Secure data processing system architecture with format control

US 4,713,753 A
Filed: 02/21/1985
Issued: 12/15/1987
Est. Priority Date: 02/21/1985
Status: Expired due to Term

First Claim

Patent Images

1. A data processing system having protected system files, wherein each protected system file is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:

identification means for identifying a user interactingwith said data processing system, said identification means relating preselected security attributes with said user; and

secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy, said security policy defining permissible access rights to said protected system files in terms of possible values of data formats, possible values of said preselected security attributes and functions of said specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said predetermined security attributes, said data format associated with said any one of said protected system files and any functions to be performed with or upon said any one of said protected system files.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Means and methods of securing protected system files in a data processing system are disclosed, wherein the information determining access rights of system users to the protected systems files remains at all times within a secure processor. Provision is also made for allowing the display or labeling of protected data files only when markings consistent with the security level of such files are also displayed or included in the label. Furthermore, provision is also made for limiting the access rights of users to protected system files based on a comparison between the formats associated with said files and the function or subsystem performing operations on behalf of the users.

385 Citations

17 Claims

1. A data processing system having protected system files, wherein each protected system file is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:
- identification means for identifying a user interactingwith said data processing system, said identification means relating preselected security attributes with said user; and
  
  secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy, said security policy defining permissible access rights to said protected system files in terms of possible values of data formats, possible values of said preselected security attributes and functions of said specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said predetermined security attributes, said data format associated with said any one of said protected system files and any functions to be performed with or upon said any one of said protected system files.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The data processing system of claim 1 further comprising:
    - determining means, connected to said generating means, for determining permissible access to said any one of said protected system files each time a function attempts to access said any one of said protected system files by comparing said access rights signal to said function.
  - 3. The data processing system of claim 2 further comprising:
    - overriding means, connected to said determining means, for overriding said access right signal in response to selected of said programs or groups of programs.
  - 4. The data processing system of claim 2 wherein:
    - each of said protected system files is associated with a security level;
      
      said security policy further defines permissible access rights to said protected system files in terms of possible values of security levels; and
      
      said access rights generating means includes a comparison of said security policy to the security level associated with said any one of said protected system files.
  - 5. The data processing system of claim 4 wherein said specific tasks include:
    - outputting said protected system files, and labeling said protected system files when said protected system files are output.

6. A data processing system having protected system files, wherein each protected system file is associated with a security level and wherein said data processing system attempts to perform operations with or upon said protected files in response to programs or groups of programs, comprising:
- identification means for identifying a user, said identification means relating preselected security attributes with said user;
  
  secure processor, connected to said identification means, for storing, at least temporarily, a security policy and for processing data in accordance with said security policy in response to said programs, said security policy defining permissible access rights to said protected system files in terms of possible values of said preselected security attributes and possible values of security levels, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor, said secure processor having generating means for generating an access rights signal for any one of said protected system files, said access rights signal being determined by a comparison of said security policy to said preselected security attributes and the security level associated with said any one of said protected system files, and said secure processor having prohibiting means, connected to said generating means, for prohibiting said access rights signal from exiting said secure processor; and
  
  storage means, connected to said secure processor, for storing said protected system files, access to protected system storage means being controlled by said secure processor.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The data processing system of claim 6 wherein:
    - said protected system files are further associated with a data format;
      
      said program or groups of programs perform specific tasks;
      
      said security policy further defines permissible formats of said protected system files in terms of possible values of data formats, possible values of said preselected security attributes and functions of said specific tasks; and
      
      said access rights generating means includes a security attribute comparator and a format comparator, wherein said security attribute comparator compares said security policy to said security level associated with said any one of said protected system files and said preselected security attributes, and said format comparator compares said security policy to a data format associated with said any one of said protected system files and any functions to be performed with or upon said any one of said protected system files.
  - 8. The data processing system of claim 7 further comprising:
    - determining means, connected to said generating means, for determining permissible access to said any one of said protected system files each time a function attempts to access said any one of said protected system files by comparing said access rights signal to said function.
  - 9. The data processing system of claim 8 further comprising:
    - overriding means, connected to said determining means, for overriding said access right signal in response to selected of said programs or groups of programs.
  - 10. The data processing system of claim 7 wherein:
    - one and only one of said security attribute comparator or said format comparator generates a provisional access rights signal, with another of said security attribute comparator or said format comparator receiving and deleting from said provisional access rights signal any access right not permitted by a comparison with said security policy made in another comparator, so that said access rights signal is generated.

11. A method of protecting system files in a data processing system, wherein each system file to be protected is associated with a security level and wherein said data processing system attempts to perform operations with or upon protected system files in response to programs or groups of programs, comprising:
- identifying a user, an identification relating preselected security attributes with said user;
  
  storing, at least temporarily, a security policy in a secure processor, said security policy defining permissible access rights for protected system files in terms of possible values of said preselected security attributes and possible values of security levels, and wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor;
  
  processing protected system files in accordance with said security policy; and
  
  generating an access right signal for any one of protected system files, said access rights signal being determined by a comparison of said security policy to said preselected attributes and security level associated with said any one of protected system files, an access rights signal generating means being a portion of said secure processor; and
  
  prohibiting said access rights signal from exiting said secure processor.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11 further including:
    - determining permissible access to said any one of protected system files each time an operation attempts to access said any one of protected system files by comparing said access rights signal to said operation.
  - 13. The method of claim 12 further including:
    - overriding said access right signal in response to selected of said programs or groups of programs.

14. A method of protecting system files in a data processing system, wherein each system file to be protected is associated with a data format and wherein said data processing system operates in response to programs or groups of programs which perform specific tasks, comprising:
- identifying a user interacting with said data processing system, an identification relating preselected security attributes with said user;
  
  storing, at least temporarily, a security policy in a secure processor, said security policy defining permissible access rights to protected system files as a function of possible values of data formats, possible values of said preselected security attributes and functions of specific tasks, wherein data stored in said secure processor can be altered only by a director entity of said data processing system and retrieved only by portions of said secure processor;
  
  processing protected system files ind said secure processor in accordance with said security policy; and
  
  generating an access rights signal for any one of protected system files, said access rights signal being determined by a comparison of said security policy to said preselected security attributes, said data format associated with said any one of protected system files and any function to be performed with or upon said any one of protected system files.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further including:
    - determining permissible access to said any one of protected system files each time a function attempts to access said any one of protected system files by comparing said access rights signal to said function.
  - 16. The method of claim 15 further including:
    - overriding said access right signal in response to selected of said programs or group of programs.
  - 17. The method of claim 15 wherein:
    - said security policy further defines permissible access rights of protected system files in terms of possible values of security levels; and
      
      said generating includes a comparison of said security policy to a security level associated withsaid any one of protected system files in determining said access rights signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Secure Computing Corporation (McAfee, LLC)
Original Assignee
Honeywell Incorporated (Honeywell International Inc.)
Inventors
Boebert, William E., Kain, Richard Y.
Primary Examiner(s)
LEE, THOMAS C

Application Number

US06/703,638
Time in Patent Office

1,027 Days
Field of Search

364/200 MS File, 364/900 MS File, 364/300, 178/22.08
US Class Current

711/164
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06F 2221/2113   Multi-level security, e.g. ...

Secure data processing system architecture with format control

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

385 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data processing system architecture with format control

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

385 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links