EP1057110A2 - Stapelbasierte sicherheitsanforderungen - Google Patents

Stapelbasierte sicherheitsanforderungen

Info

Publication number
EP1057110A2
EP1057110A2 EP99907134A EP99907134A EP1057110A2 EP 1057110 A2 EP1057110 A2 EP 1057110A2 EP 99907134 A EP99907134 A EP 99907134A EP 99907134 A EP99907134 A EP 99907134A EP 1057110 A2 EP1057110 A2 EP 1057110A2
Authority
EP
European Patent Office
Prior art keywords
security requirements
action
methods
caller
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99907134A
Other languages
English (en)
French (fr)
Inventor
Robert Scheifler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Microsystems Inc
Original Assignee
Sun Microsystems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/044,944 external-priority patent/US6226746B1/en
Application filed by Sun Microsystems Inc filed Critical Sun Microsystems Inc
Publication of EP1057110A2 publication Critical patent/EP1057110A2/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/42Loop networks
    • H04L12/427Loop networks with decentralised control
    • H04L12/433Loop networks with decentralised control with asynchronous transmission, e.g. token ring, register insertion
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]

Definitions

  • the present invention is directed to security measures in a computer system and, more particularly, to systems and methods that combine security requirements of methods in a calling hierarchy of a thread executing on a computer.
  • Distributed systems usually contain a number of different computers interconnected by communications networks. Oftentimes, a client-server relationship is established between communicating computers. Typically, a "client” is defined as a process making a call to request resources located or controlled by a "server” process. In this context, the computers executing the requesting process and the server process may also be referred to as a client and server, respectively. However, these roles may change depending on the context of information and particular processing taking place.
  • RPC Remote Procedure Call
  • the RPC is a mechanism that provides synchronized communication between two processes operating on the same or different computers.
  • the RPC mechanism is usually implemented in two parts: one part on the client side and the other part on the server side.
  • Security is an issue that always arises when client and server computers communicate. A breach in security can severely hamper the operation of both the client's and server's computers. Thus, organizations that use computer systems are vulnerable to persons who may intentionally or unintentionally cause the computer systems to malfunction or who may steal the organizations' confidential information.
  • System operators typically address three types of security issues: (1) preventing interception and alteration of messages; (2) controlling access to a server; and (3) authenticating a server by a client.
  • System operators have conventionally addressed these issues in object-oriented programming environments by defining a security class that provides methods for setting communication requirements.
  • One such object-oriented programming environment is Sun Microsystems TM JavaTM object- oriented programming environment described in Jaworski, Java 1.1 Developer's Guide. Sams.net , 1997, which is hereby incorporated by reference.
  • the security class includes five communication requirements: CONFIDENTIALITY, INTEGRITY, ANONYMITY, AUTHENTICATE_SERVER, and NO_DELEGATION. CONFIDENTIALITY ensures that message contents are private.
  • ANONYMITY represents the client desiring to remain anonymous. In other words, the client does not want to be authenticated by the server.
  • AUTHENTICATE_SERVER represents the client needing to authenticate the server before invoking a remote method. Through this communication requirement, the client ensures that it is communicating with the correct server. NO_DELEGATION refers to the server not being permitted to delegate under the client's identity in calls that it makes. In other words, the server is not authorized to make calls to other computer systems pretending to be the client.
  • the security class is represented by a single bit for each communication requirement.
  • the client designates that confidentiality will be ensured, that integrity will be ensured, that the client will remain anonymous, that the server will be authenticated, and that delegation will not be permitted, respectively.
  • a client indicates the security class preferences on a global context or on a per-reference basis.
  • the client usually has a reference to the server.
  • This "server reference” typically contains network information, such as the network address of the server's host; protocol information, such as to which port on the host should a connection be made; and an object identifier that identifies the server object that will be the subject of the call. Therefore, "per-reference" means that communication requirements are set on an instance of a server reference and, thus, are used by any calls made with that server reference.
  • those communication requirements may be overridden by a later method, either by the later method overwriting the global context or by setting communication requirements on a per-reference basis. Even if the client sets communication requirements on a per-reference basis during execution of one method, those communication requirements may be overridden by a later method, by the later method overwriting the communication requirements on that same server reference. For example, suppose that a client invokes a first method that in turn invokes a second method, passing to the second method a server reference. Suppose that the second method performs a function X on a remote server using that server reference.
