-
公开(公告)号:US06279111B1
公开(公告)日:2001-08-21
申请号:US09096926
申请日:1998-06-12
IPC分类号: G06F1214
CPC分类号: H04L63/0807 , G06F21/335 , G06F21/604 , G06F21/6218 , G06F21/645 , G06F2221/2141 , G06F2221/2145 , G06F2221/2149
摘要: A restrict ed access token is created from an existing token, and provides less access than that token. A restricted token may be created by changing an attribute of one or more security identifiers allowing access in the parent token to a setting that denies access in the restricted token and/or removing one or more privileges from the restricted token relative to the parent token. A restricted access token also may be created by adding restricted security identifiers thereto. Once created, a process associates another process with the restricted token to launch the other process in a restricted context that is a subset of its own rights and privileges. A kernel-mode security mechanism determines whether the restricted process has access to a resource by first comparing user-based security identifiers in the restricted token and the intended type of action against a list of identifiers and actions associated with the resource. If no restricted security identifiers are in the restricted token, access is determined by this first check, otherwise a second access check further compares the restricted security identifiers against the list of identifiers and actions associated with the resource. With a token having restricted security identifiers, the process is granted access if both the first and second access checks pass. In this manner, a process is capable of restricting another process, such as possibly unruly code, in the actions it can perform.
摘要翻译: 从现有令牌创建限制访问令牌,并提供比该令牌更少的访问权限。 可以通过改变一个或多个安全标识符的属性来创建限制令牌,该安全标识符允许父令牌中的访问被拒绝在受限令牌中的访问和/或从受限令牌相对于父令牌去除一个或多个特权的设置。 还可以通过向其中添加受限制的安全标识符来创建受限访问令牌。 一旦创建,进程将另一个进程与受限制的令牌相关联,以在受限上下文中启动另一个进程,该进程是其自己的权限和特权的一部分。 内核模式安全机制通过首先将限制令牌中的基于用户的安全标识符与预期的操作类型相对于与该资源相关联的标识符和动作的列表进行比较来确定受限制的进程是否可以访问资源。 如果没有受限制的令牌中的受限制的安全标识符,则通过该第一检查确定访问,否则第二访问检查进一步将受限安全标识符与与该资源相关联的标识符和动作的列表进行比较。 使用具有受限安全标识符的令牌,如果第一和第二访问检查都通过,则该进程被授予访问权限。 以这种方式,一个进程能够限制其可以执行的动作中的其他进程,例如可能不守规矩的代码。
-
公开(公告)号:US06505300B2
公开(公告)日:2003-01-07
申请号:US09097218
申请日:1998-06-12
申请人: Shannon Chan , Gregory Jensenworth , Mario C. Goertzel , Bharat Shah , Michael M. Swift , Richard B. Ward
发明人: Shannon Chan , Gregory Jensenworth , Mario C. Goertzel , Bharat Shah , Michael M. Swift , Richard B. Ward
IPC分类号: G06F0124
CPC分类号: G06F21/6218 , G06F21/53 , G06F2221/2101 , G06F2221/2141 , G06F2221/2145 , G06F2221/2149
摘要: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.
摘要翻译: 为不受信任的内容提供限制的执行上下文,例如计算机代码或从网站下载的其他数据,电子邮件消息及其任何附件,以及在服务器上运行的脚本或客户端进程。 为不受信任的内容设置了限制的过程,并且内容尝试的任何操作都受到过程的限制,这可能基于各种标准。 每当进程尝试访问资源时,将与该进程关联的令牌与该资源的安全信息进行比较,以确定是否允许访问类型。 因此,每个资源的安全信息决定了受限制的过程以及不可信内容的访问程度。 一般来说,用于为每个不受信任的内容过程设置限制的标准是指示内容可能受信任或不受信任的信息。
-
3.发明授权Extensible security system and method for controlling access to objects in a computing environment 有权用于控制计算环境中对象访问的可扩展安全系统和方法公开(公告)号:US06412070B1
公开(公告)日:2002-06-25
申请号:US09157882
申请日:1998-09-21
IPC分类号: G06F1214
CPC分类号: G06F9/468 , G06F21/604 , G06F21/6218 , G06F2221/2141 , Y10S707/99939
摘要: A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.
