ES2128393T3 - Metodo y aparato para sistemas de ordenador con estructuras de datos de informacion para programas de autorizacion. - Google Patents
Metodo y aparato para sistemas de ordenador con estructuras de datos de informacion para programas de autorizacion.Info
- Publication number
- ES2128393T3 ES2128393T3 ES93303223T ES93303223T ES2128393T3 ES 2128393 T3 ES2128393 T3 ES 2128393T3 ES 93303223 T ES93303223 T ES 93303223T ES 93303223 T ES93303223 T ES 93303223T ES 2128393 T3 ES2128393 T3 ES 2128393T3
- Authority
- ES
- Spain
- Prior art keywords
- program
- pai
- executed
- limits
- system monitor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
SE PRESENTAN UN METODO Y APARATO QUE INCLUYE UN CONTROLADOR DEL SISTEMA QUE LIMITA LA CAPACIDAD DE UN SISTEMA QUE SE VA A EJECUTAR AL USO DE UNOS RECURSOS PREDEFINIDOS (EJ. ARCHIVOS DE DATOS, POSIBILIDADES DE ESCRITURA DEL DISCO, ETC.). EL CONTROLADOR DEL SISTEMA PROCESA UNA ESTRUCTURA DE DATOS QUE INCLUYE UN GRUPO DE AUTORIDADES QUE DEFINEN QUE ES LO QUE PUEDE HACER EL PROGRAMA Y/O QUE NO PUEDE HACER. EL GRUPO DE AUTORIDADES Y/O RESTRICCIONES ASIGNADAS A UN PROGRAMA A EJECUTAR RECIBEN EL CALIFICATIVO DE "INFORMACION DE AUTORIZACION DEL PROGRAMA" (O "PAI"). UNA VEZ DEFINIDA, LA INFORMACION DE AUTORIZACION DEL PROGRAMA SE ASOCIA A POR LO MENOS UN PROGRAMA A EJECUTAR PARA ASI DELIMITAR LOS RECURSOS Y FUNCIONES QUE PUEDE UTILIZAR EL PROGRAMA Y/O QUE NO PUEDE UTILIZAR. LA PAI ASOCIADA A UN PROGRAMA PARTICULAR PUEDE SER ASIGNADA POR EL PROPIETARIO/USUARIO DE UN SISTEMA DE ORDENADOR O POR ALGUIEN EN QUIEN EL PROPIETARIO/USUARIO DEL SISTEMA DE ORDENADOR CONFIA ABSOLUTAMENTE. LA PAI SOLO PERMITE QUE UN PROGRAMA ASOCIADO ACCEDA A AQUELLO PARA LO QUE HA SIDO AUTORIZADO Y A NADA MAS. SE PUEDE CONSIDERAR QUE EL PROGRAMA HA SIDO COLOCADO EN UNA "CAJA DE SEGURIDAD" LIMITADORA DE LA CAPACIDAD DEL PROGRAMA. ESTA "CAJA DE SEGURIDAD" SE ASOCIA DESPUES AL PROGRAMA DE TAL MODO QUE CUANDO EL CONTROLADOR DEL SISTEMA EJECUTA EL PROGRAMA, LA PAI RELATIVA A ESE PROGRAMA SE CARGA Y CONTROLA TAMBIEN. CUANDO EL PROGRAMA VAYA A LLEVAR A CABO UNA FUNCION O ACCEDER A UN RECURSO, LA PAI ASOCIADA ES CONTROLADA PARA CONFIRMAR QUE LA OPERACION SE ENCUENTRA DENTRO DE LOS LIMITES DEL PROGRAMA DEFINIDOS. EL PROGRAMA NO PUEDE HACER NADA QUE SE SALGA DE LOS LIMITES AUTORIZADOS.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US88386792A | 1992-05-15 | 1992-05-15 | |
US07/883,868 US5412717A (en) | 1992-05-15 | 1992-05-15 | Computer system security method and apparatus having program authorization information data structures |
Publications (1)
Publication Number | Publication Date |
---|---|
ES2128393T3 true ES2128393T3 (es) | 1999-05-16 |
Family
ID=27128706
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
ES93303223T Expired - Lifetime ES2128393T3 (es) | 1992-05-15 | 1993-04-26 | Metodo y aparato para sistemas de ordenador con estructuras de datos de informacion para programas de autorizacion. |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP0570123B1 (es) |
JP (2) | JP3784423B2 (es) |
AT (1) | ATE177857T1 (es) |
AU (1) | AU672786B2 (es) |
CA (1) | CA2095087C (es) |
DE (1) | DE69323926T2 (es) |
ES (1) | ES2128393T3 (es) |
Families Citing this family (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AP626A (en) * | 1994-01-13 | 1998-01-16 | Certco Llc | Cryptographic system and method with key escrow feature. |
US5553143A (en) * | 1994-02-04 | 1996-09-03 | Novell, Inc. | Method and apparatus for electronic licensing |
US5553139A (en) * | 1994-04-04 | 1996-09-03 | Novell, Inc. | Method and apparatus for electronic license distribution |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5802275A (en) * | 1994-06-22 | 1998-09-01 | Lucent Technologies Inc. | Isolation of non-secure software from secure software to limit virus infection |
JPH08137686A (ja) * | 1994-09-16 | 1996-05-31 | Toshiba Corp | 著作物データ管理方法及び著作物データ管理装置 |
US5715403A (en) * | 1994-11-23 | 1998-02-03 | Xerox Corporation | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar |
