Cryptography – Cryptanalysis
Patent
1992-05-15
1995-05-02
Cain, David C.
Cryptography
Cryptanalysis
380 23, 380 25, H04L 900
Patent
active
054127173
ABSTRACT:
Method and apparatus are disclosed including a system monitor which limits the ability of a program about to be executed to the use of predefined resources (e.g., data files, disk writing capabilities, etc.). The system monitor processes a data structure including a set of authorities defining that which a program is permitted to do and/or that which the program is precluded from doing. The set of authorities and/or restrictions assigned to a program to be executed are referred to as "program authorization information" (or "PAI"). Once defined, the program authorization information is thereafter associated with at least one program to be executed to thereby delineate the resources and functions that the program is allowed to utilize and/or is not allowed to utilize. The PAI associated with a particular program may be assigned by a computer system owner/user or by someone who the computer system owner/user implicitly trusts. The PAI permits an associated program to access what has been authorized and nothing else. The program may be regarded as being placed in a program capability limiting "safety box". This "safety box" is thereafter associated with the program such that when the system monitor runs the program, the PAI for that program is likewise loaded and monitored. When the program is to perform a function or access a resource, the associated PAI is monitored to confirm that the operation is within the defined program limits. If the program is prevented from doing anything outside the authorized limits.
REFERENCES:
patent: 4652990 (1987-05-01), Pailen et al.
patent: 5005200 (1991-04-01), Fischer
patent: 5047928 (1991-09-01), Wiedemer
patent: 5109413 (1992-04-01), Comerford et al.
patent: 5142578 (1992-08-01), Matyas et al.
patent: 5164988 (1992-11-01), Matyas et al.
Graham et al; "Protection--Principles and practice", Proc. Spring Joing Comp. Conf., vol. 40, 1972, Atalantic City, U.S. pp. 417-429.
Proc. 9th International Conf. on Comp. Comm. Mar. 11, 1988, Tel Aviv, IL, pp. 391-396, Kowalski et al, "Security for Electronic Mail and Telematic Services".
IEEE Symposium on Security and Privacy, Apr. 1988, Oakland, US, pp. 39-49, Vinter et al, "Extended Discretionary Access Controls".
ACF2, The Access Control Facility, General Information Manual, Data Access Control, MVS Installations, Data Access Control Sample Rule Sets, and Execution Flow Jan. 15, 1985, pp. 21-23.
ACF2, The Access Control Facility, Administrator's Guide, "Rule Settings: Access Rules" MVS Installations, p. 74, Jan. 15, 1985.
IBM OS/VS2 System Programming Library: Supervisor, OS/VS2/MVS/System Products: JES 3 5740-XYN and JES2 5740-XYS, pp. 39-44, Jul. 1985.
IBM OS/VS2 MVS System Programming Library: Job management, MVS/System Product JES2 5740-XYS and JES3 5740-XYN, GC28 1303-0, pp. 2-1 thru 2-5 Dec. 1982.
LandOfFree
Computer system security method and apparatus having program aut does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer system security method and apparatus having program aut, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer system security method and apparatus having program aut will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1144040