User level control of degree of client-side processing

US 5,819,091 A
Filed: 12/22/1994
Issued: 10/06/1998
Est. Priority Date: 12/22/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A data processing system for setting desired security levels for application programs without modification of the application programs, said system comprising:

a processor, input means, output means, and memory means coupled via a bus;

means for storing a kernel and an operating system in said memory means;

means for storing a plurality of different security level versions of selected ones of a plurality of dynamically linked libraries, wherein a security level determines an amount of interaction between said operating system and an application program;

means for loading into said memory means a first application program;

means for storing said first application program in said memory means;

means for determining a security level for said first application program;

means for determining which of said selected ones of a plurality of dynamically linked libraries is requested by said first application program;

means for retrieving, without modifying said first application program, one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program, wherein said retrieved one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level corresponds to said dynamically linked library requested by said first application program;

means for loading into said memory means said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program;

means for loading a dynamically linked library having a default security level when said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program is not retrievable;

means for loading into said memory means said dynamically linked library having a default security level when said desired security level for said first application program cannot be determined;

means for loading into said memory means a message stub which allows said operating system, which loaded said first application program, to support said desired security level for said first application program;

means for loading into said memory means a second application program;

means for storing said second application program in said memory means;

means for determining what is the desired security level for said second application program;

means for determining which of said selected ones of a plurality of dynamically linked libraries is requested by said second application program;

means for retrieving, without modifying said second application program, one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said second application program, wherein said retrieved one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level corresponds to said dynamically linked library requested by said second application program;

means for loading into said memory means said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said second application program;

means for loading into said memory means a dynamically linked library having a default security level when said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level, for said second application program is not retrievable;

means for loading into said memory means said dynamically linked library having a default security level when said desired security level for said second application program cannot be determined; and

means for loading into said memory means a message stub which allows said operating system, which loaded said second application program, to support said desired security level for said second application program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system stores and maintains a plurality of security levels for dynamically linked libraries. Upon loading of an application, and upon determination of which dynamically linked libraries are required by the application, the data processing system determines the predefined security level assigned to the application and loads dynamically linked libraries previously encoded with the predefined security level.

62 Citations

View as Search Results

22 Claims

1. A data processing system for setting desired security levels for application programs without modification of the application programs, said system comprising:
- a processor, input means, output means, and memory means coupled via a bus;
  
  means for storing a kernel and an operating system in said memory means;
  
  means for storing a plurality of different security level versions of selected ones of a plurality of dynamically linked libraries, wherein a security level determines an amount of interaction between said operating system and an application program;
  
  means for loading into said memory means a first application program;
  
  means for storing said first application program in said memory means;
  
  means for determining a security level for said first application program;
  
  means for determining which of said selected ones of a plurality of dynamically linked libraries is requested by said first application program;
  
  means for retrieving, without modifying said first application program, one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program, wherein said retrieved one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level corresponds to said dynamically linked library requested by said first application program;
  
  means for loading into said memory means said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program;
  
  means for loading a dynamically linked library having a default security level when said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said first application program is not retrievable;
  
  means for loading into said memory means said dynamically linked library having a default security level when said desired security level for said first application program cannot be determined;
  
  means for loading into said memory means a message stub which allows said operating system, which loaded said first application program, to support said desired security level for said first application program;
  
  means for loading into said memory means a second application program;
  
  means for storing said second application program in said memory means;
  
  means for determining what is the desired security level for said second application program;
  
  means for determining which of said selected ones of a plurality of dynamically linked libraries is requested by said second application program;
  
  means for retrieving, without modifying said second application program, one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said second application program, wherein said retrieved one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level corresponds to said dynamically linked library requested by said second application program;
  
  means for loading into said memory means said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said second application program;
  
  means for loading into said memory means a dynamically linked library having a default security level when said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level, for said second application program is not retrievable;
  
  means for loading into said memory means said dynamically linked library having a default security level when said desired security level for said second application program cannot be determined; and
  
  means for loading into said memory means a message stub which allows said operating system, which loaded said second application program, to support said desired security level for said second application program.
- View Dependent Claims (2, 3)
- - 2. The system as recited in claim 1, wherein said desired security level for said second application program is different than said desired security level for said first application program.
  - 3. The system as recited in claim 1, further comprising:
    - means for storing a second operating system in said memory means, wherein said second operating system loads said second application program, wherein said first and second application programs are identical application programs, and wherein said desired security level for said second application program is different than said desired security level for said first application program.