DE69521977T2 (de) * | 1994-12-13 | 2002-04-04 | Ibm | Verfahren und System zur gesicherten Programmenverteilung |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
ATE419586T1 (de) | 1995-02-13 | 2009-01-15 | Intertrust Tech Corp | Systeme und verfahren zur gesicherten transaktionsverwaltung und elektronischem rechtsschutz |
US5905860A (en) * | 1996-03-15 | 1999-05-18 | Novell, Inc. | Fault tolerant electronic licensing system |
CA2202118A1 (en) * | 1996-04-29 | 1997-10-29 | Mitel Corporation | Protected persistent storage access for mobile applications |
US5825877A (en) * | 1996-06-11 | 1998-10-20 | International Business Machines Corporation | Support for portable trusted software |
US5987123A (en) * | 1996-07-03 | 1999-11-16 | Sun Microsystems, Incorporated | Secure file system |
US6148083A (en) * | 1996-08-23 | 2000-11-14 | Hewlett-Packard Company | Application certification for an international cryptography framework |
US5841870A (en) * | 1996-11-12 | 1998-11-24 | Cheyenne Property Trust | Dynamic classes of service for an international cryptography framework |
US5920861A (en) * | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
US6167522A (en) * | 1997-04-01 | 2000-12-26 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
CN1229489A (zh) * | 1997-06-17 | 1999-09-22 | 珀杜法尔玛Lp公司 | 自毁文档和电子邮件发报系统 |
US6000032A (en) * | 1997-07-15 | 1999-12-07 | Symantec Corporation | Secure access to software modules |
US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
US6711611B2 (en) | 1998-09-11 | 2004-03-23 | Genesis Telecommunications Laboratories, Inc. | Method and apparatus for data-linking a mobile knowledge worker to home communication-center infrastructure |
US6985943B2 (en) | 1998-09-11 | 2006-01-10 | Genesys Telecommunications Laboratories, Inc. | Method and apparatus for extended management of state and interaction of a remote knowledge worker from a contact center |
IL123512A0 (en) | 1998-03-02 | 1999-03-12 | Security 7 Software Ltd | Method and agent for the protection against hostile resource use access |
ATE437398T1 (de) | 1998-05-06 | 2009-08-15 | Sun Microsystems Inc | Verarbeitungsmaschine und verarbeitungsverfahren |
JP2001127747A (ja) * | 1999-10-25 | 2001-05-11 | Toshiba Corp | 情報暗号化復号化装置 |
US6757824B1 (en) * | 1999-12-10 | 2004-06-29 | Microsoft Corporation | Client-side boot domains and boot rules |
US6901386B1 (en) * | 2000-03-31 | 2005-05-31 | Intel Corporation | Electronic asset lending library method and apparatus |
US7263616B1 (en) | 2000-09-22 | 2007-08-28 | Ge Medical Systems Global Technology Company, Llc | Ultrasound imaging system having computer virus protection |
KR20020034862A (ko) * | 2000-11-02 | 2002-05-09 | 권문상 | 컴퓨터의 응용프로그램의 비밀값 제어방법 |
US7099663B2 (en) | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
DE10140721A1 (de) * | 2001-08-27 | 2003-03-20 | Bayerische Motoren Werke Ag | Verfahren zur Bereitstellung von Software zur Verwendung durch ein Steuergerät eines Fahrzeugs |
JP3818504B2 (ja) * | 2002-04-15 | 2006-09-06 | ソニー株式会社 | 情報処理装置および方法、並びにプログラム |
JP4222774B2 (ja) | 2002-05-20 | 2009-02-12 | 株式会社エヌ・ティ・ティ・ドコモ | 携帯端末およびプログラムの起動方法 |
WO2003107182A1 (ja) | 2002-06-12 | 2003-12-24 | 松下電器産業株式会社 | サービス安全拡張プラットフォーム |
AU2003284986A1 (en) * | 2002-10-25 | 2004-05-13 | Bettina Experton | System and method for automatically launching and accessing network addresses and applications |
KR100493900B1 (ko) * | 2003-08-21 | 2005-06-10 | 삼성전자주식회사 | 사용자간 콘텐츠에 대한 권한정보의 공유방법 |
US20050091658A1 (en) * | 2003-10-24 | 2005-04-28 | Microsoft Corporation | Operating system resource protection |
US7788487B2 (en) | 2003-11-28 | 2010-08-31 | Panasonic Corporation | Data processing apparatus |
US9008075B2 (en) | 2005-12-22 | 2015-04-14 | Genesys Telecommunications Laboratories, Inc. | System and methods for improving interaction routing performance |
JP4995590B2 (ja) | 2007-02-14 | 2012-08-08 | 株式会社エヌ・ティ・ティ・ドコモ | コンテンツ流通管理装置、通信端末、プログラム及びコンテンツ流通システム |
US8646050B2 (en) * | 2011-01-18 | 2014-02-04 | Apple Inc. | System and method for supporting JIT in a secure system with randomly allocated memory ranges |
