GB2308688A - Controlling access to objects in an information handling system - Google Patents
Controlling access to objects in an information handling system Download PDFInfo
- Publication number
- GB2308688A GB2308688A GB9624244A GB9624244A GB2308688A GB 2308688 A GB2308688 A GB 2308688A GB 9624244 A GB9624244 A GB 9624244A GB 9624244 A GB9624244 A GB 9624244A GB 2308688 A GB2308688 A GB 2308688A
- Authority
- GB
- United Kingdom
- Prior art keywords
- metaclass
- invoking
- secure
- access
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4488—Object-oriented
- G06F9/449—Object-oriented method invocation or resolution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
Description
CONTROLLING ACCESS TO OBJECTS IN AN
INFORMATION HANDLING SYSTEM
The present invention relates to information handling systems, methods and articles of manufacture, and more particularly to information handling systems, methods and articles of manufacture for protecting objects by access control in an object oriented system.
There is a need to protect access to objects in an object oriented system.
Traditionally, resource managers represent the control point for enabling access authorisation checking. On a request for accessing a resource in a data processing system, its resource manager takes control, and if the underlying resource is protected, the access checking process is triggered, after which the requested access is either granted or stopped from proceeding. For instance, on a file opened, resulting from a print instruction of a user's program, the file system invokes an authorisation checking routine that verifies that the user has the right for writing into the corresponding file.
In object oriented systems, with resources being object instances, there is no such traditional concept of resource managers that would take control on every attempt to invoke a method, or send a message, to a protected object.
The problem, as it relates to a certain class of object oriented systems, is finding a way of automatically triggering access checking on a method invocation on a protected object. It is required that any solution be safe from client tampering, that is, the client should not be able to effect or disrupt automatic triggering of authorisation checking.
In the prior art there are many techniques for improving object oriented programming systems (OOPS).
The following are examples of the prior art.
U.S. Patent 4,525,780 teaches a data processing system having a memory organised into objects, where the system uses a protection technique to prevent unauthorised access to objects by users which are identified by a subject number identifying the user, a process for executing a user's procedure and the type of system operation to be performed by the user's procedure. An access control list is maintained to control access to objects based on subject identifier.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,136,712 teaches an object based operating system for a multitasking computer system including means for making an object private to a process. Access to a private object is controlled by an access control list.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,265,221 teaches an access control mechanism for granting, revoking, and denying authorisation to objects using a system of verbs, parameters, attributes and functions.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,297,283 and US Patent 5,321,841 appear to teach the same system as US Patent 5,136,712 discussed above.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,093,914 generally teaches a method used by a digital computer in controlling execution of an object oriented program to effect a defined action, for example, stopping the program when a specified virtual function is invoked on a specified object during execution of the program.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,343,554 teaches a computing system in which problems are solved by a process which includes creating objects of first and second classes wherein the second class objects are externally invocable and where the externally invocable sub-class objects include an indication of an internally invocable sub-class object and executing the class of objects wherein one externally invocable subobject invokes the internally invocable sub-object and a new object of the first class is generated in response to the results.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
An overall goal in object oriented programming systems is the development of program objects which can be reused easily.
The importance of binary code over source code increases with the degree of reuse. A main purpose of object oriented technology is code reuse. For object oriented technology to achieve large scale success, binary code reuse is essential. As the state of the art moves towards applications built from object formats which can be tailored and plugged into each other, binary code is critical.
The Object Management Group is defining a set of interfaces for object system services named Common Object
Services.
It is an object of the present invention to protect objects in an object oriented system by controlling access to objects.
According to the first aspect of the present invention, there is provided a method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of defining a secure metaclass; invoking a first class as a metaclass of the secure metaclass; and controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
According to the second aspect of the present invention, there is provided a computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
According to the third aspect of the present invention, there is provided an information handling system, employing oriented technology, for controlling access to objects comprising one or more processors; a memory system; one or more I/O controllers each controlling one or more I/O devices; a bus connecting the processors, the memory system and the I/O controllers; an operating system controlling operation of the processors, the memory system and the I/O controllers; means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
It is an advantage of the present invention that object security can be readily achieved by creation of a secure metaclass which performs authorisation checking prior to method dispatch.
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a block diagram of a system for executing
the method according to the present invention.
Figure 2 is a block diagram showing the operating
system platform and system object model program supporting
the present invention.
Figure 3 is an object diagram of the preferred
embodiment of the present invention.
Referring now to Figures 1 and 2, an information handling system 10 and an operating system environment for the present invention will be described.