  • the first method has confidential and integrity communication requirements, and sets those requirements either on a global context or on the server reference prior to passing the reference to the second method.
  • the second method overwrites the communication requirements on the reference passed to it, replacing them with a communication requirement for only authenticating the server.
  • the communication requirements of the second method override the communication requirements of the first method, so the call to the server will only authenticate the server.
  • the conventional security class preference designation fails to ensure that the individual commumcation requirements of the methods included in a calling hierarchy will be followed. Accordingly, it is desirable to improve security requirement designation in communication systems.
  • a system consistent with the principles of the present invention obtains the security requirements for an action requested by a thread executing on a computer.
  • the thread invokes a plurality of methods during its execution.
  • the system includes a call stack and a determination unit.
  • the call stack stores an identifier and security requirements for each of the methods in the order that the methods were invoked by the thread.
  • the determination unit combines the method security requirements from the call stack to obtain the security requirements for the requested action.
  • Fig. 1 is a diagram of a computer network consistent with the principles of the present invention
  • Fig. 2 is a diagram of a computer of Fig. 1 in an implementation consistent with the principles of the present invention
  • Fig. 3 is a diagram of a call stack associated with a thread on the computer of Fig.2;
  • Fig. 4 is a flowchart of processing performed by the collect security requirements method of Fig. 3 in an implementation consistent with the principles of the present invention.
  • Fig. 5 is a flowchart of alternative implementations consistent with the present invention for determining the security requirements associated with an action.
  • Systems and methods consistent with the principles of the present invention combine the communication requirements of each routine (i.e., function, method) of a thread requesting an action to access a resource.
  • a request for the action is detected, a determination is made of the communication requirements for the action based on the commumcation requirements associated with routines in a calling hierarchy associated with the thread.
  • a calling hierarchy indicates the routines that have been invoked by or on behalf of a thread but have not been exited.
  • the exemplary distributed system (1) allows users of the system to share services and resources over a network of many devices; (2) provides programmers with tools and programming patterns that allow development of robust, secured distributed systems; and (3) simplifies the task of administering the distributed system.
  • the exemplary distributed system utilizes the JavaTM programming environment to allow both code and data to be moved from device to device in a seamless manner. Accordingly, the exemplary distributed system is layered on top of the Java programming environment and exploits the characteristics of this environment, including the security offered by it and the strong typing provided by it.
  • the Java programming environment is more clearly described in Jaworski, Java 1.1 Developer's Guide. Sams.net, 1997.
  • the exemplary distributed system provides the simplicity of access and the power of sharing that can be provided by a single system without giving up the flexibility and personalized response of a personal computer or workstation.
  • the exemplary distributed system may contain thousands of devices operated by users who are geographically disperse, but who agree on basic notions of trust, administration, and policy.
  • a "service” refers to a resource, data, or functionality that can be accessed by a user, program, device, or another service and that can be computational, storage related, communication related, or related to providing access to another user.
  • Examples of services provided as part of a Djinn include devices, such as printers, displays, and disks; software, such as applications or utilities; information, such as databases and files; and users of the system.
  • Both users and devices may join a Djinn.
  • the user or device When joining a Djinn, the user or device adds zero or more services to the Djinn and may access, subject to security constraints, any one of the services it contains.
  • devices and users federate into a Djinn to share access to its services.
  • the services of the Djinn appear programmatically as objects of the Java programming environment, which may include other objects, software components written in different programming languages, or hardware devices.
  • a service has an interface defining the operations that can be requested of that service, and the type of the service determines the interfaces that make up that service.
  • Fig. 1 depicts the exemplary distributed system 1000 containing a computer 1100, a computer 1200, and a device 1300 interconnected by a network 1400.
  • the computers 1100 and 1200 may include any conventional computers, such as IBM- compatible computers, or even "dumb" terminals. During typical operation, computers 1100 and 1200 may establish a client-server relationship to transmit and retrieve data.
  • the device 1300 may be any of a number of devices, such as a printer, fax machine, storage device, computer, or other devices.
  • the network 1400 may be a local area network, wide area network, or the Internet. Although only two computers and one device are depicted as comprising the exemplary distributed system 1000, one skilled in the art will appreciate that the exemplary distributed system 1000 may include additional computers or devices.
  • Fig. 2 depicts the computer 1100 in greater detail to show a number of the software components of the exemplary distributed system 1000.