US9690945B2 (en) | 2012-11-14 | 2017-06-27 | International Business Machines Corporation | Security analysis using relational abstraction of data structures |
JP6236816B2 (ja) * | 2013-03-15 | 2017-11-29 | 株式会社リコー | 画像処理システム、情報処理装置及びプログラム |
US10694352B2 (en) | 2015-10-28 | 2020-06-23 | Activision Publishing, Inc. | System and method of using physical objects to control software access |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2059652B (en) | 1979-09-29 | 1983-08-24 | Plessey Co Ltd | Memory protection system using capability registers |
AU618056B2 (en) * | 1987-11-10 | 1991-12-12 | Acresso Software Inc. | Computer program license management system |
US5005200A (en) | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
JP3049749B2 (ja) * | 1990-09-14 | 2000-06-05 | 富士通株式会社 | ファイルアクセス制限処理装置 |
AU662805B2 (en) | 1992-04-06 | 1995-09-14 | Addison M. Fischer | A method for processing information among computers which may exchange messages |
-
1993
- 1993-04-26 AT AT93303223T patent/ATE177857T1/de active
- 1993-04-26 ES ES93303223T patent/ES2128393T3/es not_active Expired - Lifetime
- 1993-04-26 EP EP93303223A patent/EP0570123B1/en not_active Expired - Lifetime
- 1993-04-26 DE DE69323926T patent/DE69323926T2/de not_active Expired - Lifetime
- 1993-04-28 AU AU38209/93A patent/AU672786B2/en not_active Expired
- 1993-04-28 CA CA002095087A patent/CA2095087C/en not_active Expired - Lifetime
- 1993-05-14 JP JP11315793A patent/JP3784423B2/ja not_active Expired - Lifetime
-
2005
- 2005-12-13 JP JP2005358699A patent/JP3880607B2/ja not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
DE69323926T2 (de) | 1999-09-30 |
JP2006099805A (ja) | 2006-04-13 |
ATE177857T1 (de) | 1999-04-15 |
EP0570123A1 (en) | 1993-11-18 |
CA2095087A1 (en) | 1993-11-16 |
AU3820993A (en) | 1993-11-18 |
CA2095087C (en) | 1999-06-01 |
EP0570123B1 (en) | 1999-03-17 |
AU672786B2 (en) | 1996-10-17 |
JPH06103058A (ja) | 1994-04-15 |
JP3784423B2 (ja) | 2006-06-14 |
JP3880607B2 (ja) | 2007-02-14 |
DE69323926D1 (de) | 1999-04-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
ES2128393T3 (es) | Metodo y aparato para sistemas de ordenador con estructuras de datos de informacion para programas de autorizacion. | |
Karger | Limiting the damage potential of discretionary Trojan horses | |
CA1252907A (en) | Secure data processing system architecture with format control | |
US6581161B1 (en) | System, apparatus and method for controlling access | |
US7290279B2 (en) | Access control method using token having security attributes in computer system | |
US5283830A (en) | Security mechanism for a computer system | |
CA2025434A1 (en) | Method for protecting against the unauthorized use of software in a computer network environment | |
Abrams | RENEWED UNDERSTANDING OF ACCESS CONTROL POLICIES¹ | |
ATE518179T1 (de) | Sicherheitsmodell mit beschränkten token | |
EP0729252A3 (en) | Cryptographic key management | |
DE69707022T2 (de) | System und verfahren zur sicheren verwaltung von desktop-umgebungen über ein netzwerk | |
WO2004034180A3 (en) | Processes and systems for enabling secure and controlled distribution and use of information | |
CN109522734B (zh) | 一种安全应用商店系统 | |
KR940015842A (ko) | 단말기 보안등급을 이용한 시스템 사용제한 방법 | |
JP4636040B2 (ja) | ファイル管理システム及びファイル管理方法、並びにファイル管理プログラム | |
EP0426595A2 (en) | Method of permitting access of shared resources using user set definition to support affinity and surrogate user relations | |
Stamm | Controlling Access | |
Schell | Evaluating security properties of computer systems | |
KR20020051131A (ko) | 신분 기반을 이용한 접근 제어 시스템의 접근 제어 방법 | |
Lloyd | The Role of Risk Analysis in the Control of Major Hazards | |
Smith | Test data analysis verification of the DASS/ARC System | |
JP2023114916A (ja) | アクセス権限制御装置、アクセス権限制御方法およびプログラム | |
JPS62231351A (ja) | フアイル保護方式 | |
Marchant et al. | Common access control terminology used in multilevel security systems | |
Amoroso | NDU (C): A Mandatory Denial of Service Model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FG2A | Definitive protection |
Ref document number: 570123 Country of ref document: ES |