-
公开(公告)号:FR2800480A1
公开(公告)日:2001-05-04
申请号:FR0012360
申请日:2000-09-28
Applicant: IBM CORP INTERNAT BUSINESS MAC
Inventor: AUSTEL VERNON RALPH , KARGER PAUL ASHLEY , TOLL DAVID CLAUDE
Abstract: The method assigns an initial access class to files to be protected, which comprises an integrity class and a confidentiality class. The confidentiality class comprises rules defining divulgence of data in the files and the integrity class comprises rules defining modification of data in the files. The access classes for the calling file and the target file are compared to determine access.
-
公开(公告)号:FR2800480B1
公开(公告)日:2006-04-07
申请号:FR0012360
申请日:2000-09-28
Applicant: IBM CORP INTERNAT BUSINESS MAC
Inventor: AUSTEL VERNON RALPH , KARGER PAUL ASHLEY , TOLL DAVID CLAUDE
Abstract: Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function. The respective access classes of the target file, target program, and accessing program are compared. If the comparison results meet the security requirements, the function is performed.
-
Search Results
2
records
(took 0.024 seconds)
