Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1997-11-25
2000-03-28
Beausoliel, Jr., Robert W.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
G06F 1214
Patent
active
060444665
ABSTRACT:
A dynamic derivation mechanism is defined which enables limited permissions to be dynamically and flexibly derived for executables based upon their authenticated description. The dynamic derivation mechanism uses the authenticated description to determine the maximal permissions that individual principals can delegate to the content. A principal's maximal permissions for content define a superset of the rights that that principal will actually delegate to that content. Although the maximal permissions are derived from predefined specifications, the specifications can be sensitive to runtime state on the downloader's system or previous delegations to enable the dynamic (i.e., runtime) derivation. Multiple principals can delegate a subset of their maximal permissions for the executable content. The mechanism uses policy for combining the delegated permissions into the content's runtime permissions.
REFERENCES:
patent: 5265221 (1993-11-01), Miller
patent: 5335346 (1994-08-01), Fabbio
patent: 5649099 (1997-07-01), Theimer et al.
patent: 5911143 (1999-06-01), Deinhart et al.
patent: 5924094 (1999-07-01), Sutter
patent: 5925126 (1999-07-01), Hsieh
patent: 5966715 (1999-10-01), Sweeney et al.
patent: 5968177 (1999-10-01), Batten-Carew et al.
Yellin, "Low Level Security in Java", http://java.sun.com/sfaq/verifier.html, pp 1-12, Dec. 1996.
Bank, "Java Security", http://www-swiss.ai.mit.edu/.about.jbank/javapaper.html, pp 1-11, Dec. 1995.
Thomas, "The Navigator Java Environment: Current Security Issues", http://developer.netscape.com/docs/manuals/javasecurity.html, pp. 1-3, Jan. 1996.
Jaeger et al., "Implementation of a Discretionary Access Control Model for Scrip-based Systems", 8th IEEE Computer Security Foundations Workshop Proceedings, pp 70-84, Jun. 1995.
Sandhu et al., "Role-Based Access Control: A Multi-Dimensional View", IEEE 10th Annual Computer Security Applications Conference Proceedings, pp 54-62, Dec. 1994.
Anand et al., "A Flexible Security Model for Using Internet Content", IEEE The Sixteenth Symposium on Reliable Distributed Systems Proceedings, pp 89-96, Oct. 1997.
Unknown, "HotJava(tm): The Security Story", http://java.sun.com/sfaq/may95/security.html, pp. 1-7, May 1995.
Trent Jaeger, Aviel D. Rubin, Atul Prakash, "Building Systems That Flexibly Control Downloaded Executable Content", USENIX Association, 6th USENIX Security Symposium, pp. 131-148.
Nayeem Islam, Rangachari Anand, Trent Jaeger and Josyula R. Rao, "A Flexible Security System For Using Internet Content", IEEE Software, Sep./Oct. 1997, pp. 52-59.
Anand Rangachari
Giraud Frederique-Anne
Islam Nayeem
Jaeger Trent Ray
Liedtke Jochen
Beausoliel, Jr. Robert W.
Elmore Stephen C.
International Business Machines Corp.
Jordan, Esq. Kevin N.
LandOfFree
Flexible and dynamic derivation of permissions does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Flexible and dynamic derivation of permissions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Flexible and dynamic derivation of permissions will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1335687