  • Computer 1100 includes a memory 2100, a secondary storage device 2200, a central processing unit (CPU) 2300, an input device 2400, and a video display 2500.
  • the memory 2100 includes a lookup service 2110, a discovery server 2120, and a JavaTM runtime system 2130.
  • the Java runtime system 2130 includes the JavaTM remote method invocation system (RMI) 2140 and a JavaTM virtual machine (JVM) 2150.
  • the secondary storage device 2200 includes a JavaTM space 2210.
  • the Java runtime system 2130 includes the JavaTM application programming interface (API), allowing programs runmng on top of the Java runtime system to access, in a platform-independent manner, various system functions, including windowing capabilities and networking capabilities of the host operating system. Since the Java API provides a single common API across all operating systems to which the Java runtime system 2130 is ported, the programs running on top of a Java runtime system run in a platform-independent manner, regardless of the operating system or hardware configuration of the host platform.
  • the Java runtime system 2130 is provided as part of the JavaTM software development kit available from Sun Microsystems of Mountain View, California.
  • the JVM 2150 also facilitates platform independence.
  • the JVM 2150 acts like an abstract computing machine, receiving instructions from programs in the form of byte codes and interpreting these byte codes by dynamically converting them into a form for execution, such as object code, and executing them.
  • RMI 2140 facilitates remote method invocation by allowing objects executing on one computer or device to invoke methods of an object on another computer or device.
  • the RMI may be located within the JVM, and both the RMI and the JVM are provided as part of the Java software development kit.
  • the lookup service 2110 defines the services that are available for a particular Djinn. That is, there may be more than one Djinn and, consequently, more than one lookup service within the exemplary distributed system 1000.
  • the lookup service 2110 contains one object for each service within the Djinn, and each object contains various methods that facilitate access to the corresponding service.
  • the lookup service 2110 and its access are described in greater detail in co-pending U.S. Patent Application No. 09/044,826, entitled "Method and System for Facilitating Access to a Lookup Service," which has previously been incorporated by reference.
  • the discovery server 2120 detects when a new device is added to the exemplary distributed system 1000 during a process known as boot and join or discovery, and when such a new device is detected, the discovery server passes a reference to the lookup service 2110 to the new device, so that the new device may register its services with the lookup service and become a member of the Djinn. After registration, the new device becomes a member of the Djinn, and as a result, it may access all the services contained in the lookup service 2110.
  • the process of boot and join is described in greater detail in co-pending U.S. Patent Application No. 09/044,939, entitled "Apparatus and Method for providing Downloadable Code for Use in Communicating with a Device in a Distributed System," which has previously been incorporated by reference.
  • the Java space 2210 is an object repository used by programs within the exemplary distributed system 1000 to store objects. Programs use the Java space 2210 to store objects persistently as well as to make them accessible to other devices within the exemplary distributed system. Java spaces are described in greater detail in co-pending U.S. Patent Application No. 08/971 ,529, entitled "Database System
  • the exemplary distributed system 1000 may contain many lookup services, discovery servers, and Java spaces.
  • a client computer such as computer 1100 executes threads (or processes) that make calls to access resources on a server, such as computer 1200 or device 1300 in Fig. 1.
  • RMI 2140 (Fig. 2) determines the communication requirements associated with a call by a thread. According to an implementation consistent with the present invention, the communication requirements vary based on what routine (e.g. , method, function) the thread is currently executing and which routine invoked the routine that is currently executing.
  • Fig. 3 illustrates an example of a call stack of a thread.
  • Reference to the exemplary call stack shall be made to explain the operation of a security mechanism that ensures that the communication requirements of the routines comprising the thread are satisfied in the call.
  • Fig. 3 is a block diagram that includes a call stack 3100 associated with a thread 3200 in which the method 3210 of an object 3310 calls the method 3220 of another object 3320 that calls the method 3230 of yet another object 3330 that calls a collect communication requirements method 3240 of a security controller object 3340.
  • Thread 3200 is a thread executing on computer 1100.
  • Call stack 3100 is a stack data structure representing a calling hierarchy of the methods invoked by thread
  • call stack 3100 contains a frame for each execution of a method by the thread that has not yet completed.
  • Each frame 3110-3140 corresponds to the method that has been called but not yet completed by thread 3200.
  • the 3100 reflect the invocation order of the methods that correspond to the frames.
  • the frame that corresponds to the method is removed from the top of the call stack 3100.
  • a frame corresponding to the method is added to the top of the call stack 3100.
  • Each frame contains information about the method and the object that correspond to the frame. From this information, the class of the method can be determined by invoking a "get class" method provided for every object by JVM 2150.
