ebook img

Definition of low-level security rules in terms of high-level security concepts PDF

26 Pages·2013·2.19 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Definition of low-level security rules in terms of high-level security concepts

US007346921B2 (12) United States Patent (10) Patent N0.: US 7,346,921 B2 Murren et al. (45) Date of Patent: Mar. 18, 2008 (54) DEFINITION OF LOW-LEVEL SECURITY 5,745,754 A 4/1998 Lagarde et a1. RULES IN TERMS OF HIGH-LEVEL 5,790,790 A 8/1998 Smith et a1. SECURITY CONCEPTS 5,790,809 A 8/1998 Holmes 5,835,896 A 11/1998 Fisher et a1. (75) Inventors: Brian T. Murren, Clifton Park, NY 5,870,605 A 2/1999 Bracho et a1. 5,890,175 A 3/1999 Wong et a1. (US); Thomas R. Kiehl, Wynantskill, 5,898,836 A 4/1999 Freivald et a1. NY (US) 5,915,209 A 6/1999 Lawrence 5,928,335 A 7/1999 Morita (73) Assignee: GE Capital Corporation, Stamford, 5,970,231 A 10/1999 Crandall CT (US) 5,977,971 A 11/1999 Guzak et a1. 5,978,799 A 11/1999 Hirsch Notice: Subject to any disclaimer, the term of this 5,999,948 A 12/1999 Nelson et a1. patent is extended or adjusted under 35 6,035,121 A 3/2000 Chiu et a1. U.S.C. 154(b) by 827 days. 6,047,377 A * 4/2000 Gong ....................... .. 713/201 6,058,417 A 5/2000 Hess et a1. (21) Appl. No.2 09/847,037 6,061,686 A 5/2000 Gauvin et a1. 6,115,690 A 9/2000 Wong (22) Filed: Apr. 30, 2001 6,128,655 A 10/2000 Fields et a1. 6,144,944 A 11/2000 Kurtzman, 11 et a1. 6,151,022 A 11/2000 Alshibani et a1. (65) Prior Publication Data US 2003/0167401 A1 Sep. 4, 2003 (Continued) OTHER PUBLICATIONS (51) Int. Cl. G06F 17/00 (2006.01) Belge, “The Next Step in Software Internationalization,” Jan. 1995, (52) US. Cl. ........................ .. 726/1; 713/156; 713/166; ACM Press Interactions, vol. 2, Issue 1, pp. 21-25, ISSN: 1072 705/51 5520. (58) Field of Classi?cation Search .............. .. 713/200, (Continued) 713/156, 166; 709/9, 249; 705/76, 50, 51; 726/26, 8429, 1; 707/9, 10 Primary ExamineriT. B. Truong See application ?le for complete search history. (74) Attorney, Agent, or Fi rmiLee & Hayes, PLLC (56) References Cited (57) ABSTRACT U.S. PATENT DOCUMENTS A set of pluggable rules are used to de?ne low-level security 5,265,221 A * 11/1993 Miller ...................... .. 711/163 rules in terms of high-level security concepts. The rules are 5,410,646 A 4/1995 Tondevold et a1. part of a pluggable module that can interact With a business 5,434,776 A 7/1995 Jain logic to provide different granularities of control. 5,590,197 A 12/1996 Chen et a1. 5,678,039 A 10/1997 Hinks et a1. 5,704,029 A 12/1997 Wright, Jr. 27 Claims, 9 Drawing Sheets {-100 102(3) 102(2) l C] 21> CLIENT BROWSER 11155 WEB SERVICE 102(N) ‘m REOUESTS/ REPLlES APPLICATION SERVER SYSTEM 110 MULTl-LAYER APPLICATION] DOMAIN ARCHITECTURE A ‘"1. 