Information handling system 10 may be a graphics work station or the like with a very powerful processor 12, a storage system 14, a system bus 16, display sub-system 18 controlling a display device 20, a cursor control device 22, and an I/O controller 24, all connected by system bus 16.
The information handling system 10, shown in Figure 1 may be operated by a commercially available well known multitasking operating system such as OS/26 (OS/2 is a registered trademark of International Business Machines Corporation).
Among many tasks which the OS/2 operating system 26 controls on operating information handling system 10, is execution of a program SOMObjects 28, which is a commercially available product of International Business Machines Corporation.
The method and article of manufacture of the present invention may be incorporated in the SOMObjects program. As used herein, SOM means system object model.
An important aspect of any object oriented system is making the object secure, so that object/method granularity access control can be enforced. This involves checking access control in a before method.
The present invention may be efficiently embodied in
Distributed SOM (DSOM) (across address space ORB) and
Security SOM (SSOM).
The way the user specifies security is to specify the following constraints when searching for a class object:
name: secure
value: A boolean indicating whether the object is
protected by access control checking.
name: ACL
value: If secure==TRUE, an access control list.
When granularity is per method, enforcement can be done either per method invocation or when a reference is first obtained (the capability approach). The present invention provides enforcement on method invocation.
A class is also an object whose class is a metaclass.
A class object, then, being an instance of its metaclass, responds to the methods that its metaclass defines. A metaclass, like any other class, can be subclassed and its methods be overridden. All metaclasses are ultimately derived from the root metaclass.
Referring now to the object diagram of Figure 3, the preferred embodiment of the present invention will be described. One run time metaclass is a BeforeAfter metaclass. When a class is created from the BeforeAfter metaclass 32, two methods are transparently executed on every invocation of method M on an object of class C. One method executes before the method is invoked, the Before method and the other method, the After method, executes following the execution of method M. The Before method and the After method are defined by the BeforeAfter metaclass 32. These two methods can be overridden in a metaclass 34 derived from the BeforeAfter metaclass to allow for a special function to be performed.
On invocation, the Before method returns a boolean value (1 or 0). If this value is TRUE (1), then normal processing occurs, that is, the execution of the primary method M, followed by the execution of the After method. If the boolean value is not TRUE (0), neither the primary method M nor the After method are executed. Thus, the
BeforeAfter metaclass 32 is the key to controlling method execution on protected objects 36, 38.
A secure metaclass 34 (M~Secure) is defined to be a subclass of BeforeAfter metaclass 32. In M~Secure, the
Before method of metaclass 32 is overridden to perform authorisation checking prior to dispatch of the Before method from metaclass 32. A protected class 36, 38 is a class whose metaclass is M~Secure 34. M Secure overrides
BeforeMethod to perform the following function: BeforeMethod(M secure Self,
Environment *ev,
Object object,
ID primaryMethod, via list ap) retrieve privileges or capabilities of calling principal; retrieve the authorisation attributes of object and
MethodId;
return access allowed(..., principal~security~attributes, primaryMethod security attributes, object~security~attributes)
The boolean value returned by BeforeMethod corresponds to the access decision made in access~allowed of the runtime security component of DSOM. Thus, the primary method is executed only when the access checking method allows for it.
Note that the solution cannot be tampered with by the client application as the access decision is performed on the server side during the attempt to dispatch the method.
Claims (10)
1. A method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of:
defining a secure metaclass (34);
invoking a first class (32) as a metaclass of the
secure metaclass (34); and
controlling access to one or more protected classes
(36,38) which are subclasses of the secure metaclass (34)
in response to values returned on invoking the first class
(32).
2. A method according to claim 1, wherein the step of controlling access further comprises the steps of:
overriding dispatch of any method invoked by the
invoking step; and
checking authorisation for access to an object in a
protected class (36,38) prior to method dispatching.
3. A method according to claim 2, wherein the step of controlling access further comprises the step of:
dispatching an invoked method if the checking
authorisation step indicates authorised access to a
protected class (36,38).
4. A method according to claim 1, 2 or 3, wherein the invoking step further comprises the steps of:
invoking a before method on the secure metaclass (34);
testing a value returned by the before method;
if the value returned is true, proceeding with normal
processing; and
if the value returned is not true, inhibiting further
processing.
5. A computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising:
means for defining a secure metaclass (34);
means for invoking a first class as a metaclass (32) of
the secure metaclass (34); and
means for controlling access to one or more protected
classes (36,38) which are subclasses of the secure
metaclass (34) in response to values returned on invoking
the first class (32).
