Rule-based application access management
First Claim
Patent Images
1. A method comprising:
- determining an altitude for at least one resource used in executing a streaming software application in a streaming software container;
determining access control rules for the at least one resource based on the altitude;
determining security settings for the at least one resource based on the altitude;
managing access control to the at least one resource used in executing the streaming software application in the streaming software container based on the access control rules and the security settings for the at least one resource;
receiving a request from a requestor for the at least one resource, the request in association with a process ID for the at least one resource having a resource ID;
determining the access control rules for the at least one resource based on the altitude further comprising, looking up the process ID and the resource ID in a requestor-specific access control table for the altitude to determine the access control rules, the access control rules specific to a requestor generating the request;
determining if the access control rules specify accept;
if it is determined that the access control rules specify accept, looking up in a resource-specific access control table for the altitude using the resource ID to determine requestor-agnostic security rules for the at least one resource;
managing access control to the at least one resource used in executing the streaming software application in the streaming software container further comprising, granting access to the at least one resource used in executing the streaming software application in the streaming software container according to the requestor-agnostic security rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.
253 Citations
18 Claims
-
1. A method comprising:
-
determining an altitude for at least one resource used in executing a streaming software application in a streaming software container; determining access control rules for the at least one resource based on the altitude; determining security settings for the at least one resource based on the altitude; managing access control to the at least one resource used in executing the streaming software application in the streaming software container based on the access control rules and the security settings for the at least one resource; receiving a request from a requestor for the at least one resource, the request in association with a process ID for the at least one resource having a resource ID; determining the access control rules for the at least one resource based on the altitude further comprising, looking up the process ID and the resource ID in a requestor-specific access control table for the altitude to determine the access control rules, the access control rules specific to a requestor generating the request; determining if the access control rules specify accept; if it is determined that the access control rules specify accept, looking up in a resource-specific access control table for the altitude using the resource ID to determine requestor-agnostic security rules for the at least one resource; managing access control to the at least one resource used in executing the streaming software application in the streaming software container further comprising, granting access to the at least one resource used in executing the streaming software application in the streaming software container according to the requestor-agnostic security rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
at least one processor; memory storing instructions configured to instruct the at least one processor to perform; determining an altitude for at least one resource used in executing a streaming software application in a streaming software container; determining access control rules for the at least one resource based on the altitude; determining security settings for the at least one resource based on the altitude; managing access control to the at least one resource used in executing the streaming software application in the streaming software container based on the access control rules and the security settings for the at least one resource; receiving a request from a requestor for the at least one resource, the request in association with a process ID for the at least one resource having a resource ID; determining the access control rules for the at least one resource based on the altitude further comprising, looking up the process ID and the resource ID in a requestor-specific access control table for the altitude to determine the access control rules, the access control rules specific to a requestor generating the request; determining if the access control rules specify accept; if it is determined that the access control rules specify accept, looking up in a resource-specific access control table for the altitude using the resource ID to determine requestor-agnostic security rules for the at least one resource; managing access control to the at least one resource used in executing the streaming software application in the streaming software container further comprising, granting access to the at least one resource used in executing the streaming software application in the streaming software container according to the requestor-agnostic security rules. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification