GB2308688A - Controlling access to objects in an information handling system - Google Patents

Controlling access to objects in an information handling system Download PDF

Info

Publication number
GB2308688A
GB2308688A GB9624244A GB9624244A GB2308688A GB 2308688 A GB2308688 A GB 2308688A GB 9624244 A GB9624244 A GB 9624244A GB 9624244 A GB9624244 A GB 9624244A GB 2308688 A GB2308688 A GB 2308688A
Authority
GB
United Kingdom
Prior art keywords
means
metaclass
method
invoking
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9624244A
Other versions
GB9624244D0 (en
GB2308688B (en
Inventor
Messaoud Benantar
Iii George Robert Blakeley
George Prentice Copeland
Anthony J Nadalin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US58010895A priority Critical
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB9624244D0 publication Critical patent/GB9624244D0/en
Publication of GB2308688A publication Critical patent/GB2308688A/en
Application granted granted Critical
Publication of GB2308688B publication Critical patent/GB2308688B/en
Anticipated expiration legal-status Critical
Application status is Expired - Fee Related legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4488Object-oriented
    • G06F9/449Object-oriented method invocation or resolution
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings

Description

CONTROLLING ACCESS TO OBJECTS IN AN INFORMATION HANDLING SYSTEM The present invention relates to information handling systems, methods and articles of manufacture, and more particularly to information handling systems, methods and articles of manufacture for protecting objects by access control in an object oriented system.

There is a need to protect access to objects in an object oriented system.

Traditionally, resource managers represent the control point for enabling access authorisation checking. On a request for accessing a resource in a data processing system, its resource manager takes control, and if the underlying resource is protected, the access checking process is triggered, after which the requested access is either granted or stopped from proceeding. For instance, on a file opened, resulting from a print instruction of a user's program, the file system invokes an authorisation checking routine that verifies that the user has the right for writing into the corresponding file.

In object oriented systems, with resources being object instances, there is no such traditional concept of resource managers that would take control on every attempt to invoke a method, or send a message, to a protected object.

The problem, as it relates to a certain class of object oriented systems, is finding a way of automatically triggering access checking on a method invocation on a protected object. It is required that any solution be safe from client tampering, that is, the client should not be able to effect or disrupt automatic triggering of authorisation checking.

In the prior art there are many techniques for improving object oriented programming systems (OOPS).

The following are examples of the prior art.

U.S. Patent 4,525,780 teaches a data processing system having a memory organised into objects, where the system uses a protection technique to prevent unauthorised access to objects by users which are identified by a subject number identifying the user, a process for executing a user's procedure and the type of system operation to be performed by the user's procedure. An access control list is maintained to control access to objects based on subject identifier.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

U.S. Patent 5,136,712 teaches an object based operating system for a multitasking computer system including means for making an object private to a process. Access to a private object is controlled by an access control list.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

U.S. Patent 5,265,221 teaches an access control mechanism for granting, revoking, and denying authorisation to objects using a system of verbs, parameters, attributes and functions.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

U.S. Patent 5,297,283 and US Patent 5,321,841 appear to teach the same system as US Patent 5,136,712 discussed above.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

U.S. Patent 5,093,914 generally teaches a method used by a digital computer in controlling execution of an object oriented program to effect a defined action, for example, stopping the program when a specified virtual function is invoked on a specified object during execution of the program.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

U.S. Patent 5,343,554 teaches a computing system in which problems are solved by a process which includes creating objects of first and second classes wherein the second class objects are externally invocable and where the externally invocable sub-class objects include an indication of an internally invocable sub-class object and executing the class of objects wherein one externally invocable subobject invokes the internally invocable sub-object and a new object of the first class is generated in response to the results.

Although the patent generally deals with methods for protecting access to objects in object oriented programs, the patent does not teach nor suggest using a metaclass in an object oriented system to control access to objects as is taught and claimed herein with reference with the present invention.

An overall goal in object oriented programming systems is the development of program objects which can be reused easily.

The importance of binary code over source code increases with the degree of reuse. A main purpose of object oriented technology is code reuse. For object oriented technology to achieve large scale success, binary code reuse is essential. As the state of the art moves towards applications built from object formats which can be tailored and plugged into each other, binary code is critical.

The Object Management Group is defining a set of interfaces for object system services named Common Object Services.

It is an object of the present invention to protect objects in an object oriented system by controlling access to objects.

According to the first aspect of the present invention, there is provided a method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of defining a secure metaclass; invoking a first class as a metaclass of the secure metaclass; and controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.

According to the second aspect of the present invention, there is provided a computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.

According to the third aspect of the present invention, there is provided an information handling system, employing oriented technology, for controlling access to objects comprising one or more processors; a memory system; one or more I/O controllers each controlling one or more I/O devices; a bus connecting the processors, the memory system and the I/O controllers; an operating system controlling operation of the processors, the memory system and the I/O controllers; means for defining a secure metaclass; means for invoking a first class as a metaclass of the secure metaclass; and means for controlling access to one or more protected classes which are subclasses of the secure metaclass in response to values returned on invoking the first class.

It is an advantage of the present invention that object security can be readily achieved by creation of a secure metaclass which performs authorisation checking prior to method dispatch.

The invention will now be described, by way of example, with reference to the accompanying drawings, in which: Figure 1 is a block diagram of a system for executing the method according to the present invention.

Figure 2 is a block diagram showing the operating system platform and system object model program supporting the present invention.

Figure 3 is an object diagram of the preferred embodiment of the present invention.

Referring now to Figures 1 and 2, an information handling system 10 and an operating system environment for the present invention will be described.

Information handling system 10 may be a graphics work station or the like with a very powerful processor 12, a storage system 14, a system bus 16, display sub-system 18 controlling a display device 20, a cursor control device 22, and an I/O controller 24, all connected by system bus 16.

The information handling system 10, shown in Figure 1 may be operated by a commercially available well known multitasking operating system such as OS/26 (OS/2 is a registered trademark of International Business Machines Corporation).

Among many tasks which the OS/2 operating system 26 controls on operating information handling system 10, is execution of a program SOMObjects 28, which is a commercially available product of International Business Machines Corporation.

The method and article of manufacture of the present invention may be incorporated in the SOMObjects program. As used herein, SOM means system object model.

An important aspect of any object oriented system is making the object secure, so that object/method granularity access control can be enforced. This involves checking access control in a before method.

The present invention may be efficiently embodied in Distributed SOM (DSOM) (across address space ORB) and Security SOM (SSOM).

The way the user specifies security is to specify the following constraints when searching for a class object: name: secure value: A boolean indicating whether the object is protected by access control checking.

name: ACL value: If secure==TRUE, an access control list.

When granularity is per method, enforcement can be done either per method invocation or when a reference is first obtained (the capability approach). The present invention provides enforcement on method invocation.

A class is also an object whose class is a metaclass.

A class object, then, being an instance of its metaclass, responds to the methods that its metaclass defines. A metaclass, like any other class, can be subclassed and its methods be overridden. All metaclasses are ultimately derived from the root metaclass.

Referring now to the object diagram of Figure 3, the preferred embodiment of the present invention will be described. One run time metaclass is a BeforeAfter metaclass. When a class is created from the BeforeAfter metaclass 32, two methods are transparently executed on every invocation of method M on an object of class C. One method executes before the method is invoked, the Before method and the other method, the After method, executes following the execution of method M. The Before method and the After method are defined by the BeforeAfter metaclass 32. These two methods can be overridden in a metaclass 34 derived from the BeforeAfter metaclass to allow for a special function to be performed.

On invocation, the Before method returns a boolean value (1 or 0). If this value is TRUE (1), then normal processing occurs, that is, the execution of the primary method M, followed by the execution of the After method. If the boolean value is not TRUE (0), neither the primary method M nor the After method are executed. Thus, the BeforeAfter metaclass 32 is the key to controlling method execution on protected objects 36, 38.

