公开(公告)号：US08397290B2

公开(公告)日：2013-03-12

申请号：US12163164

申请日：2008-06-27

Applicant: Neil Laurence Coles ,  Scott Randall Shell ,  Upender Reddy Sandadi ,  Angelo Renato Vals ,  Matthew G. Lyons ,  Christopher Ross Jordan ,  Andrew Rogers ,  Yadhu Gopalan ,  Bor-Ming Hsieh

Inventor： Neil Laurence Coles ,  Scott Randall Shell ,  Upender Reddy Sandadi ,  Angelo Renato Vals ,  Matthew G. Lyons ,  Christopher Ross Jordan ,  Andrew Rogers ,  Yadhu Gopalan ,  Bor-Ming Hsieh

IPC: G06F21/00

CPC classification number: G06F21/6281 ,  G06F9/468 ,  G06F2221/2145

Abstract: Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource.

Abstract translation: 实施例提供了可被配置为在现有操作系统之上运行以控制应用程序可以访问哪些资源以及应用程序可以调用哪些API的安全基础设施。 通过考虑当前线程的身份和当前线程的调用链上下文来进行安全性决策，以在默认情况下实现最小权限。 捕获当前线程上下文，并创建其副本以用于异步执行安全检查。 系统中的每个线程都有一个关联的身份。 为了获得对特定资源的访问，分析当前线程上的所有调用者，以确保每个调用者和线程都可以访问该资源。 只有当每个调用者和线程都能访问该资源时，调用者才能访问该资源。

公开(公告)号：US20090328180A1

公开(公告)日：2009-12-31

申请号：US12163164

申请日：2008-06-27

Applicant: Neil Laurence Coles ,  Scott Randall Shell ,  Upender Sandadi ,  Angelo Renato Vals ,  Matthew G. Lyons ,  Christopher Ross Jordan ,  Andrew Rogers ,  Yadhu Gopalan ,  Bor-Ming Hsieh

Inventor： Neil Laurence Coles ,  Scott Randall Shell ,  Upender Sandadi ,  Angelo Renato Vals ,  Matthew G. Lyons ,  Christopher Ross Jordan ,  Andrew Rogers ,  Yadhu Gopalan ,  Bor-Ming Hsieh

IPC: H04L9/32 ,  G06F21/20

CPC classification number: G06F21/6281 ,  G06F9/468 ,  G06F2221/2145

Abstract: Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource.

Abstract translation: 实施例提供了可被配置为在现有操作系统之上运行以控制应用程序可以访问哪些资源以及应用程序可以调用哪些API的安全基础设施。 通过考虑当前线程的身份和当前线程的调用链上下文来进行安全性决策，以在默认情况下实现最小权限。 捕获当前线程上下文，并创建其副本以用于异步执行安全检查。 系统中的每个线程都有一个关联的身份。 为了获得对特定资源的访问，分析当前线程上的所有调用者，以确保每个调用者和线程都可以访问该资源。 只有当每个调用者和线程都能访问该资源时，调用者才能访问该资源。