Processing

Please wait...

Settings

Settings

Goto Application

1. EP0834132 - SECURITY FOR COMPUTER SYSTEM RESOURCES

Office European Patent Office
Application Number 95932113
Application Date 25.09.1995
Publication Number 0834132
Publication Date 08.04.1998
Publication Kind B1
IPC
G06F 1/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
1Details not covered by groups G06F3/-G06F13/82
G06F 9/46
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
G06F 12/14
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory
G06F 21/62
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
CPC
G06F 9/468
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
468Specific access rights for resources, e.g. using capability register
G06F 12/1483
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory ; or access to memory
1458by checking the subject access rights
1483using an access-table, e.g. matrix or list
G06F 21/6218
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
Y10S 707/99939
YSECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
10TECHNICAL SUBJECTS COVERED BY FORMER USPC
STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
707Data processing: database and file management or data structures
99931Database or file accessing
99939Privileged access
Applicants IBM
Inventors LEWIS JONATHAN RHYS
Designated States
Priority Data 9502269 25.09.1995 GB
9511730 09.06.1995 GB
Title
(DE) SICHERHEIT FÜR RECHNERBETRIEBSMITTEL
(EN) SECURITY FOR COMPUTER SYSTEM RESOURCES
(FR) SECURITE POUR LES RESSOURCES DE SYSTEMES INFORMATIQUES
Abstract
(EN)
Provided is a scheme for implementing flexible control of subject authorizations (i.e. the authorizations which users or processes have) to perform operations in relation to computer resources. The methods, computer systems and authorization facilities which are provided by the invention enhance the security provisions of operating systems which have only very limited authorization facilities, by mapping the available operating system permissions to specified resource authorities for each of a set of aspects or characteristics of a computer system resource. Thus, the standard operating system permissions (e.g. read, write, execute) can have different meanings for different resource aspects, and an individual subject can have separate authorization levels set for the different resource aspects. The mappings between authorities and the available permissions may be different for different types of resources. The invention provides great flexibility in setting the authorizations that a subject may have in relation to particular resources.

(FR)
L'invention présente un système pour réaliser un contrôle flexible d'autorisations (détenues par les utilisateurs ou par les opérateurs permettant d'effectuer des opérations relatives aux ressources informatiques. Les méthodes, les systèmes informatiques et les dispositifs d'autorisation qui sont fournis par l'invention augmentent les dispositions de sécurité pour l'utilisation de systèmes qui n'ont que des dispositifs d'autorisation extrêmement limités, en fournissant un relevé des permissions d'utilisation du système qui sont disponibles à des autorités de ressources spécifiques pour chaque ensemble d'aspects ou de caractéristiques d'une ressource d'un système informatique. Ainsi, les permissions standard d'utilisation du système (par exemple lecture, écriture, exécution) peuvent avoir des significations différentes selon les différents aspects d'une ressource, et un utilisateur individuel peut détenir différents niveaux d'autorisation établis pour les différents aspects de ressources. Le relevé entre les autorités et les permissions disponibles peut être différent pour différents types de ressources. L'invention prévoit une grande flexibilité dans l'établissement des autorisations qu'un utilisateur peut détenir relativement à des ressources particulières.

Also published as
Other related publications