A secure metaclass 34 (M~Secure) is defined to be a subclass of BeforeAfter metaclass 32. In M~Secure, the Before method of metaclass 32 is overridden to perform authorisation checking prior to dispatch of the Before method from metaclass 32. A protected class 36, 38 is a class whose metaclass is M~Secure 34. M Secure overrides BeforeMethod to perform the following function: BeforeMethod(M secure Self, Environment *ev, Object object, ID primaryMethod, via list ap) retrieve privileges or capabilities of calling principal; retrieve the authorisation attributes of object and MethodId; return access allowed(..., principal~security~attributes, primaryMethod security attributes, object~security~attributes) The boolean value returned by BeforeMethod corresponds to the access decision made in access~allowed of the runtime security component of DSOM. Thus, the primary method is executed only when the access checking method allows for it.

Note that the solution cannot be tampered with by the client application as the access decision is performed on the server side during the attempt to dispatch the method.

Claims (10)

1. A method for controlling access to objects in an information handling system employing object oriented technology, comprising the steps of: defining a secure metaclass (34); invoking a first class (32) as a metaclass of the secure metaclass (34); and controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
2. A method according to claim 1, wherein the step of controlling access further comprises the steps of: overriding dispatch of any method invoked by the invoking step; and checking authorisation for access to an object in a protected class (36,38) prior to method dispatching.
3. A method according to claim 2, wherein the step of controlling access further comprises the step of: dispatching an invoked method if the checking authorisation step indicates authorised access to a protected class (36,38).
4. A method according to claim 1, 2 or 3, wherein the invoking step further comprises the steps of: invoking a before method on the secure metaclass (34); testing a value returned by the before method; if the value returned is true, proceeding with normal processing; and if the value returned is not true, inhibiting further processing.
5. A computer readable medium comprising means for controlling access to objects in an information handling system employing object oriented technology, the means comprising: means for defining a secure metaclass (34); means for invoking a first class as a metaclass (32) of the secure metaclass (34); and means for controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
6. A computer readable medium, according to claim 5, wherein said means for controlling access further comprises: means for overriding dispatch of any method invoked by the invoking means; and means for checking authorisation for access to an object in a protected class (36,38) prior to method dispatching.
7. A computer readable medium, according to claim 6, wherein said means for controlling access further comprises: means for dispatching an invoked method if the checking authorisation means indicates authorised access to a protected class (36,38).
8. A computer readable medium, according to claim 5, 6 o 7, wherein said means for invoking further comprises: means for invoking a before method on the secure metaclass (34); means for testing a value returned by the before method; means for proceeding with normal processing if the value returned is true; and means for inhibiting further processing if the value returned is not true.
9. An information handling system, employing oriented technology, for controlling access to objects comprising: one or more processors (12); a memory system (14); one or more I/O controllers (24) each controlling one or more I/O devices (18,20,22); a bus (16) connecting the processors (12), the memory system (14) and the I/O controllers (24); an operating system (26) controlling operation of the processors (12), the memory system (14) and the I/O controllers (24); means for defining a secure metaclass (34); means for invoking a first class (32) as a metaclass of the secure metaclass (34); and means for controlling access to one or more protected classes (36,38) which are subclasses of the secure metaclass (34) in response to values returned on invoking the first class (32).
10. An information handling system, according to claim 9, wherein said means for controlling access further comprises: means for overriding dispatch of any method invoked by the invoking means; means for checking authorisation for access to an object in a protected class (36,38) prior to method dispatching; and means for dispatching an invoked method if the checking authorisation means indicates authorised access to a protected class (36,38).
GB9624244A 1995-12-29 1996-11-21 Controlling access to objects in an information handling system Expired - Fee Related GB2308688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US58010895A true 1995-12-29 1995-12-29

Publications (3)

Publication Number Publication Date
GB9624244D0 GB9624244D0 (en) 1997-01-08
GB2308688A true GB2308688A (en) 1997-07-02
GB2308688B GB2308688B (en) 1999-11-10

