Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2006-07-11
2006-07-11
Vaughn, Jr., William C. (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C713S152000
Reexamination Certificate
active
07076557
ABSTRACT:
A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation. If the calling code frame and the preceding call frames can satisfy the requested permission, the called code frame can perform the protected operation (absent stack overrides). Otherwise, a security exception is thrown and the called code frame is inhibited from performing the protected operation (absent stack overrides). Stack overrides may be employed to dynamically modify the stack walk operation. To increase performance, a stack walk may be avoided by caching an intersection of the permission grants of all code assemblies in the application.
REFERENCES:
patent: 5915085 (1999-06-01), Koved
patent: 5958050 (1999-09-01), Griffin et al.
patent: 5978484 (1999-11-01), Apperson et al.
patent: 6044466 (2000-03-01), Anand et al.
patent: 6044467 (2000-03-01), Gong
patent: 6138238 (2000-10-01), Scheifler et al.
patent: 6345361 (2002-02-01), Jerger et al.
patent: 6389540 (2002-05-01), Scheifler et al.
patent: 6526513 (2003-02-01), Shrader et al.
patent: 6735758 (2004-05-01), Berry et al.
patent: WO 99/30217 (1999-06-01), None
“Decentralized Trust Management”, by M. Blaze, J. Feigenbaum, J. Lacy, in Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 164-173. Also available as a DIMACS Technical Report. This paper describes PolicyMaker. Available in Postscript at http://www.research.att.com/˜jf/pubs/oakland96proc.ps.
“Proceedings of the Sixth International World Wide Web Conference”, Santa Clara, CA, Apr. 1997, by Y. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, M. Strauss, REFEREE: Trust Management for Web Applications. Available from http://www.farcaster.com/papers/www6-referee/index.htm.
“The Role of Trust Management in Distributed System Security”, M. Blaze, J. Feigenbaum, J. Ioannidis, A. Keromytis, Secure Internet Programming: Security Issues for Distributed and Mobile Objects, Lecutre Notes in Computer Science, vol. 1603, Springer, Berlin, 1999, pp. 185-210. Postscript available from http://www.research.att.com/˜jf/pubs/sip99.ps.
“Managing Trust in an Information-Labeling System”, European Transactions on Telecommunications, 8 (1997), pp. 491-501. (Special issue of selected papers from the 1996 Amalfi Conference on Secure Communications in Networks.) Postscript from http://www.research.att.com/˜jf/pubs/ett97.ps.
“The Evolution of Java Security”, by Koved, Nadalin, Neal and Lawson, including information on Java-based systems, IBM.
Information on KeyNote including “The KeyNote Trust-Management System” from RFC 2704, at http://www.cis/upenn.edu/˜angelos/keynote.html; and “Using the KeyNote Trust Management Sytem” by Matt Blaze, at http://www.crypto.com/trustmgt/.
“Trust management on the World Wide Web”, by Khare and Rifkin, at http://www7.scu.edu.au/programme/posters/1902/com1902.htm.
“Compliance Checking in the PolicyMaker Trust Management System”, by Blaze, Feigenbaum and Strauss, AT&T Labs-Research.
International Search Report for PCT/US01/16057.
International Search Report for PCT/US01/16127.
Anand, R. et al.., “A Flexible Security Model for Using Internet Content,” Proceedings of the 16thSymposium on Reliable Distributed Systems. SRDS '97, Durham, NC, Oct. 22-24, 1997 & Proceedings of the Symposium on Reliable Distributed Systems, Los Alamitos,CA: IEEE Computer Soc, US, Oct. 22, 1997.
“Logically Extensible Privilege Control Set,” IBM Technical Disclosure Bulletin, IBM Corp., New York, NY, vol. 34, No. 7B, Dec. 1, 1991.
Fee Gregory Darrell
Kamath Ashok Cholpady
Kohnfelder Loren M.
LaMacchia Brian A.
Merchant & Gould P.C.
Shin Kyung Hye
Vaughn, Jr. William C.
LandOfFree
Applying a permission grant set to a call stack during runtime does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Applying a permission grant set to a call stack during runtime, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Applying a permission grant set to a call stack during runtime will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3602161