摘要翻译: 一种用于在计算环境中扩展系统对象的访问控制的方法和计算系统,超越传统权限,如读取,写入,创建和删除。 根据本发明,系统管理员或用户应用程序能够创建对象类型唯一的控制权限。 可以创建与对象的任何特定属性无关的权限,而是定义用户如何控制对象。 被称为控制访问数据结构的一个新对象是为每个唯一的控制权定义的,并将控制权与计算环境的一个或多个对象相关联。 为了授予对信任用户的权利,定义了改进的访问控制条目(ACE),其保存受信任用户的唯一标识符和控制访问数据结构的唯一标识符。
-
公开(公告)号:US06625603B1
公开(公告)日:2003-09-23
申请号:US09157768
申请日:1998-09-21
IPC分类号: G06F1700
CPC分类号: G06F9/468 , G06F21/6218 , G06F2221/2141 , Y10S707/99939 , Y10S707/99944 , Y10S707/99952
摘要: Providing object type specific access control to an object is described. In one embodiment, a computer system comprises an operating system operative to control an application and a service running on a computer. The service maintains a service object having a link to an access control entry. The access control entry contains an access right to perform an operation on an object type. The system further includes an access control module within the operating system. The access control module includes an access control interface and operates to grant or deny the access right to perform the operation on the object.
摘要翻译: 对对象提供对象类型特定的访问控制被描述。 在一个实施例中,计算机系统包括可操作以控制应用和在计算机上运行的服务的操作系统。 服务维护具有到访问控制条目的链接的服务对象。 访问控制条目包含对对象类型执行操作的访问权限。 系统还包括操作系统内的访问控制模块。 访问控制模块包括访问控制接口并且操作以授予或拒绝对对象执行操作的访问权限。
-
公开(公告)号:US06289458B1
公开(公告)日:2001-09-11
申请号:US09157771
申请日:1998-09-21
IPC分类号: G96F1214
CPC分类号: G06F21/6281 , G06F2221/2141
摘要: Providing access control to individual properties of an object is described. In one embodiment, a computer system comprises an operating system operative to control applications and services running on the system. The service maintains a service object having at least one property. Also included in the system is an access control module within the operating system. The access control module includes an access control interface operative to control access to a property of the object.
摘要翻译: 描述对对象的各个属性的访问控制。 在一个实施例中,计算机系统包括可操作以控制在系统上运行的应用和服务的操作系统。 该服务维护具有至少一个属性的服务对象。 系统中还包括操作系统中的访问控制模块。 访问控制模块包括访问控制接口,其操作以控制对对象的属性的访问。
-
公开(公告)号:US08239633B2
公开(公告)日:2012-08-07
申请号:US12217811
申请日:2008-07-09
申请人: David A. Wood , Mark D. Hill , Michael M. Swift , Michael R. Marty , Luke Yen , Kevin E. Moore , Jayaram Bobba , Haris Volos
发明人: David A. Wood , Mark D. Hill , Michael M. Swift , Michael R. Marty , Luke Yen , Kevin E. Moore , Jayaram Bobba , Haris Volos
IPC分类号: G06F12/08
CPC分类号: G06F12/0815
摘要: A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.