112(1) 112(2) 112(3) 110 11 L RESOURCE I l RESOURCE I I" I RESOURCE I 105(1) J 108(2) J 108(M) J US 7,346,921 B2 Page 2 U.S. PATENT DOCUMENTS 2001/0044809 A1 11/2001 Parasnis et al. 2002/0107684 A1 8/2002 Gao 6,175,841 B1 V2001 Loiacono 2002/0147656 A1 10/2002 Tam et al. 6,192,407 B1 2/2001 Smith et 91- 2002/0156678 A1 10/2002 Adams 6,216,114 B1 4/2001 Alaifl er 91- 2002/0161674 A1 10/2002 Scheer 6,233,566 B1 5/2001 Levlne et 31 2003/0033448 A1 2/2003 Kiefrer 6,243,721 B1 6/2001 Duape er 91- 2003/0078960 A1 4/2003 Murren etal. 6252589 B1 6/2001 Remg 9t 81 2003/0233296 A1 12/2003 Wagner 6,253,251 B1* 6/2001 Benantar et al. .......... .. 719/315 2004/0039993 A1 2/2004 Kouglouris @131‘ 6,292,827 B1 9/2001 R?Z 2004/0205575 A1 10/2004 Wattenberg 6,308,212 B1 10/2001 BeSaW er a1~ 2004/0205644 A1 10/2004 Shaughnessy et al. 6,345,278 B1 2/2002 Hitchcock et al. 2005/0055633 A1 3/2005 A11 @131‘ 6,366,891 B1 4/2002 Feinberg 6,385,724 B1 * 5/2002 Beckman et al. ......... .. 713/167 OTHER PUBLICATIONS 6,412,008 B1 6/2002 Fields et a1. 6,415,284 B1 7/2002 D’Souza e1 31‘ “Borland’s Paradox for Windows User’s Guide”, Borland Interna 6,434,568 B1 8/2002 Bowman-Amuah tional, Inc, 1994, 23 P9899 6,438,594 B1 g/2002 BOWmamAmuah Bragg, “Accounting Best Practices,” John Wiley and Sons, Inc. 6,460,036 B1 10/2002 Herz 1999, 289 P9899 6,473,748 B1 * 10/2002 Archer ...................... .. 706/45 d9 Mauro, “Internationalizing Messages in Linus Program,” Mar 6,473,791 B1 * 10/2002 A1_Ghosein e131‘ ______ __ 709/217 1999, Specialized Systems Consultants Inc., Linux Journal, vol. 6,477,665 B1 11/2002 BOWmamAmuah 1999, Issue 59es, Article No. 4, ISSN 1075-3583, 10 pages. 6,487,599 B1 11/2002 Smith et a1‘ Der?er, et al., “How Networks Work,” Millennium Ed., Euq Cor 6,487,665 B1 * 11/2002 Andrews et al. .......... .. 713/201 poration, Jan 2000, 19 pages 6,513,038 B1 1/2003 Hasegawa et a1‘ “Developer’s Guide to Internationalization,” 1995 Sun 6,519,570 B1 2/2003 Faber et al. Microsystems, 96 P9899 6,519,571 B1 2/2003 Guheen e1 31‘ Gavron, et al., “How to Use Microsoft Windows NT4Workstation,” 6,529,950 B1 * 3/2003 Lumelsky et al. ........ .. 709/218 Macmillian Computer Publishing, USA, 1996, 197 P9899 6,529,956 B1 3/2003 Smith et a1‘ Gilly, “Unix in a Nutshell: A Desktop Quick Reference for System 6,546,397 B1 4/2003 Rempell V and Solaris 2.0,” Cambridge: O’Reilly, 1992, 4 pages. 6,549,397 B1 4/2003 Diaz et a1‘ Gralla, “How the Internet Works,” Millennium Ed., Que Corpora 6,560,592 B1 * 5/2003 Reid et al. ................... .. 707/2 tion, A118 1999, 28 pages 6,567,846 B1 5/2003 Garg et a1, Lemay, et al., “Laura Lemay’s Workshop Javascript,” 1996, Sams. 6,611,498 B1 8/2003 Baker et a1. 