GB2308688A - Controlling access to objects in an information handling system - Google Patents

Controlling access to objects in an information handling system Download PDF

Info

Publication number
GB2308688A
GB2308688A GB9624244A GB9624244A GB2308688A GB 2308688 A GB2308688 A GB 2308688A GB 9624244 A GB9624244 A GB 9624244A GB 9624244 A GB9624244 A GB 9624244A GB 2308688 A GB2308688 A GB 2308688A
Authority
GB
United Kingdom
Prior art keywords
metaclass
invoking
secure
access
class
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9624244A
Other versions
GB9624244D0 (en
GB2308688B (en
Inventor
Messaoud Benantar
Iii George Robert Blakeley
George Prentice Copeland
Anthony J Nadalin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB9624244D0 publication Critical patent/GB9624244D0/en
Publication of GB2308688A publication Critical patent/GB2308688A/en
Application granted granted Critical
Publication of GB2308688B publication Critical patent/GB2308688B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4488Object-oriented
    • G06F9/449Object-oriented method invocation or resolution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings

Description

CONTROLLING ACCESS TO OBJECTS IN AN INFORMATION HANDLING SYSTEM The present invention relates to information handling systems, methods and articles of manufacture, and more particularly to information handling systems, methods and articles of manufacture for protecting objects by access control in an object oriented system.
There is a need to protect access to objects in an object oriented system.
Traditionally, resource managers represent the control point for enabling access authorisation checking. On a request for accessing a resource in a data processing system, its resource manager takes control, and if the underlying resource is protected, the access checking process is triggered, after which the requested access is either granted or stopped from proceeding. For instance, on a file opened, resulting from a print instruction of a user's program, the file system invokes an authorisation checking routine that verifies that the user has the right for writing into the corresponding file.
In object oriented systems, with resources being object instances, there is no such traditional concept of resource managers that would take control on every attempt to invoke a method, or send a message, to a protected object.
The problem, as it relates to a certain class of object oriented systems, is finding a way of automatically triggering access checking on a method invocation on a protected object. It is required that any solution be safe from client tampering, that is, the client should not be able to effect or disrupt automatic triggering of authorisation checking.
In the prior art there are many techniques for improving object oriented programming systems (OOPS).
The following are examples of the prior art.
U.S. Patent 4,525,780 teaches a data processing system having a memory organised into objects, where the system uses a protection technique to prevent unauthorised access to objects by users which are identified by a subject number identifying the user, a process for executing a user's procedure and the type of system operation to be performed by the user's procedure. An access control list is maintained to control access to objects based on subject identifier.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,136,712 teaches an object based operating system for a multitasking computer system including means for making an object private to a process. Access to a private object is controlled by an access control list.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,265,221 teaches an access control mechanism for granting, revoking, and denying authorisation to objects using a system of verbs, parameters, attributes and functions.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,297,283 and US Patent 5,321,841 appear to teach the same system as US Patent 5,136,712 discussed above.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,093,914 generally teaches a method used by a digital computer in controlling execution of an object oriented program to effect a defined action, for example, stopping the program when a specified virtual function is invoked on a specified object during execution of the program.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
U.S. Patent 5,343,554 teaches a computing system in which problems are solved by a process which includes creating objects of first and second classes wherein the second class objects are externally invocable and where the externally invocable sub-class objects include an indication of an internally invocable sub-class object and executing the class of objects wherein one externally invocable subobject invokes the internally invocable sub-object and a new object of the first class is generated in response to the results.
Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.
An overall goal in object oriented programming systems is the development of program objects which can be reused easily.
The importance of binary code over source code increases with the degree of reuse. A main purpose of object oriented technology is code reuse. For object oriented technology to achieve large scale success, binary code reuse is essential. As the state of the art moves towards applications built from object formats which can be tailored and plugged into each other, binary code is critical.
The Object Management Group is defining a set of interfaces for object system services named Common Object Services.
It is an object of the present invention to protect objects in an object oriented system by controlling access to objects.
According to the first aspect of the present invention, there is provided a method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of defining a secure metaclass; invoking a first class as a metaclass of the secure metaclass; and controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
According to the second aspect of the present invention, there is provided a computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
According to the third aspect of the present invention, there is provided an information handling system, employing oriented technology, for controlling access to objects comprising one or more processors; a memory system; one or more I/O controllers each controlling one or more I/O devices; a bus connecting the processors, the memory system and the I/O controllers; an operating system controlling operation of the processors, the memory system and the I/O controllers; means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.
It is an advantage of the present invention that object security can be readily achieved by creation of a secure metaclass which performs authorisation checking prior to method dispatch.
The invention will now be described, by way of example, with reference to the accompanying drawings, in which: Figure 1 is a block diagram of a system for executing the method according to the present invention.
Figure 2 is a block diagram showing the operating system platform and system object model program supporting the present invention.
Figure 3 is an object diagram of the preferred embodiment of the present invention.
Referring now to Figures 1 and 2, an information handling system 10 and an operating system environment for the present invention will be described.
Information handling system 10 may be a graphics work station or the like with a very powerful processor 12, a storage system 14, a system bus 16, display sub-system 18 controlling a display device 20, a cursor control device 22, and an I/O controller 24, all connected by system bus 16.
The information handling system 10, shown in Figure 1 may be operated by a commercially available well known multitasking operating system such as OS/26 (OS/2 is a registered trademark of International Business Machines Corporation).
Among many tasks which the OS/2 operating system 26 controls on operating information handling system 10, is execution of a program SOMObjects 28, which is a commercially available product of International Business Machines Corporation.
The method and article of manufacture of the present invention may be incorporated in the SOMObjects program. As used herein, SOM means system object model.
An important aspect of any object oriented system is making the object secure, so that object/method granularity access control can be enforced. This involves checking access control in a before method.
The present invention may be efficiently embodied in Distributed SOM (DSOM) (across address space ORB) and Security SOM (SSOM).
The way the user specifies security is to specify the following constraints when searching for a class object: name: secure value: A boolean indicating whether the object is protected by access control checking.
name: ACL value: If secure==TRUE, an access control list.
When granularity is per method, enforcement can be done either per method invocation or when a reference is first obtained (the capability approach). The present invention provides enforcement on method invocation.
A class is also an object whose class is a metaclass.
A class object, then, being an instance of its metaclass, responds to the methods that its metaclass defines. A metaclass, like any other class, can be subclassed and its methods be overridden. All metaclasses are ultimately derived from the root metaclass.
Referring now to the object diagram of Figure 3, the preferred embodiment of the present invention will be described. One run time metaclass is a BeforeAfter metaclass. When a class is created from the BeforeAfter metaclass 32, two methods are transparently executed on every invocation of method M on an object of class C. One method executes before the method is invoked, the Before method and the other method, the After method, executes following the execution of method M. The Before method and the After method are defined by the BeforeAfter metaclass 32. These two methods can be overridden in a metaclass 34 derived from the BeforeAfter metaclass to allow for a special function to be performed.
On invocation, the Before method returns a boolean value (1 or 0). If this value is TRUE (1), then normal processing occurs, that is, the execution of the primary method M, followed by the execution of the After method. If the boolean value is not TRUE (0), neither the primary method M nor the After method are executed. Thus, the BeforeAfter metaclass 32 is the key to controlling method execution on protected objects 36, 38.
A secure metaclass 34 (M~Secure) is defined to be a subclass of BeforeAfter metaclass 32. In M~Secure, the Before method of metaclass 32 is overridden to perform authorisation checking prior to dispatch of the Before method from metaclass 32. A protected class 36, 38 is a class whose metaclass is M~Secure 34. M Secure overrides BeforeMethod to perform the following function: BeforeMethod(M secure Self, Environment *ev, Object object, ID primaryMethod, via list ap) retrieve privileges or capabilities of calling principal; retrieve the authorisation attributes of object and MethodId; return access allowed(..., principal~security~attributes, primaryMethod security attributes, object~security~attributes) The boolean value returned by BeforeMethod corresponds to the access decision made in access~allowed of the runtime security component of DSOM. Thus, the primary method is executed only when the access checking method allows for it.
Note that the solution cannot be tampered with by the client application as the access decision is performed on the server side during the attempt to dispatch the method.

