Join
today
Boliven PRO is more than just patent search
- Build and save lists using the powerful Lists feature
- Analyze and download your search results
- Share patent search results with your clients
Patents »
US6209101: Adaptive security system having a hierarchy of security servers
Filing Information
Patent Family
27 Claims, 5 Drawings
Abstract
An adaptive security system having a hierarchy of security servers. The security system maintains a primary security server for each task or process executing within a computing environment. An enforcement mechanism receives resource requests from the tasks and queries the corresponding primary security server which resolves the request based on a set of security associations. If the primary security server is unable to resolve the request, the enforcement mechanism queries a parent security server. Security servers are dynamically created and terminated in response to changing organizational policies. The present invention facilitates the dynamic creation and termination of security servers to adapt to organizational policy changes.
- 1. A security system for controlling access to a plurality of resources within a computing environment comprising:
a plurality of security servers, wherein each security server includes a set of security associations; and
an enforcement mechanism communicatively coupled to the plurality of security servers, wherein the enforcement mechanism enforces a request to access one of the plurality of resources by querying one of the security servers.
- 6. A security system for controlling access to a plurality of resources within a computing environment comprising:
a plurality of security servers, wherein each security server includes a set of security associations; and
an enforcement mechanism communicatively coupled to the plurality of security servers, wherein the enforcement mechanism enforces a request to access one of the plurality of resources by querying one of the security servers, wherein the enforcement mechanism includes an operating system kernel having a task control block for each of a plurality of tasks executing in the computing environment, wherein the enforcement mechanism queries a primary security server identified in the task control block of the corresponding task, wherein each primary security server is a task executing within the computing environment, wherein the task control block of each primary security server identifies a parent security server for resolving resource requests that the primary security server is unable to resolve, wherein each security server includes a data structure defining an execution period, wherein the kernel creates a security server based on a command from one of the tasks in the computing environment, and further wherein the kernel sets the parent security server of the created security server to the primary security server of the commanding task.
- 7. A security system for controlling access to a plurality of resources within a computing environment comprising:
a plurality of security servers, wherein each security server includes a set of security associations; and
an enforcement mechanism communicatively coupled to the plurality of security servers, wherein the enforcement mechanism enforces a request to access one of the plurality of resources by querying one of the security servers, wherein the enforcement mechanism includes an operating system kernel having a task control block for each of a plurality of tasks executing in the computing environment, wherein the enforcement mechanism queries a primary security server identified in the task control block of the corresponding task, wherein each primary security server is a task executing within the computing environment, wherein the task control block of each primary security server identifies a parent security server for resolving resource requests that the primary security server is unable to resolve, wherein each security server includes a data structure defining an execution period, wherein the kernel terminates a security server by identifying the tasks that have the terminated security server as a primary security server, and further wherein the kernel sets the primary security server of each identified task to the parent security server of the terminated security server.
- 9. A security system for controlling access to a plurality of resources within a computing environment comprising:
a plurality of security severs, wherein each security server includes a set of security associations; and
an enforcement mechanism communicatively coupled to the plurality of security servers, wherein the enforcement mechanism enforces a request to access one of the plurality of resources by querying one of the security servers, wherein the enforcement mechanism includes an operating system kernel having a task control block for each of a plurality of tasks executing in the computing environment, wherein the enforcement mechanism queries a primary security server identified in the task control block of the corresponding task, and wherein the operating system kernel includes a cache containing policy queries previously resolved by the security servers.
- 11. A security system for controlling access to a plurality of resources within a computing environment comprising:
a plurality of security severs, wherein each security server includes a set of security associations; and
an enforcement mechanism communicatively coupled to the plurality of security servers, wherein the enforcement mechanism enforces a request to access one of the plurality of resources by querying one of the security servers, wherein the enforcement mechanism includes an operating system kernel having a task control block for each of a plurality of tasks executing in the computing environment, wherein the enforcement mechanism queries a primary security server identified in the task control block of the corresponding task, and wherein each security association maps the requesting task and the requested resources to a response that is selected from the set of (I) access granted, (ii) access denied and (iii) security fault.
- 14. A method for controlling access to a plurality of resources in a computing environment comprising the steps of:
receiving a user request to access one of the resources of the computing environment;
querying at least one of a plurality of security servers to resolve the resource request based on a set of security associations; and
enforcing the request as a function of a response from the queried security server.