6. A computer readable medium, according to claim 5, wherein said means for controlling access further comprises:
means for overriding dispatch of any method invoked by
the invoking means; and
means for checking authorisation for access to an
object in a protected class (36,38) prior to method
dispatching.
7. A computer readable medium, according to claim 6, wherein said means for controlling access further comprises:
means for dispatching an invoked method if the checking
authorisation means indicates authorised access to a
protected class (36,38).
8. A computer readable medium, according to claim 5, 6 o 7, wherein said means for invoking further comprises:
means for invoking a before method on the secure metaclass (34);
means for testing a value returned by the before method;
means for proceeding with normal processing if the
value returned is true; and
means for inhibiting further processing if the value
returned is not true.
9. An information handling system, employing oriented technology, for controlling access to objects comprising:
one or more processors (12);
a memory system (14);
one or more I/O controllers (24) each controlling one
or more I/O devices (18,20,22);
a bus (16) connecting the processors (12), the memory
system (14) and the I/O controllers (24);
an operating system (26) controlling operation of the
processors (12), the memory system (14) and the I/O
controllers (24);
means for defining a secure metaclass (34);
means for invoking a first class (32) as a metaclass of
the secure metaclass (34); and
means for controlling access to one or more protected
classes (36,38) which are subclasses of the secure
metaclass (34) in response to values returned on invoking
the first class (32).
10. An information handling system, according to claim 9, wherein said means for controlling access further comprises:
means for overriding dispatch of any method invoked by the invoking means;
means for checking authorisation for access to an object in a protected class (36,38) prior to method dispatching; and
means for dispatching an invoked method if the checking authorisation means indicates authorised access to a protected class (36,38).
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US58010895A | 1995-12-29 | 1995-12-29 |
Publications (3)
Publication Number | Publication Date |
---|---|
GB9624244D0 GB9624244D0 (en) | 1997-01-08 |
GB2308688A true GB2308688A (en) | 1997-07-02 |
GB2308688B GB2308688B (en) | 1999-11-10 |
Family
ID=24319747
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9624244A Expired - Fee Related GB2308688B (en) | 1995-12-29 | 1996-11-21 | Controlling access to objects in an information handling system |
Country Status (4)
Country | Link |
---|---|
JP (1) | JPH09212366A (en) |
CN (1) | CN1100299C (en) |
GB (1) | GB2308688B (en) |
MY (1) | MY121581A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999030218A1 (en) * | 1997-12-11 | 1999-06-17 | Sun Microsystems, Inc. | Typed, parameterized, and extensible access control permissions |
US6044467A (en) * | 1997-12-11 | 2000-03-28 | Sun Microsystems, Inc. | Secure class resolution, loading and definition |
US6125447A (en) * | 1997-12-11 | 2000-09-26 | Sun Microsystems, Inc. | Protection domains to provide security in a computer system |
US6192476B1 (en) | 1997-12-11 | 2001-02-20 | Sun Microsystems, Inc. | Controlling access to a resource |
EP1589419A1 (en) * | 2004-04-19 | 2005-10-26 | Sun Microsystems, Inc. | System and method for controlling the use of a method in an object-oriented computer environment |
US7003661B2 (en) | 2001-10-12 | 2006-02-21 | Geotrust, Inc. | Methods and systems for automated authentication, processing and issuance of digital certificates |
US7114177B2 (en) | 2001-03-28 | 2006-09-26 | Geotrust, Inc. | Web site identity assurance |
US7694135B2 (en) | 2004-07-16 | 2010-04-06 | Geotrust, Inc. | Security systems and services to provide identity and uniform resource identifier verification |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000172653A (en) * | 1998-12-03 | 2000-06-23 | Oki Electric Ind Co Ltd | Distributed system |
CN102004528A (en) * | 2010-11-10 | 2011-04-06 | 吴晓栋 | Design idea of new generation of computer system and implementation method thereof |
-
1996
- 1996-11-21 GB GB9624244A patent/GB2308688B/en not_active Expired - Fee Related
- 1996-12-13 JP JP8334154A patent/JPH09212366A/en active Pending
- 1996-12-23 CN CN96117989A patent/CN1100299C/en not_active Expired - Fee Related
- 1996-12-27 MY MYPI96005519A patent/MY121581A/en unknown
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999030218A1 (en) * | 1997-12-11 | 1999-06-17 | Sun Microsystems, Inc. | Typed, parameterized, and extensible access control permissions |
US6044467A (en) * | 1997-12-11 | 2000-03-28 | Sun Microsystems, Inc. | Secure class resolution, loading and definition |
