Information security – Access control or authentication – Authorization
Reexamination Certificate
2011-08-30
2011-08-30
Jung, David Y (Department: 2431)
Information security
Access control or authentication
Authorization
C726S003000, C726S004000
Reexamination Certificate
active
08011008
ABSTRACT:
Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.
REFERENCES:
patent: 7039801 (2006-05-01), Narin
patent: 7082600 (2006-07-01), Rau et al.
patent: 7168063 (2007-01-01), Meijer
patent: 2004/0019887 (2004-01-01), Taylor et al.
patent: 2004/0133777 (2004-07-01), Kiriansky et al.
patent: 2004/0143631 (2004-07-01), Banerjee et al.
patent: 2005/0172133 (2005-08-01), Brumme et al.
patent: 2005/0172286 (2005-08-01), Brumme et al.
patent: 2006/0075383 (2006-04-01), Moorthy et al.
patent: 2006/0129995 (2006-06-01), DeBoe et al.
patent: 2006/0259763 (2006-11-01), Cooperstein et al.
patent: 2007/0199050 (2007-08-01), Meier
patent: 2007/0199051 (2007-08-01), Parikh et al.
Mike Downen, What's New with Code Access Security in the .NET Framework 2.0, Nov. 2005.
CSTS: A Prototype Tool for Testing COM Component Security; Jinfu Chen; Yansheng Lu; Xiaodong Xie; Hybrid Intelligent Systems, 2009. HIS '09. Ninth International Conference on vol. 3; Publication Year: 2009 , pp. 83-88.
Can Microsoft's Service Pack2 (SP2) Security Software Prevent SMURF Attacks?; Kumar, S.; Azad, M.; Gomez, O.; Valdez, R.; Telecommunications, 2006. AICT-ICIW '06. International Conference on Internet and Web Applications and Services/Advanced International Conference on; Publication Year: 2006; p. 89-94.
From stack inspection to access control: a security analysis for libraries; Besson, F.; Blanc, T.; Fournet, C.; Gordon, A.D.; Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE; Publication Year: 2004 , pp. 61-75.
.NET Security Blog, “The Silverlight Security Model”, 2007, 4 pages, http://blogs.msdn.com/shawnfa/archive/2007/05/09/the-silverlight-security-model.aspx.
Allen, Jonathan, “Silverlight's New Security Model”, May 2, 2007, 2 pages, http://www.infoq.com
ews/2007/05/Silverlight-SecurityModel.
Pramati Server 3.5, 2003, 4 pages, http://www.pramati.com/docstore/1215012/psv35data.pdf.
“Container internationalization attributes”, 2 pages, Jun. 2007, http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/i18n/concepts/cin—containerattribute.html.
Downen Michael D.
Kaufman Charles W.
Krishnaswamy Raja
Moorthy Arun
Jung David Y
Microsoft Corporation
Workman Nydegger
LandOfFree
Application security model does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Application security model, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Application security model will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2770947