  • the information contained in the frame also includes the communication requirements for the corresponding method.
  • call stack 3100 represents the calling hierarchy of methods as shown in Fig. 3.
  • Frame 3140 corresponds to method 3240, frame 3130 to method 3230, frame 3120 to method 3220, and frame 3110 to method 3210.
  • thread 3200 completes method 3240, frame 3140 is removed from the call stack 3100.
  • Each method on the call stack includes a set of commumcation requirements.
  • code example illustrates one technique for setting the commumcation requirements for a method.
  • code example may resemble the Java programming language by Sun Microsystems, Inc., the example is for illustrative purposes only and is not meant to be representative of an actual code implementation. try ⁇
  • security controller object 3340 determines the communication requirements associated with a particular action requested by thread 3200. Specifically, before performing an action, such as a call to a server, RMI 2140 invokes the collect security requirements method 3240 of security controller object 3340. The collect security requirements method 3240 combines the communication requirements associated with each of the frames on the call stack 3100. Method 3240 combines the communication requirements to obtain the strictest requirements for the requested action. Method 3240 may perform the combining operation in any conventional manner.
  • method 3240 will designate for the action confidentiality, integrity, or authenticate server, respectively. If a method requests anonymity, method 3240 will designate anonymity for the action over any indication of no anonymity. If a method refuses to permit delegation, method 3240 will designate no delegation for the action over any authorization to delegate.
  • DETERMINING SECURITY REQUIREMENTS FOR AN ACTION Fig. 4 is a flowchart of processing performed by the collect security requirements method 3240. Assume that thread 3200 is executing method 3230 when thread 3200 requests an action. Assume further that thread 3200 has invoked method 3210, method 3220, and method 3230 and has not completed them when thread 3200 invoked method 3240. The commumcation requirements associated with thread 3200 when the request for the action is made are stored in frames 3110-3130.
  • Method 3240 first identifies the methods, methods 3210-3230, having frames located on the call stack 3100 [step 4110]. Method 3240 examines the frames 3110- 3130 associated with methods 3210-3230, respectively, to determine the communication requirements requested by each of the methods [step 4120]. The security requirements for the action are determined by combining the commumcation requirements of the methods [step 4130]. When method 3240 combines the communication requirements, it overrides the weaker requirements with the stronger requirements, as described above. RMI 2140 performs the action adhering to the security requirements determined by method 3240.
  • RMI 2140 obtains the security requirements of the server.
  • RMI 2140 usually obtains the server's security requirements from a local copy of the server's security class library, containing the requirements.
  • RMI 2140 uses the server's security requirements to determine whether the remote method supports the security requirements determined by method 3240. If the remote method does not support the security requirements, RMI 2140 notifies thread 3200 of this fact. RMI 2140 may do this by throwing an Exception.
  • RMI 2140 determines what communication protocols are available, and selects one that satisfies a minimum of the combination of the security requirements determined by method 3240 and the server's security requirements. When RMI 2140 finds a communication protocol, RMI 2140 negotiates with the server to use the protocol for the call, and then initiates use of the protocol to perform the call.
  • FIG. 5 is a flowchart of alternative implementations consistent with the present invention for determining the security requirements associated with an action.
  • the communication requirements of the methods having frames on the call stack are combined in the manner described above with reference to Fig. 4 [step 5110].
  • the communication requirements of the methods with frames on the call stack are combined with the communication requirements set on a global context to obtain a combined set of communication requirements for the action [step 5120].
  • stronger communication requirements override weaker ones.
  • the communication requirements of the methods with frames on the call stack are combined with the communication requirements of the server that will perform the action to obtain the communication requirements for the action [step 5130]. Again, when combining commumcation requirements, stronger communication requirements override weaker ones.
  • the combined set of communication requirements i.e., the communication requirements of the methods with frames on the call stack and the communication requirements set on a global context
  • the communication requirements of the server is combined with the communication requirements of the server that will perform the action to obtain the communication requirements for the action [step 5130]. Again, when combining communication requirements, stronger communication requirements override weaker ones.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
  • Multi Processors (AREA)
  • Computer And Data Communications (AREA)
EP99907134A 1998-02-26 1999-02-18 Stapelbasierte sicherheitsanforderungen Withdrawn EP1057110A2 (de)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US7604898P 1998-02-26 1998-02-26
US76048P 1998-02-26
US09/044,944 US6226746B1 (en) 1998-03-20 1998-03-20 Stack-based system and method to combine security requirements of methods
US44944 1998-03-20
PCT/US1999/003519 WO1999044138A2 (en) 1998-02-26 1999-02-18 Stack-based security requirements