Claims (10)

1. A method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of: defining a secure metaclass (34); invoking a first class (32) as a metaclass of the secure metaclass (34); and controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
2. A method according to claim 1, wherein the step of controlling access further comprises the steps of: overriding dispatch of any method invoked by the invoking step; and checking authorisation for access to an object in a protected class (36,38) prior to method dispatching.
3. A method according to claim 2, wherein the step of controlling access further comprises the step of: dispatching an invoked method if the checking authorisation step indicates authorised access to a protected class (36,38).
4. A method according to claim 1, 2 or 3, wherein the invoking step further comprises the steps of: invoking a before method on the secure metaclass (34); testing a value returned by the before method; if the value returned is true, proceeding with normal processing; and if the value returned is not true, inhibiting further processing.
5. A computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising: means for defining a secure metaclass (34); means for invoking a first class as a metaclass (32) of the secure metaclass (34); and means for controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
6. A computer readable medium, according to claim 5, wherein said means for controlling access further comprises: means for overriding dispatch of any method invoked by the invoking means; and means for checking authorisation for access to an object in a protected class (36,38) prior to method dispatching.
7. A computer readable medium, according to claim 6, wherein said means for controlling access further comprises: means for dispatching an invoked method if the checking authorisation means indicates authorised access to a protected class (36,38).
8. A computer readable medium, according to claim 5, 6 o 7, wherein said means for invoking further comprises: means for invoking a before method on the secure metaclass (34); means for testing a value returned by the before method; means for proceeding with normal processing if the value returned is true; and means for inhibiting further processing if the value returned is not true.
9. An information handling system, employing oriented technology, for controlling access to objects comprising: one or more processors (12); a memory system (14); one or more I/O controllers (24) each controlling one or more I/O devices (18,20,22); a bus (16) connecting the processors (12), the memory system (14) and the I/O controllers (24); an operating system (26) controlling operation of the processors (12), the memory system (14) and the I/O controllers (24); means for defining a secure metaclass (34); means for invoking a first class (32) as a metaclass of the secure metaclass (34); and means for controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
10. An information handling system, according to claim 9, wherein said means for controlling access further comprises: means for overriding dispatch of any method invoked by the invoking means; means for checking authorisation for access to an object in a protected class (36,38) prior to method dispatching; and means for dispatching an invoked method if the checking authorisation means indicates authorised access to a protected class (36,38).
GB9624244A 1995-12-29 1996-11-21 Controlling access to objects in an information handling system Expired - Fee Related GB2308688B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US58010895A 1995-12-29 1995-12-29

