Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | Article that anticipates limiting access to compute resources by means of capabilities. A capability restricts instances to the specified resources. Also anticipates the checking of the access rights for the instance is checked at run time. |
Basic Information
| Type of Prior Art | Print Publication |
| Publication Title * | Proceedings of an ACM conference on Language design for reliable software |
| Author | Gregory R. Andrews of Cornell University, James R. McGraw of Cornell University |
| ISBN | |
| Page Range | 114-127 |
| Medium | Other printed publication |
| Publication Date * | 1977 |
| URL | |
Notes / To Do
| Notes | |
Excerpt
5.2 Access Control
Every dynamic resource is accessed by means of capabilities [9,17]. A resource capability has two components:
(1) a reference to a particular instance, and (2) a set of access rights for the instance. The rights for a resource are rights to call every resource operation plus the language-defined copy and nullify rights. A capability is used to call an operation by executing a statement of the form:
capability_name.operation(parameters);
The call is permitted only if the capability contains a right for that operation. This check must be made at runtime.
Figure 1 shows the User process and the Input process having access to different resources.
Relevance
Claims
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
Anticipates limiting access to compute resources by means of capabilities. A capability restricts instances to the specified resources. Also anticipates the checking of the access rights for the instance is checked at run time.
Anticipates limiting access to compute resources by means of capabilities. A capability restricts instances to the specified resources. Also anticipates the checking of the access rights for the instance is checked at run time.
Claim Chart
All