- 17. A method for controlling access to a plurality of resources in a computing environment that includes an operating system kernel having a task control block for each of a plurality of tasks executing in the computing environment, comprising the steps of:
receiving a user request to access one of the resources of the computing environment;
querying at least one of a plurality of security servers to resolve the resource request based on a set of security associations, wherein each security server is a task executing within the computing environment, wherein the querying step includes the steps of:
examining the task control block to determine a primary security server for a task requesting one of the resources;
querying the primary security server to resolve the resource request; and
when the primary security server is unable to resolve the resource request,
identifying a parent security server identified in the task control block of the primary security server; and
querying the parent security server to resolve the resource request;
enforcing the request as a function of a response from the queried security server;
creating a security server upon receiving a first command from one of the tasks; and
terminating a security server upon receiving a second command from one of the tasks.
- 23. A method for controlling access to a plurality of resources in a computing environment comprising the steps of:
receiving a user request to access one of the resources of the computing environment;
querying at least one of a plurality of security servers to resolve the resource request based on a set of security associations, wherein the querying step includes the step of selecting the response from the set of: (I) access granted, (ii) access denied and (iii) security fault; and
enforcing the request as a function of a response from the queried security server.
- 26. A computer-readable medium encoded with a software program for processing user requests for resources in a computing environment, the software program executing the steps of:
creating a hierarchy of security servers, wherein each user is assigned a primary security server; and
enforcing each of a plurality of user requests by querying the corresponding primary security server to resolve the resource request based on a set of security associations.
References Cited
U.S. Patent Documents
* cited by examiner
Referenced By
| Document Number | Assignee | Inventors | Issue/Pub Date |
|---|
|
EP1793323
|
Efunds Corporation
|
Charles Bram et al.
|
Jun 2007
|
|
US8316025
|
Oracle International Corporation
|
Ryan Sean McVeigh et al.
|
Nov 2012
|
|
US7490154
|
International Business Machines Corporation
|
Logan M. Colby et al.
|
Feb 2009
|
|
US7496687
|
BEA Systems, Inc.
|
Philip B. Griffin et al.
|
Feb 2009
|
|
US7506357
|
Bea Systems, Inc.
|
Mark Moriconi et al.
|
Mar 2009
|
|
US7499948
|
BEA Systems, Inc.
|
Greg Smith et al.
|
Mar 2009
|
|
US7367014
|
BEA Systems, Inc.
|
Philip B. Griffin
|
Apr 2008
|
|
US7415478
|
BEA Systems, Inc.
|
James Owen et al.
|
Aug 2008
|
|
US7236975
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Jun 2007
|
|
US7380267
|
Hitachi, Ltd.
|
Masato Arai et al.
|
May 2008
|
|
US7236990
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Jun 2007
|
|
US7318237
|
Bea Systems, Inc.
|
Mark Moriconi et al.
|
Jan 2008
|
|
US7350226
|
BEA Systems, Inc.
|
Mark S. Moriconi et al.
|
Mar 2008
|
|
US7392546
|
BEA Systems, Inc.
|
Paul Patrick
|
Jun 2008
|
|
US7483904
|
BEA Systems, Inc.
|
James Owen et al.
|
Jan 2009
|
|
US7487207
|
BEA Systems, Inc.
|
Neil Smithline et al.
|
Feb 2009
|
|
US7246138
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Jul 2007
|
|
US7580953
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Aug 2009
|
|
US7594224
|
BEA Systems, Inc.
|
Paul Patrick et al.
|
Sep 2009
|
|
US7036148
|
International Business Machines Corporation
|
Ashley Anderson Brook et al.
|
Apr 2006
|
|
US7240280
|
Bea Systems, Inc.
|
Chris Jolley et al.
|
Jul 2007
|
|
US7349966
|
International Business Machines Corporation
|
Logan M. Colby et al.
|
Mar 2008
|
|
US7082530
|
Intel Corporation
|
Nimrod Diamant
|
Jul 2006
|
|
US7451163
|
BEA Systems, Inc.
|
Daniel Selman et al.
|
Nov 2008
|
|
US7562298
|
BEA Systems, Inc.
|
Jalpesh Patadia et al.