摘要翻译: 在示例中的装置的硬件中的相干控制器通过直接,非广播使用签名来检测对相干请求的冲突,所述签名总结了存储器事务的读取集和写入集合; 并提供错误的肯定,但对于一致性要求的冲突没有错误的否定。 签名包括对于存储器事务的读取集合和写入集合的基本上任意的地址集的固定大小表示。
-
7.发明授权公开(公告)号:US06401211B1
公开(公告)日:2002-06-04
申请号:US09525419
申请日:2000-03-15
IPC分类号: G06F1100
CPC分类号: H04L67/306 , G06F21/33 , H04L63/0807 , H04L63/102 , H04L69/329
摘要: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
-
8.发明授权公开(公告)号:US06377691B1
公开(公告)日:2002-04-23
申请号:US08762166
申请日:1996-12-09
申请人: Michael M. Swift , Bharat Shah
发明人: Michael M. Swift , Bharat Shah
IPC分类号: H04L900
CPC分类号: H04L63/04 , H04L63/0807 , H04L63/0869 , H04L63/12
摘要: The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component. The challenge contains a unique identifier generated by the server C-R component. The client C-R component responds to the challenge by sending a challenge response and the session key. The challenge response is the unique identifier contained within the challenge encrypted with the password of the user of the client computer. The session key is also encrypted using this password. Upon receiving the challenge response, the server C-R component uses its copy of the client's password to create its own version of the challenge response and compares it to the version received from the client C-R component. If the two versions of the challenge response are identical, the identity of the user of the client computer has been verified. If the two versions are not identical, an attempted unauthorized access has been detected. After verification, the server C-R component extracts the session key, decrypts the message, and invokes the requested procedure of the server program. Subsequently, the server C-R component will send and receive encrypted messages from the client C-R component, thereby facilitating a remote procedure call.
-
公开(公告)号:US06308274B1
公开(公告)日:2001-10-23
申请号:US09096679
申请日:1998-06-12
申请人: Michael M. Swift
发明人: Michael M. Swift
IPC分类号: G06F1214
CPC分类号: G06F21/604 , G06F21/6218 , G06F2221/2141 , G06F2221/2145 , G06F2221/2149
摘要: A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application. Also, the system may enforce running with reduced access by running user processes with a restricted token, and then requiring a definite action by the user to specifically override actions that are restricted by temporarily running with the user's normal token.
摘要翻译: 一种通过限制访问令牌实现减少访问的方法和机制。 限制访问令牌基于现有令牌,并且具有比现有令牌更少的访问权限。 进程与限制令牌相关联,并且当受限进程尝试对资源执行动作时,安全机制将访问令牌信息与与资源相关联的安全信息进行比较以允许或拒绝访问。 应用程序可以具有与其相关联地存储的限制信息,使得当启动时,基于限制信息为该应用创建受限标记,从而自动减少该应用的访问。 应用程序可以分为不同的访问级别,如特权和非特权部分,从而自动限制用户可以通过该应用程序执行的操作。 此外,系统可以通过使用受限制的令牌运行用户进程来强制执行具有减少的访问的运行,然后由用户需要明确的动作来专门地覆盖由用户正常令牌暂时运行而限制的动作。
-
公开(公告)号:US06189100B1
公开(公告)日:2001-02-13
申请号:US09107007
申请日:1998-06-30
IPC分类号: G06F124
CPC分类号: G06F21/575 , G06F2211/1097 , G06F2221/2103
摘要: A remote boot process uses a secret to sign and/or seal the data necessary to remotely boot a client from a server on a network to ensure the integrity of the data. The secret is generated by the server and securely delivered to the client during the initial setup of the client. The secret contains a one-way encryption of the password for the client account on the server. Each side balances a signed message with a verify and a sealed message with an unseal. Subsequent transactions between the client and server are conducted using messages encrypted with a key generated by the server and securely delivered to the client in a message sealed using the secret. The secret can also be used in conjunction with an access data structure to prevent unauthorized users from accessing data stored on the server on behalf of the client or other users. In other aspects of the invention, the secret is replaced by a client private/public key pair.
摘要翻译: 远程引导过程使用秘密来签名和/或密封从网络上的服务器远程引导客户端所需的数据,以确保数据的完整性。 该秘密由服务器生成,并在客户端的初始设置期间安全地传递给客户端。 秘密包含对服务器上客户端帐户密码的单向加密。 每一边平衡一个签名的消息与一个验证和密封的消息与一个开封。 使用由服务器生成的密钥加密的消息进行客户端和服务器之间的后续交易,并使用秘密将密封的消息安全地传递给客户端。 秘密还可以与访问数据结构一起使用,以防止未经授权的用户代表客户端或其他用户访问存储在服务器上的数据。 在本发明的其他方面,秘密由客户端专用/公共密钥对替代。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.03 秒)