Protection domains to provide security in a computer system

DC CAFC

US 6,125,447 A
Filed: 12/11/1997
Issued: 09/26/2000
Est. Priority Date: 12/11/1997
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method for providing security, the method comprising the steps of:

establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;

establishing an association between said one or more protection domains and one or more classes of one or more objects; and

determining whether an action requested by a particular object is permitted based on said association between said one or more protection domains and said one or more classes.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

A method and apparatus are provided for maintaining and enforcing security rules using protection domains. As new code arrives at a computer, a determination is assigned to a protection domain based on the source from which the code is received. The protection domain establishes the permissions that apply to the code. In embodiments where the code to be executed by the computer belongs to object classes, an association is established between the protection domains and the classes of objects. When an object requests an action, a determination is made as to whether the action is permitted based on the class to which the object belongs and the association between classes and protection domains.

149 Citations

24 Claims

1. A method for providing security, the method comprising the steps of:
- establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
  
  establishing an association between said one or more protection domains and one or more classes of one or more objects; and
  
  determining whether an action requested by a particular object is permitted based on said association between said one or more protection domains and said one or more classes.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - at least one protection domain of said one or more protection domains is associated with a code identifier;
      
      at least one class of said one or more classes is associated with said code identifier; and
      
      the step of establishing an association between said one or more protection domains and said one or more classes of one or more objects further includes the step of associating said one or more protection domains and said one or more classes based on said code identifier.
  - 3. The method of claim 2, wherein said code identifier indicates a source of code used to define each class of said one or more classes.
  - 4. The method of claim 2, wherein said code identifier indicates a key associated with each class of said one or more classes.
  - 5. The method of claim 2, wherein said code identifier indicates a source of code used to define each class of said one or more classes and indicates a key associated with each class of said one or more classes.
  - 6. The method of claim 2, wherein the step of associating said one or more protection domains and said one or more classes based on said code identifier further includes associating said one or more protection domains and said one or more classes based on data persistently stored, wherein said data associates code identifiers with a set of one or more permissions.

7. A method of providing security, the method comprising the steps of:
- establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
  
  establishing an association between said one or more protection domains and one or more sources of code; and
  
  in response to executing code making a request to perform an action, determining whether said request is permitted based on a source of said code making said request and said association between said one or more protection domains and said one or more sources of code.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the step of establishing an association between said one or more protection domains and said one or more sources of code further includes establishing an association between said one or more protection domains and said one or more sources of code and one or more keys associated with said one or more sources of code.
  - 9. The method of claim 8, wherein the step of establishing an association between said one or more protection domains and said one or more sources of code and said one or more keys associated with said one or more sources of code further includes establishing said association between said one or more protection domains and said one or more sources of code and said one or more keys associated with said one or more sources of code based on data persistently stored, wherein said data associates particular sources of code and particular keys with a set of one or more permissions.

10. A computer-readable medium carrying one or more sequences of one or more instructions, the one or more sequences of the one or more instructions including instructions which, when executed by one or more processors, causes the one or more processors to perform the steps of:
- establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
  
  establishing an association between said one or more protection domains and one or more classes of one or more objects; and
  
  determining whether an action requested by a particular object is permitted based on said association between said one or more protection domains and said one or more classes.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer readable medium of claim 10, wherein:
    - at least one protection domain of said one or more protection domains is associated with a code identifier;
      
      at least one class of said one or more classes is associated with said code identifier; and
      
      the step of establishing an association between said one or more protection domains and said one or more classes of one or more objects further includes the step of associating said one or more protection domains and said one or more classes based on said code identifier.
  - 12. The computer readable medium of claim 11, wherein said code identifier indicates a source of code used to define each class of said one or more classes.
  - 13. The computer readable medium of claim 11, wherein said code identifier indicates a key associated with each class of said one or more classes.
  - 14. The computer readable medium of claim 11, wherein said code identifier indicates a source of code used to define each class of said one or more classes and indicates a key associated with each class of said one or more classes.
  - 15. The computer readable medium of claim 14, wherein the step of associating said one or more protection domains and said one or more classes based on said code identifier further includes associating said one or more protection domains and said one or more classes based on data persistently stored, wherein said data associates code identifiers with a set of one or more permissions.

16. A computer-readable medium carrying one or more sequences of one or more instructions, wherein the execution of the one or more sequences of the one or more instructions causes the one or more processors to perform the steps of:
- establishing one or more protection domains, wherein a protection domain is associated with zero or more permissions;
  
  establishing an association between said one or more protection domains and one or more sources of code; and
  
  in response to executing code making a request to perform an action, determining whether said request is permitted based on a source of said code making said request and said association between said one or more protection domains and said one or more sources of code.
- View Dependent Claims (17, 18)
- - 17. The computer readable medium of claim 16, wherein the step of establishing an association between said one or more protection domains and said one or more sources of code further includes establishing an association between said one or more protection domains and said one or more sources of code and one or more keys associated with said one or more sources of code.
  - 18. The computer readable medium of claim 17, wherein the step of establishing an association between said one or more protection domains and said one or more sources of code and said one or more keys associated with said one or more sources of code further includes establishing said association between said one or more protection domains and said one or more sources of code and said one or more keys associated with said one or more sources of code based on data persistently stored, wherein said data associates particular sources of code and particular keys with a set of one or more permissions.

19. A computer system comprising:
- a processor;
  
  a memory coupled to said processor;
  
  one or more protection domains stored as objects in said memory, wherein each protection domain is associated with zero or more permissions;
  
  a domain mapping object stored in said memory, said domain mapping object establishing an association between said one or more protection domains and one or more classes of one or more objects; and
  
  said processor being configured to determine whether an action requested by a particular object is permitted based on said association between said one or more protection domains and said one or more classes.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer system of claim 19, wherein:
    - at least one protection domain of said one or more protection domains is associated with a code identifier;
      
      at least one class of said one or more classes is associated with said code identifier; and
      
      said computer system further comprises said processor configured to establish an association between said one or more protection domains and said one or more classes of one or more objects by associating said one or more protection domains and said one or more classes based on said code identifier.
  - 21. The computer system of claim 20, wherein said code identifier indicates a source of code used to define each class of said one or more classes.
  - 22. The computer system of claim 20, wherein said code identifier indicates a key associated with each class of said one or more classes.
  - 23. The computer system of claim 20, wherein said code identifier indicates a source of code used to define each class of said one or more classes and indicates a key associated with each class of said one or more classes.
  - 24. The computer system of claim 20, further comprising said processor configured to associate said one or more protection domains and said one or more classes based on said code identifier by associating said one or more protection domains and said one or more classes based on data persistently stored in said computer system, wherein said data associates code identifiers with a set of one or more permissions.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Gong, Li
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/988,439
Time in Patent Office

1,020 Days
Field of Search

713/200, 713/201-202, 713/151, 713/152, 713/153, 713/154-168, 713/169, 709/229, 709/303, 395/704, 714/38, 714/48, 707/103, 707/9, 707/10, 380/4
US Class Current

726/17
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/6218   to a system of files or obj...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 9/468   Specific access rights for ...

Protection domains to provide security in a computer system

First Claim

3 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

149 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Protection domains to provide security in a computer system

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

149 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links