|
Jul 2009
|
|
US7433896
|
BEA Systems, Inc.
|
James Owen et al.
|
Oct 2008
|
|
US7472342
|
BEA Systems, Inc.
|
John Haut et al.
|
Dec 2008
|
|
US7483893
|
BAE Systems, Inc.
|
Ryan Sean McVeigh et al.
|
Jan 2009
|
|
US7591000
|
Oracle International Corporation
|
Philip B. Griffin et al.
|
Sep 2009
|
|
US7124293
|
Intel Corporation
|
Avraham Mualem et al.
|
Oct 2006
|
|
US7236989
|
Bea Systems, Inc.
|
Rodney McCauley et al.
|
Jun 2007
|
|
US7451477
|
BEA Systems, Inc.
|
Philip B. Griffin et al.
|
Nov 2008
|
|
US7516167
|
BEA Systems, Inc.
|
Daniel Selman et al.
|
Apr 2009
|
|
US7171684
|
Alcatel
|
Bertrand Marquet et al.
|
Jan 2007
|
|
US7240076
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Jul 2007
|
|
US7426548
|
BEA Systems, Inc.
|
Philip B. Griffin et al.
|
Sep 2008
|
|
US7603547
|
BEA Systems, Inc.
|
Paul Patrick et al.
|
Oct 2009
|
|
US7603548
|
BEA Systems, Inc.
|
Paul Patrick et al.
|
Oct 2009
|
|
US7594112
|
BEA Systems, Inc.
|
Paul Patrick et al.
|
Sep 2009
|
|
US7890315
|
Microsoft Corporation
|
John D. Meier et al.
|
Feb 2011
|
|
US7644432
|
BEA Systems, Inc.
|
Paul Patrick et al.
|
Jan 2010
|
|
US7653930
|
BEA Systems, Inc.
|
Philip B. Griffin et al.
|
Jan 2010
|
|
US7673323
|
BEA Systems, Inc.
|
Mark S. Moriconi
|
Mar 2010
|
|
US7712137
|
Microsoft Corporation
|
John D. Meier
|
May 2010
|
|
US7725560
|
BEA Systems Inc.
|
Christopher E. Bales et al.
|
May 2010
|
|
US7752205
|
BEA Systems, Inc.
|
Ryan Sean McVeigh et al.
|
Jul 2010
|
|
US7774601
|
BEA Systems, Inc.
|
Manish Devgan et al.
|
Aug 2010
|
|
US7810036
|
BEA Systems, Inc.
|
Christopher E. Bales et al.
|
Oct 2010
|
|
US7818788
|
Microsoft Corporation
|
John D. Meier
|
Oct 2010
|
|
US7818344
|
BEA Systems, Inc.
|
Ryan Sean McVeigh et al.
|
Oct 2010
|
|
US7840614
|
Bea Systems, Inc.
|
James Owen et al.
|
Nov 2010
|
|
US7849512
|
Fortressware, Inc.
|
Annsheng Chien Ting et al.
|
Dec 2010
|
|
US7363650
|
BEA Systems, Inc.
|
Mark S. Moriconi et al.
|
Apr 2008
|
|
US7475091
|
BEA Systems, Inc.
|
Rodney McCauley et al.
|
Jan 2009
|
|
US7917537
|
Oracle International Corporation
|
Ryan Sean McVeigh et al.
|
Mar 2011
|
|
US7953734
|
Oracle International Corporation
|
Ryan Sean McVeigh et al.
|
May 2011
|
|
US7992189
|
Oracle International Corporation
|
Philip B. Griffin et al.
|
Aug 2011
|
|
US8032623
|
International Business Machines Corporation
|
Logan M. Colby et al.
|
Oct 2011
|
|
US8099779
|
Oracle International Corporation
|
James Owen et al.
|
Jan 2012
|
|
US8199916
|
International Business Machines Corporation
|
Christopher Meyer et al.
|
Jun 2012
|
Patent Family
The current document is not in a family.
Boliven’s Predicted Expiration Date includes in its calculation the number of days of patent term adjustment a U.S. patent is entitled. The Predicted Expiration Date does not, currently, include in its calculation the payment of maintenance fees, the filing of any disclaimer(s), and/or patent term extension, but Boliven is working to include this information in the near future.
View assignee updates