System and method for applying security policies on multiple assembly caches

US 7,823,186 B2
Filed: 08/24/2006
Issued: 10/26/2010
Est. Priority Date: 08/24/2006
Status: Active Grant

First Claim

Patent Images

1. A system for applying security policies on multiple assembly caches, comprising:

a plurality of assembly caches assigned a plurality of separate policy levels, wherein the plurality of assembly caches separately store one or more a plurality of application resources having permissions matched to the plurality of separate policy levels assigned to the plurality of assembly caches; and

a computer having a virtual machine configured to;

resolve a permission set that grants rights to an application executing in the virtual machine, wherein the application executing in the virtual machine requires a subset of the plurality of application resources that are stored in one or more of the plurality of assembly caches; and

retrieve the subset of the application resources required by the executing application from the one or more assembly caches in response to determining that the resolved permission set intersects the separate policy levels assigned to the one or more assembly caches.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a system and method for providing multiple assembly caches for storing shared application resources. Each assembly cache may be associated with a different security policies, locations, internal structures and management. An application may be determined to have access to an assembly cache based on the permission and security policy of the application and security policy of the assembly cache. Additionally, one or more assembly caches may have other policies for cache retention, resolution, and creation.

158 Citations

20 Claims

1. A system for applying security policies on multiple assembly caches, comprising:
- a plurality of assembly caches assigned a plurality of separate policy levels, wherein the plurality of assembly caches separately store one or more a plurality of application resources having permissions matched to the plurality of separate policy levels assigned to the plurality of assembly caches; and
  
  a computer having a virtual machine configured to;
  
  resolve a permission set that grants rights to an application executing in the virtual machine, wherein the application executing in the virtual machine requires a subset of the plurality of application resources that are stored in one or more of the plurality of assembly caches; and
  
  retrieve the subset of the application resources required by the executing application from the one or more assembly caches in response to determining that the resolved permission set intersects the separate policy levels assigned to the one or more assembly caches.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, the computer further having a resource installer configured to:
    - match the permissions assigned to the plurality of application resources to the plurality of separate policy levels assigned to the plurality of assembly caches; and
      
      install the plurality of application resources into the plurality of assembly caches with the policy levels matched to the permissions assigned to the plurality of application resources.
  - 3. The system of claim 2, wherein the resource installer is further configured to:
    - create a new assembly cache in response to at least one of the plurality of application resources having permissions that do not match any of the separate policy levels assigned to the plurality of assembly caches, wherein the new assembly cache has a policy level matched to the permissions assigned to the at least one application resource; and
      
      install the at least one application resource into the new assembly cache with the policy level matched to the permissions assigned to the at least one application resource.
  - 4. The system of claim 1, wherein a plurality of separate security policies define the plurality of separate policy levels assigned to the plurality of assembly caches.
  - 5. The system of claim 1, wherein the plurality of assembly caches separately store the plurality of application resources with in a flat naming structure that permits single read lookup operations.
  - 6. The system of claim 1, wherein the plurality of assembly caches separately store the plurality of application resources remotely from to the virtual machine.
  - 7. The system of claim 1, wherein the plurality of assembly caches separately store the plurality of application resources in a plurality of replicated databases.
  - 8. The system of claim 1, wherein the plurality of assembly caches include one or more priority, retention, or creation rules that control separately storing the plurality of application resources in the plurality of assembly caches.
  - 9. The system of claim 2, wherein the resource installer is further configured to:
    - identify at least one of the plurality of application resources having permissions that do not match any of the separate policy levels assigned to the plurality of assembly caches;
      
      modify the permissions assigned to the at least one application resource to match the separate policy level assigned to one of the plurality of assembly caches; and
      
      install the at least one application resource into the at least one assembly cache with the policy level matched to the modified permissions assigned to the at least one application resource.
  - 10. The system of claim 2, wherein the resource installer matches a majority of the permissions assigned to at least one of the plurality of application resources to the separate policy level assigned to at least one of the plurality of assembly caches and installs the at least one application resource into the at least one assembly cache with the policy levels matched to the majority of the permissions assigned to the at least one application resource.

11. A method for applying security policies on multiple assembly caches, comprising:
- assigning a plurality of separate policy levels to a plurality of assembly caches, wherein the plurality of assembly caches separately store one or more of a plurality of application resources matched to the plurality of separate policy levels assigned to the plurality of assembly caches;
  
  resolving a permission set that grants rights to an application executing within a virtual machine on a computer, wherein the application executing in the virtual machine requires a subset of the application resources that are stored in one or more of the plurality of assembly caches; and
  
  retrieving the subset of the application resources required by the executing application from the one or more assembly caches in response to determining that the resolved permission set intersects the separate policy levels assigned to the one or more assembly caches.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising:
    - matching the permissions assigned to the plurality of application resources to the plurality of separate policy levels assigned to the plurality of assembly caches; and
      
      installing the plurality of application resources into the plurality of assembly caches with the policy levels matched to the permissions assigned to the plurality of application resources.
  - 13. The method of claim 12, further comprising:
    - creating a new assembly cache in response to at least one of the plurality of application resources having permissions that do not match any of the separate policy levels assigned to the plurality of assembly caches, wherein the new assembly cache has a policy level matched to the permissions assigned to the at least one application resource; and
      
      installing the at least one application resource into the new assembly cache with the policy level matched to the permissions assigned to the at least one application resource.
  - 14. The method of claim 12, further comprising:
    - identifying at least one of the plurality of application resources having permissions that do not match any of the separate policy levels assigned to the plurality of assembly caches;
      
      modifying the permissions assigned to the at least one application resource to match the separate policy level assigned to one of the plurality of assembly caches; and
      
      installing the at least one application resource into the at least one assembly cache with the policy level matched to the modified permissions assigned to the at least one application resource.
  - 15. The method of claim 12, wherein a resource installer operating on the computer matches a majority of the permissions assigned to at least one of the plurality of application resources to the separate policy level assigned to at least one of the plurality of assembly caches and installs the at least one application resource into the at least one assembly cache with the policy levels matched to the majority of the permissions assigned to the at least one application resource.
  - 16. The method of claim 11, wherein a plurality of separate security policies define the plurality of separate policy levels assigned to the plurality of assembly caches.
  - 17. The method of claim 11, wherein the plurality of assembly caches separately store the plurality of application resources with in a flat naming structure that permits single read lookup operations.
  - 18. The method of claim 11, wherein the plurality of assembly caches separately store the plurality of application resources remotely from the virtual machine.
  - 19. The method of claim 11, wherein the plurality of assembly caches separately store the plurality of application resources in a plurality of replicated databases.
  - 20. The method of claim 11, further comprising assigning one or more priority, retention, or creation rules to the plurality of assembly caches, wherein the priority, retention, or creation rules control separately storing the plurality of application resources in the plurality of assembly caches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Pouliot, Sebastien
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US11/509,052
Publication Number

US 20080072276A1
Time in Patent Office

1,524 Days
Field of Search

726/1, 713/2, 709/213, 709/217
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

System and method for applying security policies on multiple assembly caches

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for applying security policies on multiple assembly caches

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links