11991211 l32-13T 6,615,253 B1 9/2003 BOWmamAmuah Lawhead, “Flexible Formatting of Messages for Display,” Jun. 1, 6,623,529 B1 9/2003 Lakritz 1971, IBM Technical Disclosure Bulletin, vol. 14, Issue 1, pp. 6,625,581 B1 9/2003 Perkowski 46-48 6,631,357 B1 10/2003 perkowski Muller, “ Desktop Encyclopedia of the Internet,” Artech House, 6,632,251 B1 10/2003 Rutten et al. 1119, 1998, 499 P9899 6,636,886 B1 10/2003 Katiyar et a1, “OpenWindows Developer’s Guide: XView Code Generator Pro 6,643,652 B2 11/2003 Helgeson et a1‘ grammer’s Guide,” 1994 Sun Microsystems Product Manual ,Chap 6,654,726 B1 11/2003 Hanzek ter 1, and Appendix B, PP~ 1-3 and 95-106 6,662,342 B1 12/2003 Marcy Peek, et a1. “Unix Power Tools,” Cambridge: O’Reilly, 1997, 2nd 6,664,981 B2 12/2003 Ashe et a1. Edition, 6 P9899 6,671,674 B1 12/2003 Anderson @131, Pominville, et al., “A Framework for Optimizing Java Using 6,684,369 B1 1/2004 Bernardo et a1‘ Attributes,” IBM Centre for Advanced Studies Conference, 2000, 6,694,506 B1 * 2/2004 LeBlanc et al. .......... .. 717/108 p11 l-l7~ 6,704,906 B1 3/2004 yankovich et a1‘ Robbins, “Effective awk Programming,” May 2001, O’Reilly & 6,728,685 B1 4/2004 Ahluwaha Associates, ISBN: 0-596-00070-7, Chapter 9, 15 pages. 6,732,331 B1 5/2004 A1exander Robbins, “Gawk 3.1 New Feature List,” Sep. 3, 2000, Usenet 6,741,969 B1 5/2004 Chen et a1‘ newsgroup comp.lang.awk as archived on <<http://groups.google. 6,741,980 B1 5/2004 Langseth et a1, com>>, accessed and printed on Mar. 18, 2005, 3 pages. 6,742,015 B1 5/2004 Bowman.Amuah “SMT in Line”, available at <<www.smtinline.com>>, accessed on 6,745,203 B1 6/2004 Garg et al. APR 28, 2006, 2 pages. 6,751,673 B2 6/2004 Shaw Stephens, “Prototyping with Visual Basic,” Sep. 2001, Sams Pub 6,769,009 B1 7/2004 Reisman lishing, ISBN 0-7897-2578-9, Chapter 9, 6 pages. 6,771,384 B1 8/2004 Laverty et a1. Stevens, “Unix Network Programing,” New Jersey: Prentice Hall 6,779,155 B1* 8/2004 Bahrs et al. .............. .. 715/526 1990, 44 pages. 6,785,721 B1 8/2004 Immerman et a1. Tuthill, et a1, “Creating Worldwide Software: Solaris International 6,792,462 B2 * 9/2004 Bernhardt et al. ........ .. 709/225 Developer’s Guide,” Sun Microsystems Press, 1997, 2nd Edition, 6,802,059 B1 10/2004 Lyapustina et al. 13 pages, 6,807,558 B1 10/2004 H?ssett et a1~ Usdin, et al., “XML: NotA Silver Bullet, But a Great Pipe Wrench”, 6,820,082 B1 * 11/2004 Cook et al. .................. .. 707/9 Published by standard View, v01, 6, NO, 3, Sep, 1993, pp, 125.132, 6,832,369 B1 12/2004 Kryka et a1~ White, “How Computers Work”, Millennium Ed. Que Corporation, 6,842,906 B1 1/2005 Bowman-Amuah Sep, 1999, 38 pages, 7,013,289 B2 3/2006 Horn et a1. 2001/0039594 A1 11/2001 Park et al. * cited by examiner U.S. Patent Mar. 18, 2008 Sheet 1 0f 9 US 7,346,921 B2 r 100 102 1 [- ( ) III 102(3) CLIENT BROWSER CIDEI WEB SERVICE :- 102W) COMM. DEVICE REQuEsTs/ REPLIES 1 04 106 /. APPLICATION SERVER SYsTEM 110-\ MULTI-LAYER APPLICATION/DOMAIN ARCHITECTURE \ 7 \ / \ I JIIIIIHL m 112(1)J112(2)J112(3)J 112(s REsouRcE RESOURCE . . . RESOURCE 108(1) J 108(2) J 108(M) J w, I U.S. Patent Mar. 18, 2008 Sheet 2 0f 9 US 7,346,921 B2 REQUESTS REPLIES I 110 L I MULTl-LAYER ARCHITECTURE I EXECUTION ENVIRONMENT 2Q PRESENTATION LAYER @ ADAPTER(S) Q