Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | An article that anticipates storing protection data which contains access permitted actions for protected objects. |
Basic Information
| Type of Prior Art | Print Publication |
| Publication Title * | Communications of the ACM archive |
| Author | Gerald J. Popek Univ. of California, Los Angeles and David A. Farber Univ. of California, Los Ange |
| ISBN | |
| Page Range | 727-749 |
| Medium | Journal article |
| Publication Date * | 1978 |
| URL | |
Notes / To Do
| Notes | |
Excerpt
Second, the only objects which are actually referenced or modified in an instruction are those which the caller is permitted to access; that is, those which are appropriately recorded in the protection data. Otherwise, the instruction must terminate with no effect on any protected object.
.
.
S3) Specific access to protected objects is permitted only when the recorded protection data allows it.
.
.
With these three predicates, we have covered all data security cases: No state transition may reference or modify an object unless a) that object is explicitly named by the instruction, and b) the action is expressly permitted as indicated by recorded protection data. While the three predicates are concerned with single transitions and not sequences of transitions, it is trivially shown by induction that if the predicates are true for all single transitions, they are true for all finite sequences.
Relevance
Claims
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
Anticipates storing protection data which contains access permitted actions for protected objects.
Anticipates storing protection data which contains access permitted actions for protected objects.
Claim Chart
All
