Secure data processing system architecture with format control
First Claim
1. A data processing system having protected system files, wherein each protected system file is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:
- identification means for identifying a user interactingwith said data processing system, said identification means relating preselected security attributes with said user; and
secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy, said security policy defining permissible access rights to said protected system files in terms of possible values of data formats, possible values of said preselected security attributes and functions of said specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said predetermined security attributes, said data format associated with said any one of said protected system files and any functions to be performed with or upon said any one of said protected system files.
8 Assignments
0 Petitions
Accused Products
Abstract
Means and methods of securing protected system files in a data processing system are disclosed, wherein the information determining access rights of system users to the protected systems files remains at all times within a secure processor. Provision is also made for allowing the display or labeling of protected data files only when markings consistent with the security level of such files are also displayed or included in the label. Furthermore, provision is also made for limiting the access rights of users to protected system files based on a comparison between the formats associated with said files and the function or subsystem performing operations on behalf of the users.
385 Citations
17 Claims
-
1. A data processing system having protected system files, wherein each protected system file is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:
- identification means for identifying a user interacting
with said data processing system, said identification means relating preselected security attributes with said user; and secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy, said security policy defining permissible access rights to said protected system files in terms of possible values of data formats, possible values of said preselected security attributes and functions of said specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said predetermined security attributes, said data format associated with said any one of said protected system files and any functions to be performed with or upon said any one of said protected system files. - View Dependent Claims (2, 3, 4, 5)
- identification means for identifying a user interacting
-
6. A data processing system having protected system files, wherein each protected system file is associated with a security level and wherein said data processing system attempts to perform operations with or upon said protected files in response to programs or groups of programs, comprising:
-
identification means for identifying a user, said identification means relating preselected security attributes with said user; secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy in response to said programs, said security policy defining permissible access rights to said protected system files in terms of possible values of said preselected security attributes and possible values of security levels, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said preselected security attributes and the security level associated with said any one of said protected system files, and said secure processor having prohibiting means, connected to said generating means, for prohibiting said access rights signal from exiting said secure processor; and storage means, connected to said secure processor, for storing said protected system files, access to protected system storage means being controlled by said secure processor. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of protecting system files in a data processing system, wherein each system file to be protected is associated with a security level and wherein said data processing system attempts to perform operations with or upon protected system files in response to programs or groups of programs, comprising:
-
identifying a user, an identification relating preselected security attributes with said user; storing, at least temporarily, a security policy in a secure processor, said security policy defining permissible access rights for protected system files in terms of possible values of said preselected security attributes and possible values of security levels, and wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor; processing protected system files in accordance with said security policy; and generating an access right signal for any one of protected system files, said access rights signal being determined by a comparison of said security policy to said preselected attributes and security level associated with said any one of protected system files, an access rights signal generating means being a portion of said secure processor; and prohibiting said access rights signal from exiting said secure processor. - View Dependent Claims (12, 13)
-
-
14. A method of protecting system files in a data processing system, wherein each system file to be protected is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:
-
identifying a user interacting with said data processing system, an identification relating preselected security attributes with said user; storing, at least temporarily, a security policy in a secure processor, said security policy defining permissible access rights to protected system files as a function of possible values of data formats, possible values of said preselected security attributes and functions of specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor; processing protected system files ind said secure processor in accordance with said security policy; and generating an access rights signal for any one of protected system files, said access rights signal being determined by a comparison of said security policy to said preselected security attributes, said data format associated with said any one of protected system files and any function to be performed with or upon said any one of protected system files. - View Dependent Claims (15, 16, 17)
-
Specification