CONTENT RENDERER FRAMEWORK E \ 260 MODEL REQUEST DISPATCHER _22_4 DISPATCHER Q ENGINE RDT | TRANSLATOR _26_2 264 / I 226 —/ AUTHENTICATION MODEL BUSINESS LOGIC LAYER 204 210 SECURITY POLICY WLI ENFORCEMENT _2_§Q 230 ' DATA COORDINATION LAYER @ APPLICATION DATA MANAGERS w UTILITIES 242 APPLICATION FRAMEWORK EXTENSIONS 244 DOMAIN FRAMEWORK E 252 —\ r 254 PERSISTENCE MANAGEMENT BULK DATA ACCESS DATA ABSTRACTION LAYER 208 SERVICE LAYER m RESOURCE RESOURCE - - . RESOURCE 108(1) -/ 108(2) J 108(M) J Q9, 2 U.S. Patent Mar. 18,2008 Sheet 3 0f 9 US 7,346,921 B2 GENERAL OPERATION 300 302 -\ f RECEIVE REQUEST FROM CLIENT L I 304 _\ AUTHENTICATE REQUEST 306 _\ SELECT EXECUTION MODEL w 308 \F PROCESS REQUEST USING EXECUTION MODEL L I RESOURCE ACCESS NO RESOURCE ACCESS 3103 I ‘ l /—316 I QUERY FOR DESIRED GENERATE REPLY AND INFORMATION VIA DATA PASS REPLY TO COORDINATION AND PRESENTATION LAYER L ABSTRACTION LAYERS v /— 318‘ 312-\ I r w SELECT CLIENT ACCESS RESOURCES FOR APPROPRIATE INFORMATION PRESENTATION FORM 314\ I g I /-320 W h EXTRACT INFORMATION r FROM RESULTS AND RETURN REPLY IN SELECTED PRESENTATION RETURN TO EXECUTION MODEL FORM U.S. Patent Mar. 18, 2008 Sheet 5 0f 9 US 7,346,921 B2 OPERATION OF EXECUTION MODEL 500 [ SET ATTRIBUTE VALUES 502 RECEIVED FROM CLIENT REQUEST IN ATTRIBUTE STORE y SELECT NEXT COMMAND OF 504 INTERACTION 506 508 ALL COMMANDS PROCESS SELECTED? VIEW INSTANTIATE OBJECT r 51 O ASSOCIATED WITH COMMAND V RETRIEvE ATTRIBUTE VALUES FROM STORE AND INVOKE SET METHODS L V r 1 INvOKE VALIDATE METHOD /_ 514 L 7 h INVOKE SECURITY CHECK ‘ k METHOD 7 E INVOKE PERFORM METHOD 1/- 518 v INvOKE GET METHODS TO 520 EXTRACT OUTPUT VALUEs AND SET OUTPUT VALUES IN STORE E69. 5 U.S. Patent Mar. 18, 2008 Sheet 6 0f 9 US 7,346,921 B2 PROGRAM CONTROLLER Q5 HANDLE 5Q INPTREORCACETSISO N (Ti QE PROCESS PRocEss COMMAND PROCESS CONDITIONAL VIEW 610 — £52 TRANSLATOR 91:1 R9. 6 U.S. Patent Mar. 18, 2008 Sheet 7 0f 9 US 7,346,921 B2 USER ITEM 280 w INDICATION INDICATION 712 714 702 x POLICY ‘I’ v /»- 710 ENFORCER |NTERFACE(S) »- 7 V / O8 TO/FROM CONTROL MODULE > BUSINESS LOGIC LAYER 704 — 706 V / — RULE ~ RESULT COMPARATOR ' 716(1) 716 //_ x f- 718 720 ----- -- - X f- 726 728 730 PERMISSION 720 _ USER N AME' _ 1 f‘ ASSIGNMENT ‘ ROLE PERMISSION CONTEXT OBJECT 722 “GRANT/DENY \ OPERATION : ‘ DURATION - \ 723(R) L 732 a J '.‘ . 724 PERMISSION PERMISSION ' ASSIGNMENT 728(R) OBJECT / 716(P) -/ 769. 7 U.S. Patent Mar. 18, 2008 Sheet 8 0f 9 US 7,346,921 B2 $9 /- 802 PERMISSION CONCEPTS (CONTEXT AND OPERATION) /' ' ‘\ // /// \\ // ,/ \\ SECURITY SECURITY _ 0 _ SECURITY RULES RULEs RULES 804(1) J 804(2) J 804(8) -/ W X

Description:
Muller, “ Desktop Encyclopedia of the Internet,” Artech House,. 6,632,251 B1 10/2003 Robbins, “Effective awk Programming,” May 2001, O'Reilly &. 6,728,685 B1 Robbins, “Gawk 3.1 New Feature List,” Sep. 3, 2000, Usenet.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.