Utilizing virtual private networks to provide object level security on a multi-node computer system
First Claim
1. A multi-node computer system comprising:
- a plurality of compute nodes that each comprise a processor and memory connected by a plurality of virtual networks;
an access setup mechanism that configures access control data on the compute nodes, wherein the access control data includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects; and
an access control mechanism that controls access to the plurality of database objects over the virtual network by sending a query to a particular security class so the query is only seen by those nodes that are authorized by the particular security class indicated in the access control data.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure herein provides data security on a parallel computer system using virtual private networks connecting the nodes of the system. A mechanism sets up access control data in the nodes that describes a number of security classes. Each security class is associated with a virtual network. Each user on the system is associated with one of the security classes. Each database object to be protected is given an attribute of a security class. Database objects are loaded into the system nodes that match the security class of the database object. When a query executes on the system, the query is sent to a particular class or set of classes such that the query is only seen by those nodes that are authorized by the equivalent security class. In this way, the network is used to isolate data from users that do not have proper authorization to access the data.
3 Citations
15 Claims
-
1. A multi-node computer system comprising:
- a plurality of compute nodes that each comprise a processor and memory connected by a plurality of virtual networks;
an access setup mechanism that configures access control data on the compute nodes, wherein the access control data includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects; and
an access control mechanism that controls access to the plurality of database objects over the virtual network by sending a query to a particular security class so the query is only seen by those nodes that are authorized by the particular security class indicated in the access control data. - View Dependent Claims (2, 3, 4, 5, 6)
- a plurality of compute nodes that each comprise a processor and memory connected by a plurality of virtual networks;
-
7. A computer implemented method for data security using virtual networks in a multi-node computer system, the method comprising the steps of:
- setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is a virtual private network, wherein the access control data further includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects in a database;
loading the database in the multi-node computer system; and
executing a query to access the plurality of database objects over the virtual network by sending a query to a particular security class so the query is only seen by those nodes that are authorized by the particular security class indicated in the access control data. - View Dependent Claims (8, 9, 10)
- setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is a virtual private network, wherein the access control data further includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects in a database;
-
11. A computer-readable article of manufacture comprising:
- an access setup mechanism that configures access control data on a plurality of compute nodes in a multi-node computer system, wherein the access control data includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects in the memory;
an access control mechanism that controls access to the plurality of database objects over the virtual network by sending a query to a particular security class so the query is only seen by those nodes that are authorized by the particular security class indicated in the access control data; and
tangible computer recordable media bearing the access setup mechanism and the access control mechanism. - View Dependent Claims (12, 13, 14, 15)
- an access setup mechanism that configures access control data on a plurality of compute nodes in a multi-node computer system, wherein the access control data includes a security class assignment table, wherein the access control data further includes a security class for each of a plurality of database objects in the memory;
Specification