Publications (3)

Publication Number Publication Date
GB9624244D0 GB9624244D0 (en) 1997-01-08
GB2308688A true GB2308688A (en) 1997-07-02
GB2308688B GB2308688B (en) 1999-11-10

Family

ID=24319747

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9624244A Expired - Fee Related GB2308688B (en) 1995-12-29 1996-11-21 Controlling access to objects in an information handling system

Country Status (4)

Country Link
JP (1) JPH09212366A (en)
CN (1) CN1100299C (en)
GB (1) GB2308688B (en)
MY (1) MY121581A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999030218A1 (en) * 1997-12-11 1999-06-17 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6044467A (en) * 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6192476B1 (en) 1997-12-11 2001-02-20 Sun Microsystems, Inc. Controlling access to a resource
EP1589419A1 (en) * 2004-04-19 2005-10-26 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computer environment
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000172653A (en) * 1998-12-03 2000-06-23 Oki Electric Ind Co Ltd Distributed system
CN102004528A (en) * 2010-11-10 2011-04-06 吴晓栋 Design idea of new generation of computer system and implementation method thereof

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999030218A1 (en) * 1997-12-11 1999-06-17 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6044467A (en) * 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6047377A (en) * 1997-12-11 2000-04-04 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6192476B1 (en) 1997-12-11 2001-02-20 Sun Microsystems, Inc. Controlling access to a resource
US7552466B2 (en) 2001-03-28 2009-06-23 Geotrust, Inc. Web site identity assurance
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7120929B2 (en) 2001-10-12 2006-10-10 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7562212B2 (en) 2001-10-12 2009-07-14 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US8028162B2 (en) 2001-10-12 2011-09-27 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
EP1589419A1 (en) * 2004-04-19 2005-10-26 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computer environment
US7668862B2 (en) 2004-04-19 2010-02-23 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computing environment
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Also Published As

Publication number Publication date
GB9624244D0 (en) 1997-01-08
CN1100299C (en) 2003-01-29
GB2308688B (en) 1999-11-10
JPH09212366A (en) 1997-08-15
CN1157962A (en) 1997-08-27
MY121581A (en) 2006-02-28

Similar Documents

Publication Publication Date Title
US5765153A (en) Information handling system, method, and article of manufacture including object system authorization and registration
US4918653A (en) Trusted path mechanism for an operating system
US6014666A (en) Declarative and programmatic access control of component-based server applications using roles
US5832483A (en) Distributed control interface for managing the interoperability and concurrency of agents and resources in a real-time environment
EP1155366B2 (en) Techniques for permitting access across a context barrier on a small footprint device using an entry point object
US6093215A (en) Method and apparatus for building templates in a component system
US5504814A (en) Efficient security kernel for the 80960 extended architecture
Karger Limiting the damage potential of discretionary Trojan horses
US7076784B1 (en) Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment
US5978579A (en) Architecture for customizable component system
US6195794B1 (en) Method and apparatus for distributing templates in a component system
US5321841A (en) System for determining the rights of object access for a server process by combining them with the rights of the client process
US5297283A (en) Object transferring system and method in an object based computer operating system
US6182279B1 (en) Method and apparatus for storing templates in a component system
US5970252A (en) Method and apparatus for loading components in a component system
US6029206A (en) Object-oriented method routing mechanism for automatically performing supervisory functions during method calls
EP0945797A2 (en) Method and apparatus for object-oriented interrupt system
EP0326700A2 (en) A trusted path mechanism for virtual terminal environments
US6253251B1 (en) Information handling system, method, and article of manufacture including integration of object security service authorization with a distributed computing environment
CA2171684A1 (en) Methods and apparatus for managing objects and processes in a distributed object operating environment
EP1155365B1 (en) Techniques for implementing security on a small footprint device using a context barrier
EP1163579B1 (en) Techniques for permitting access across a context barrier on a small footprint device using run time environment privileges
US5802276A (en) Information handling system, method, and article of manufacture including a vault object for encapsulation of object security credentials
GB2308688A (en) Controlling access to objects in an information handling system
EP0784264B1 (en) A computer-implemented process for determining a minimum code set for an executable application in a data processing system

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20071121