Processing

Please wait...

Settings

Settings

Goto Application

1. US6233576 - Enhanced security for computer system resources with a resource access authorization control facility that creates files and provides increased granularity of resource permission

Office United States of America
Application Number 08952256
Application Date 14.11.1997
Publication Number 6233576
Publication Date 15.05.2001
Grant Number 6233576
Grant Date 15.05.2001
Publication Kind B1
IPC
G06F 17/30
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
17Digital computing or data processing equipment or methods, specially adapted for specific functions
30Information retrieval; Database structures therefor
G06F 1/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
1Details not covered by groups G06F3/-G06F13/82
G06F 9/46
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
G06F 12/14
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory
G06F 21/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
CPC
G06F 9/468
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
468Specific access rights for resources, e.g. using capability register
G06F 12/1483
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory ; or access to memory
1458by checking the subject access rights
1483using an access-table, e.g. matrix or list
G06F 21/6218
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
Y10S 707/99939
YSECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
10TECHNICAL SUBJECTS COVERED BY FORMER USPC
STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
707Data processing: database and file management or data structures
99931Database or file accessing
99939Privileged access
Applicants International Business Machines Corporation
Inventors Lewis, Jonathan Rhys
Agents Ray-Yarletts, Jeanine S.
Priority Data 9511730 09.06.1995 GB
Title
(EN) Enhanced security for computer system resources with a resource access authorization control facility that creates files and provides increased granularity of resource permission
Abstract
(EN)

Provided is a scheme for implementing flexible control of subject authorizations (i.e. the authorizations which users or processes have) to perform operations in relation to computer resources. The methods, computer systems and authorization facilities which are provided by the invention enhance the security provisions of operating systems which have only very limited authorization facilities, by mapping the available operating system permissions to specified resource authorities for each of a set of aspects or characteristics of a computer system resource. Thus, the standard operating system permissions (e.g. read, write, execute) can have different meanings for different resource aspects, and an individual subject can have separate authorization levels set for the different resource aspects. The mappings between authorities and the available permissions may be different for different types of resources. The invention provides great flexibility in setting the authorizations that a subject may have in relation to particular resources.

Also published as
Other related publications