jack London, Nadalin, Anthony J., Rich, Bruce Arland
Primary Examiner(s)
KIM, JUNG W

Application Number

US09/321,788
Time in Patent Office

3,456 Days
Field of Search

713/200, 709/316, 709/315, 709/330, 726/19
US Class Current

726/19
CPC Class Codes

G06F 21/31 User authentication

Method for enabling a program written in untrusted code to interact with a security subsystem of a hosting operating system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for enabling a program written in untrusted code to interact with a security subsystem of a hosting operating system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links