Family

ID=24319747

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9624244A Expired - Fee Related GB2308688B (en) 1995-12-29 1996-11-21 Controlling access to objects in an information handling system

Country Status (4)

Country Link
JP (1) JPH09212366A (en)
CN (1) CN1100299C (en)
GB (1) GB2308688B (en)
MY (1) MY121581A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999030218A1 (en) * 1997-12-11 1999-06-17 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6044467A (en) * 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6192476B1 (en) 1997-12-11 2001-02-20 Sun Microsystems, Inc. Controlling access to a resource
EP1589419A1 (en) * 2004-04-19 2005-10-26 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computer environment
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102004528A (en) * 2010-11-10 2011-04-06 吴晓栋 Design idea of new generation of computer system and implementation method thereof

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999030218A1 (en) * 1997-12-11 1999-06-17 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6044467A (en) * 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6047377A (en) * 1997-12-11 2000-04-04 Sun Microsystems, Inc. Typed, parameterized, and extensible access control permissions
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
US6192476B1 (en) 1997-12-11 2001-02-20 Sun Microsystems, Inc. Controlling access to a resource
US7552466B2 (en) 2001-03-28 2009-06-23 Geotrust, Inc. Web site identity assurance
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7120929B2 (en) 2001-10-12 2006-10-10 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7562212B2 (en) 2001-10-12 2009-07-14 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US8028162B2 (en) 2001-10-12 2011-09-27 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
EP1589419A1 (en) * 2004-04-19 2005-10-26 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computer environment
US7668862B2 (en) 2004-04-19 2010-02-23 Sun Microsystems, Inc. System and method for controlling the use of a method in an object-oriented computing environment
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Also Published As

Publication number Publication date
GB2308688B (en) 1999-11-10
CN1157962A (en) 1997-08-27
JPH09212366A (en) 1997-08-15
GB9624244D0 (en) 1997-01-08
MY121581A (en) 2006-02-28
CN1100299C (en) 2003-01-29

Similar Documents

Publication Publication Date Title
Karjoth et al. A security model for aglets
Edjlali et al. History-based access control for mobile code
US6823460B1 (en) Method and system for intercepting an application program interface
US7310822B2 (en) Filtering a permission set using permission requests associated with a code assembly
US5764984A (en) System for multiple co-existing operating system personalities on a microkernel
Wallach et al. Extensible security architectures for Java
CN1111787C (en) Method and device for making interface of object-oriented application program with process operating system
US5577251A (en) Object oriented system for executing application call by using plurality of client-side subcontract mechanism associated with corresponding plurality of server-side subcontract mechanism
Balzer et al. Mediating connectors: A non-bypassable process wrapping technology
US6044224A (en) Mechanism for dynamically associating a service dependent representation with objects at run time
US6810522B2 (en) Method and system for associating parameters of containers and contained objects
US7149832B2 (en) System and method for interrupt handling
US5946694A (en) Apparatus and method for transparent application of service to business objects
US6260077B1 (en) Method, apparatus and program product for interfacing a multi-threaded, client-based API to a single-threaded, server-based API
US7127724B2 (en) Method and apparatus for providing protocol independent naming and life cycle services in an object-oriented system
US4962533A (en) Data protection for computer systems
Graham et al. Protection: principles and practice
US6546546B1 (en) Integrating operating systems and run-time systems
EP0972241B1 (en) Method and apparatus for generating and employing a run-time generated stub to reference an object in object oriented systems
US5481706A (en) System and method for creating thread-safe shared libraries
JP5483769B2 (en) Technology to allow access across context barriers using input point objects in small area devices
US6687709B2 (en) Apparatus for database record locking and method therefor
US5630136A (en) Method and apparatus for serializing access to multithreading unsafe resources
EP0843249A1 (en) Dynamic classes of service for an international cryptography framework
EP1190316B2 (en) Techniques for permitting access across a context barrier in a small footprint device using global data structures

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20071121