Electrical computers and digital processing systems: multicomput – Distributed data processing – Processing agent
Reexamination Certificate
2000-06-02
2004-06-22
Jaroenchonwanit, Bunjob (Department: 2143)
Electrical computers and digital processing systems: multicomput
Distributed data processing
Processing agent
C713S152000
Reexamination Certificate
active
06754691
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to a distributed system, an access control process and apparatus, and an access control program product. More particularly, it relates to a distributed system in which a mobile code migrates for execution on plural computers interconnected over a network, an access control process and apparatus, and an access control program product.
BACKGROUND OF THE INVENTION
Recently, as the personal computer is improved in performance and decreased in cost, and as the global scale network typified by Internet is enlarged, the configuration in which plural computers are interconnected over a network, rather than being used in a stand-alone state, is becoming more commonplace in order for a computer to exploit resources of the other remote computers through the network. With increase in the number of computers interconnected over the network, a distributed system furnishing variegated services on the network is becoming popular.
In this sort of the distributed system, there has been developed a technique in which a program code prepared on certain computer is downloaded to different computers through the network to enable the program to be executed on the computers. For example, a mobile agent system has a function of receiving and executing the program sent from other computers.
By exploiting this technique, it becomes possible to execute programs between heterogeneous computers interconnected over a network, without dependency on the computer types or the type of the operating system.
On the other hand, the possibility that the resources, such as crucial files, of a computer be accessed by an untrustable or malicious program code, is also becoming high.
For this reason, it is necessary for such distributed system to be equipped with a method and apparatus by which to distinguish a trustable program code from an untrustable program code insofar as security is concerned.
As an example of this sort of the conventional distributed system, reference is made to the description of a publication entitled “Java Security Architecture (JDK1.2)” issued by SUN-MICROSYSTEMS INC.
FIG. 23
shows schematics of this conventional access control system.
Referring to
FIG. 23
, there is mounted in a program code
1004
a system of collating a Code Base (URL, uniform resource locator) held on the program code
1004
and a signatory of the Program code
1004
to a security policy
1003
of an own computer
1000
to permit only on program authorized to have access is allowed to operate on a virtual machine (Java virtual machine)
1001
on the own computer
1000
, no matter whether the code is prepared on the own computer
1000
, that is the local code, or the remote code, that is a code prepared on another computer and downloaded on the own computer
1000
.
By way of a specified example, if a policy:
grant {
permission java. io FilePermission “tmp_file”, “read”;
}
is written in the security policy
1003
, the entire program codes are given the authorization to “read” a file having a filename “tmp_file”.
On the other hand, if a policy:
grant “http.://java.sun.com”, signedBy “Li”{
permission java.io.FilePermission “/tmp/file*”, “read”;
permission java.io.SocketPermission “nec.co.jp”, “connect”;
}
is stated, there are accorded to the program code signed by “Li” and downloaded from the URL “http.//sun.com” an authorization to read (“read”) all files directly below the filename “/tmp” and an authorization to access (“connect”) the network through a socket to “nec.co.jp”.
In this manner, the program code realizes access control based on the URL of the computer which ha s downloaded the program code and the information on the signatory as a “subject”.
As another system, there is known “A Security Model for Aglets” stated on pages 68 to 77 of a publication (IEEE Internet Computing July/August 1997). This system is called Aglets system. In this Aglets system, the subject of the security is extended not only to the information on the signatory of the program code but also to the execution environment of the program code (called “Context” or “Aglet Context” in the Aglets system), producer and the manager of the execution environment of the program code.
This enables execution of a Program code prepared by a subject not recognized by a security policy of a given computer and to perform fine access control on the condition that the authorization for execution is prescribed in detail in the security policy.
SUMMARY OF THE DISCLOSURE
However, the aforementioned access control device suffers from the following problems:
The first problem is that access control in a multi-agent system in which plural agents can have communication with one another is insufficient for the following reasons:
In a system in which agents can have communication with one another, such as Internet, an indefinite number of agents transmit/receive the communication. In such case, there is a possibility that communication with an agent causes communication with other agents to be produced, that is that the communication is of multi-stage such that the communication passes through a large number of agents or agent environments.
The more frequent the communication among agents, the higher is the possibility that communication with an untrustable agent with malicious intention participates in the communication or the communication must pass through evil agent environments. In such case, the contents of the communication tend to be modified. If the modified program code is received and executed, the agent environment tends to be affected adversely.
However, in the conventional access control device, no attention is paid to access control in case where the communication becomes multiple-staged and the number of relays is increased.
The second problem is that access control in a multiple agent system, in which agents are migrated frequently, is insufficient, for the following reason:
In certain ones of recent agents, the program code is migrated from a computer environment on a network to a different computer environment.
In certain mounting of the agent system, not only is data held by an agent is migrated, but its execution is interrupted, its state information, such as the information as to up to which number of program code in the sequence of the Program codes is executed, is saved and migration is made to a different computer environment to re-start the execution as from this state.
In a system enabling such agent migration, the probability is high that an indefinite number of agents are migrated over the network to different computer environments. Even if an agent is formulated by a trustable organization and started by a trustable person, the agent environment tends to be affected in such a case wherein the agent is migrated to a evil agent environment and modified and the agent thus modified is migrated to a different agent environment to re-initiate its execution.
In a conventional access control device, no attention is paid to the route information of the agent such that access of the agent which has visited an evil agent environment cannot be controlled appropriately.
The third problem is that access control for protecting an agent on a computer is insufficient.
The reason is that, as discussed in connection with the first and second problems, if there lacks the route information as to the route traversed by the communication or the agent, and thus the access control is insufficient, the agent which should inherently be access-controlled cannot be access-controlled such that other agents tend to be affected by execution of agents for which access control is not possible.
The fourth problem is that fine access control cannot be performed because the route information on the agent or the thread is not used as the access control subject.
The fifth problem is that, if, in a multi-agent system, access control of the agent cannot be performed sufficiently, trustability in security cannot be said to be sufficient.
It is therefore an object of the present invention to provide, in a multi-agent
Fujita Satoru
Gomi Hidehito
Jaroenchonwanit Bunjob
NEC Corporation
Sughrue & Mion, PLLC
LandOfFree
Distributed system, access control process and apparatus and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Distributed system, access control process and apparatus and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Distributed system, access control process and apparatus and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3294221