Processing

Please wait...

Settings

Settings

Goto Application

1. WO2013045928 - METHOD AND APPARATUS FOR CONTROLLING ACCESS TO A RESOURCE IN A COMPUTER DEVICE

Publication Number WO/2013/045928
Publication Date 04.04.2013
International Application No. PCT/GB2012/052394
International Filing Date 27.09.2012
IPC
G06F 21/54 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
54by adding security routines or objects to programs
CPC
G06F 21/31
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
G06F 21/335
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
33using certificates
335for accessing specific resources, e.g. using Kerberos tickets
G06F 21/54
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
54by adding security routines or objects to programs
G06F 21/604
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
604Tools and structures for managing or administering access control systems
G06F 21/6227
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
6227where protection concerns the structure of data, e.g. records, types, queries
G06F 2221/2141
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
Applicants
  • AVECTO LIMITED [GB]/[GB] (AllExceptUS)
  • AUSTIN, Mark James [GB]/[GB] (US)
Inventors
  • AUSTIN, Mark James
Agents
  • APPLEYARD LEES
Priority Data
1116838.230.09.2011GB
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND APPARATUS FOR CONTROLLING ACCESS TO A RESOURCE IN A COMPUTER DEVICE
(FR) PROCÉDÉ ET APPAREIL POUR CONTRÔLER L'ACCÈS À UNE RESSOURCE DANS UN DISPOSITIF INFORMATIQUE
Abstract
(EN) A computer device (200) and method are described for controlling access to a resource (115). An execution environment (203) executes a user process (120) with access privileges according to a user security context (121). A security unit (250) controls access to resources (115, 125) according to the user security context (121a), with the user process (120) making system calls (501 ) to the security unit (250). A proxy hook module (310) embedded within the user process (120) intercepts the system call (501 ) and generates a proxy resource access request (502). A proxy service module (320) in a privileged security context (111 ) validates the proxy resource access request (502) from the proxy hook module (310) and, if validated, obtains and returns a resource handle that permits access to the desired resource (115) by the user process (120).
(FR) La présente invention concerne un dispositif informatique (200) et un procédé pour contrôler l'accès à une ressource (115). Un environnement d'exécution (203) exécute un processus utilisateur (120) associé à des privilèges d'accès, en fonction d'un contexte de sécurité utilisateur (121). Une unité de sécurité (250) contrôle l'accès aux ressources (115, 125) en fonction du contexte de sécurité utilisateur (121a), le processus utilisateur (120) établissant des appels système (501) avec l'unité de sécurité (250). Un module d'accroche de proxy (310) intégré dans le processus utilisateur (120) intercepte l'appel système (501) et génère une requête d'accès à la ressource proxy (502). Un module de service de proxy (320) dans un contexte de sécurité doté de privilèges (111) valide la requête d'accès à la ressource proxy (502) émise par le module d'accroche de proxy (310) et, en cas de validation, obtient et renvoie une gestion de ressource qui permet au processus utilisateur (120) d'accéder à la ressource souhaitée (115).
Related patent documents
Latest bibliographic data on file with the International Bureau