Publications (1)

Publication Number Publication Date
EP1057110A2 true EP1057110A2 (de) 2000-12-06

Family

ID=26722193

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99907134A Withdrawn EP1057110A2 (de) 1998-02-26 1999-02-18 Stapelbasierte sicherheitsanforderungen

Country Status (6)

Country Link
EP (1) EP1057110A2 (de)
JP (1) JP2002505477A (de)
KR (1) KR20010040981A (de)
CN (1) CN1298511A (de)
AU (1) AU2686699A (de)
WO (1) WO1999044138A2 (de)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100560166B1 (ko) * 2001-12-05 2006-03-13 한국전자통신연구원 실시간 버퍼 오버플로우 해킹 탐지 방법
JP4062441B2 (ja) 2003-07-18 2008-03-19 日本電気株式会社 並列処理システム及び並列処理プログラム
US7284107B2 (en) * 2004-04-30 2007-10-16 Microsoft Corporation Special-use heaps
JP4844102B2 (ja) * 2005-11-30 2011-12-28 富士ゼロックス株式会社 サブプログラム及びそのサブプログラムを実行する情報処理装置
KR100949949B1 (ko) * 2008-02-28 2010-03-30 주식회사 안철수연구소 콜 스택을 이용한 디버깅 방지 방법 및 장치
US10229280B2 (en) * 2011-06-14 2019-03-12 International Business Machines Corporation System and method to protect a resource using an active avatar

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE248402T1 (de) * 1993-07-16 2003-09-15 Siemens Ag Verfahren zur koordination von parallelen zugriffen mehrerer prozessoren auf resourcenkonfigurationen
AU3727097A (en) * 1996-07-25 1998-02-20 Tradewave Corporation Method and system for generalized protocol implementation on client/server communications connections

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9944138A2 *

Also Published As

Publication number Publication date
AU2686699A (en) 1999-09-15
JP2002505477A (ja) 2002-02-19
WO1999044138A3 (en) 1999-11-04
CN1298511A (zh) 2001-06-06
WO1999044138A2 (en) 1999-09-02
KR20010040981A (ko) 2001-05-15

Similar Documents

Publication Publication Date Title
US6226746B1 (en) Stack-based system and method to combine security requirements of methods
US6282652B1 (en) System for separately designating security requirements for methods invoked on a computer
US6934758B2 (en) Stack-based access control using code and executor identifiers
US6134603A (en) Method and system for deterministic hashes to identify remote methods
JP3853593B2 (ja) ウェブアプリケーションサーバにおいて拡張可能な認証機構を実現するための方法および装置
JP4164855B2 (ja) プラグ対応認可システムに対するサーバサポート方法およびシステム
EP0803154B1 (de) Einrichtung zur sicherheit eines hauptrechnersystems mit doppeldekor
US20040216150A1 (en) Systems and methods for providing object integrity and dynamic permission grants
US6629154B1 (en) Method and system for deterministic hashes to identify remote methods
WO1999044119A2 (en) A method and apparatus for transporting behavior in an event-based distributed system
JPH06214924A (ja) ネットワーク・システムで動作する非分散計算環境(dce)およびdceシステムを連結する関連要素機構
US6438614B2 (en) Polymorphic token based control
US7089263B2 (en) Apparatus and method for dynamically verifying information in a distributed system
EP1057110A2 (de) Stapelbasierte sicherheitsanforderungen
Gidron et al. Dynamic configuration of access control for mobile components in fargo
Karp et al. The client utility architecture: the precursor to E-speak
US8875300B1 (en) Method and apparatus for authenticating a request between tasks in an operating system
Kabat et al. Generic Security Service API Version 2: Java Bindings

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20000908

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB IE NL SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20030902