US6047377A (en) * | 1997-12-11 | 2000-04-04 | Sun Microsystems, Inc. | Typed, parameterized, and extensible access control permissions |
US6125447A (en) * | 1997-12-11 | 2000-09-26 | Sun Microsystems, Inc. | Protection domains to provide security in a computer system |
US6192476B1 (en) | 1997-12-11 | 2001-02-20 | Sun Microsystems, Inc. | Controlling access to a resource |
US7552466B2 (en) | 2001-03-28 | 2009-06-23 | Geotrust, Inc. | Web site identity assurance |
US7114177B2 (en) | 2001-03-28 | 2006-09-26 | Geotrust, Inc. | Web site identity assurance |
US7003661B2 (en) | 2001-10-12 | 2006-02-21 | Geotrust, Inc. | Methods and systems for automated authentication, processing and issuance of digital certificates |
US7120929B2 (en) | 2001-10-12 | 2006-10-10 | Geotrust, Inc. | Methods and systems for automated authentication, processing and issuance of digital certificates |
US7562212B2 (en) | 2001-10-12 | 2009-07-14 | Geotrust, Inc. | Methods and systems for automated authentication, processing and issuance of digital certificates |
US8028162B2 (en) | 2001-10-12 | 2011-09-27 | Geotrust, Inc. | Methods and systems for automated authentication, processing and issuance of digital certificates |
EP1589419A1 (en) * | 2004-04-19 | 2005-10-26 | Sun Microsystems, Inc. | System and method for controlling the use of a method in an object-oriented computer environment |
US7668862B2 (en) | 2004-04-19 | 2010-02-23 | Sun Microsystems, Inc. | System and method for controlling the use of a method in an object-oriented computing environment |
US7694135B2 (en) | 2004-07-16 | 2010-04-06 | Geotrust, Inc. | Security systems and services to provide identity and uniform resource identifier verification |
Also Published As
Publication number | Publication date |
---|---|
GB9624244D0 (en) | 1997-01-08 |
CN1100299C (en) | 2003-01-29 |
GB2308688B (en) | 1999-11-10 |
JPH09212366A (en) | 1997-08-15 |
CN1157962A (en) | 1997-08-27 |
MY121581A (en) | 2006-02-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5765153A (en) | Information handling system, method, and article of manufacture including object system authorization and registration | |
US4918653A (en) | Trusted path mechanism for an operating system | |
US6014666A (en) | Declarative and programmatic access control of component-based server applications using roles | |
US5832483A (en) | Distributed control interface for managing the interoperability and concurrency of agents and resources in a real-time environment | |
EP1155366B2 (en) | Techniques for permitting access across a context barrier on a small footprint device using an entry point object | |
US6093215A (en) | Method and apparatus for building templates in a component system | |
US5504814A (en) | Efficient security kernel for the 80960 extended architecture | |
Karger | Limiting the damage potential of discretionary Trojan horses | |
US7076784B1 (en) | Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment | |
US5978579A (en) | Architecture for customizable component system | |
US6195794B1 (en) | Method and apparatus for distributing templates in a component system | |
US5321841A (en) | System for determining the rights of object access for a server process by combining them with the rights of the client process | |
US5297283A (en) | Object transferring system and method in an object based computer operating system | |
US6182279B1 (en) | Method and apparatus for storing templates in a component system | |
US5970252A (en) | Method and apparatus for loading components in a component system | |
US6029206A (en) | Object-oriented method routing mechanism for automatically performing supervisory functions during method calls | |
EP0945797A2 (en) | Method and apparatus for object-oriented interrupt system | |
EP0326700A2 (en) | A trusted path mechanism for virtual terminal environments | |
US6253251B1 (en) | Information handling system, method, and article of manufacture including integration of object security service authorization with a distributed computing environment | |
CA2171684A1 (en) | Methods and apparatus for managing objects and processes in a distributed object operating environment | |
EP1155365B1 (en) | Techniques for implementing security on a small footprint device using a context barrier | |
EP1163579B1 (en) | Techniques for permitting access across a context barrier on a small footprint device using run time environment privileges | |
US5802276A (en) | Information handling system, method, and article of manufacture including a vault object for encapsulation of object security credentials | |
GB2308688A (en) | Controlling access to objects in an information handling system | |
EP0784264B1 (en) | A computer-implemented process for determining a minimum code set for an executable application in a data processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20071121 |