4. A data processing system comprising:
- a processor, input means, output means, and memory means coupled via a bus;
  
  means for storing a kernel and an operating system in said memory means;
  
  means for storing one or more application programs in said memory means;
  
  means for defining one or more security levels;
  
  means for storing one or more dynamically linked libraries in said memory means, each dynamically linked library associated with one of the defined security levels;
  
  means for loading an application program; and
  
  means for linking, without modifying the application program, one or more of the dynamically linked libraries to an application program when the application program is loaded, wherein the security level of each dynamically linked library linked to the application program is a desired security level of the application program, and wherein the security level of each dynamically linked library determines a degree of access the application program has to one or more system resources, and wherein each time the application program is loaded, it may be linked to different dynamically linked libraries at different security levels.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. A system according to claim 4, wherein said means for loading further comprises means for determining the desired security level of the application program.
  - 6. A system according to claim 4, wherein said means for loading further comprises means for determining which dynamically linked libraries are requested by the application program.
  - 7. A system according to claim 4, further comprising:
    - means for storing plural copies of each dynamically linked library, wherein each copy of a particular dynamically linked library is associated with a different one of the defined security levels.
  - 8. A system according to claim 4 wherein each defined security level determines an amount of interaction between said operating system and said application program.
  - 9. A system according to claim 4, further comprising means for supporting each of the defined security levels, said supporting means stored in association with said operating system.
  - 10. A system according to claim 5, further comprising:
    - when the desired security level of an application program can not be determined, means for linking one or more of the dynamically linked libraries to the application program, wherein the security level of each dynamically linked library is a default security level.
  - 11. A system according to claim 7, further comprising:
    - when a dynamically linked library requested by the application program is not retrievable at the desired security level of the application program, means for linking the requested dynamically linked library at a default security level.

12. In a data processing system, a method for setting a desired security level for an application program, said method comprising the steps of:
- defining one or more security levels;
  
  storing one or more dynamically linked libraries, each dynamically linked library associated with one of the defined security levels;
  
  loading the application program; and
  
  linking, without modifying the application program, one or more of the dynamically linked libraries to the application program, wherein the security level of each dynamically linked library is the desired security level of the application program, and wherein the security level of each dynamically linked library determines a degree of access the application program has to one or more system resources, and wherein each time the application program is loaded, it may be linked to different dynamically linked libraries at different security levels.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. A method according to claim 12, wherein said loading step further comprises the step of determining the desired security level of the application program upon initiating said loading of the application program.
  - 14. A method according to claim 12, wherein said loading step further comprises the step of determining which dynamically linked libraries are requested by the application program.
  - 15. A method according to claim 12, further comprising the step of:
    - storing plural copies of each dynamically linked library, wherein each copy of a particular dynamically linked library is associated with a different one of the defined security levels.
  - 16. A method according to claim 12 wherein said defining step comprises defining one or more security levels wherein each defined security level determines an amount of interaction between said operating system and said application program.
  - 17. A method according to claim 13, further comprising the step of:
    - when the desired security level of the application program can not be determined, linking one or more of the dynamically linked libraries to the application program, wherein the security level of each dynamically linked library is a default security level.
  - 18. A method according to claim 14, further comprising the step of:
    - when a dynamically lined library requested by the application program is not retrievable at the desired security level of the application program, linking the requested dynamically linked library at a default security level.

19. In a data processing system, a method for setting a desired security level for an application program, said method comprising:
- storing a kernel and an operating system in a memory means;
  
  storing a plurality of different security level versions of selected ones of a plurality of dynamically linked libraries, wherein a security level determines an amount of interaction between said operating system and an application program;
  
  loading into said memory means an application program;
  
  storing said application program in said memory means;
  
  determining a security level for said application program;
  
  determining which of said selected ones of a plurality of dynamically linked libraries is requested by said application program;
  
  retrieving, without modifying said application program, one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said application program, wherein said retrieved one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level corresponds to said dynamically linked library requested by said application program; and
  
  loading into said memory means said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said application program.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, further comprising:
    - loading a dynamically linked library having a default security level when said one of said selected ones of a plurality of dynamically linked libraries which incorporates said desired security level for said application program is not retrievable.
  - 21. The method of claim 20, further comprising:
    - loading into said memory means said dynamically linked library having a default security level when said desired security level for said application program cannot be determined.
  - 22. The method of claim 19, further comprising:
    - loading into said memory means a message stub which allows said operating system, which loaded said application program, to support said desired security level for said first application program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arendt, James Wendell, Phelan, James Michael, Manikundalam, Ravindranath Kasinath
Primary Examiner(s)
Oberley, Alvin E.
Assistant Examiner(s)
COURTENAY III, ST JOHN

Application Number

US08/364,340
Time in Patent Office

1,384 Days
Field of Search

395/186, 395/685, 395/187.01, 395/188.01, 364/200
US Class Current

719/331
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 9/44521   Dynamic linking or loading;...

User level control of degree of client-side processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

User level control of degree of client-side processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links