Framework for providing a configurable firewall for computing systems
First Claim
1. A computing environment, comprising:
- an operating system;
a virtual machine operating on said operating system;
a first application operating on said virtual machine;
a second application operating on said virtual machine;
a first firewall control block, wherein said first firewall control block defines access privileges of said first application with respect to said second application, and further defines the access privileges of said second application with respect to said first application; and
a second firewall control block, wherein said second firewall control block defines access privileges of said second application with respect to said first application, and further defines the access privileges of said first application with respect to said second application,wherein said first firewall control block and the second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other applications, andwherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator of said first firewall control block has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block.
3 Assignments
0 Petitions
Accused Products
Abstract
A configurable firewall for computing systems is disclosed. The configurable firewall provides a firewall control block that can be used as a mechanism to implement and control access privileges between various components of the computing environment. As such, the firewall control block can be used to determine whether one component (e.g., applet) can access another component in the computing environment. This allows a flexible environment where firewall boundaries can be configured in such a way that each applet can allow access to a desired set of other applets. In addition, the control block can be implemented using a variety of techniques that may be suitable for different system requirements (e.g., processing speed, memory). As such, the configurable firewall is useful for implementing security for various computing systems, especially those that operate with relatively limited processing power and/or provide highly specialized functionality (e.g., smart cards).
18 Citations
11 Claims
-
1. A computing environment, comprising:
-
an operating system; a virtual machine operating on said operating system; a first application operating on said virtual machine; a second application operating on said virtual machine; a first firewall control block, wherein said first firewall control block defines access privileges of said first application with respect to said second application, and further defines the access privileges of said second application with respect to said first application; and a second firewall control block, wherein said second firewall control block defines access privileges of said second application with respect to said first application, and further defines the access privileges of said first application with respect to said second application, wherein said first firewall control block and the second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other applications, and wherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator of said first firewall control block has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block. - View Dependent Claims (2, 3, 4)
-
-
5. A mobile computing device, comprising:
-
an operating system;
a Java compliant virtual machine operating on said operating system;a first Java compliant applet operating on said Java compliant virtual machine; a Java compliant applet operating on said virtual machine Java compliant virtual machine; and a first firewall control block, wherein said first firewall control block defines access privileges of said first Java compliant applet with respect to at least one other Java compliant applet operating on said Java compliant virtual machine, and further defines the access privileges of said at least one other Java compliant applet with respect to said first Java compliant applet; and a second firewall control block, wherein said second firewall control block defines access privileges of said at least one other Java compliant applet with respect to the first Java compliant virtual machine, and further defines the access privileges of said first Java compliant applet with respect to said at least one other Java compliant applet, wherein said first firewall control block and said second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other Java compliant applets, and wherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block. - View Dependent Claims (6, 7)
-
-
8. A method of providing security for a Java compliant computing environment that includes a Java virtual machine and a plurality of Java compliant applets that operate on said Java virtual machine, said method comprising:
-
receiving a request from a first Java compliant applet operating on a Java virtual machine to access a second Java compliant applet, the first Java compliant applet having a first firewall control block associated with it and the second Java compliant applet having a second firewall control block associated with it; reading the second firewall control block associated with said second Java compliant applet, said first firewall control block and said second firewall control block each including a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of the respective first or second Java compliant applet; determining, based on said second firewall control block, whether said first Java compliant applet should be allowed to access said second Java compliant applet by determining whether said firewall control value of said second firewall control block has a first indicator value or a second indicator value, wherein wherein said first firewall control block and said second firewall control block has a first indicator value, said second firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and wherein said firewall control indicator of said second firewall control block has a second indicator value, said second firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block; and allowing said first Java compliant applet to access said second Java compliant applet when said determining determines that access should be allowed. - View Dependent Claims (9, 10)
-
-
11. A computer readable media including computer program code for providing security for a computing environment, said computer readable media comprising:
-
computer program code for receiving a request from a first application to access a second application, the first application having a first firewall control block associated with it and the second application having a second firewall control block associated with it; computer program code for reading the second firewall control block associated with said second application, said first firewall control block and said second firewall control block each including a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of the respective first or second application; determining, based on said second firewall control block, whether said first application should be allowed to access said second application by determining whether said firewall control value of said second firewall control block has a first indicator value or a second indicator value, wherein when said firewall control indicator of said second firewall control block has a first indicator value, said second firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator of said second firewall control block has a second indicator value, said second firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block; and allowing said first application to access said second application when said determining determines that access should be allowed.
-
Specification