[특허]Method for file system security by controlling access to the file system resources using externally stored attributes

Method for file system security by controlling access to the file system resources using externally stored attributes 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-009/00
출원번호	UP-0735003 (2003-12-12)
등록번호	US-7568097 (2009-08-05)
발명자 / 주소	Burnett, Rodney Carlton
출원인 / 주소	International Business Machines Corporation
대리인 / 주소	LaBaw, Jeffrey
인용정보	피인용 횟수 : 12 인용 특허 : 9

초록 ▼

The present invention is an algorithm that manages the ability of a user or software program to access certain protected file resources. This invention describes a method for file system security through techniques that control access to the file system resources using externally stored attributes. This invention accomplishes the described objectives in file system security by creating an external database containing auxiliary attributes for objects in the file system. During a file access attempt, an identifier of this file will be matched against a set of protected files in a security database. If that file is not in the database, there is not protection on the file and requester will be allowed to access the file. If a match does show that the file is protected there will be a determination as to whether the requester will be allowed access to the file. The basis for this access determination will be a set security rules defined in the external security attribute. This invention incorporates techniques and algorithms for attribute attachment, storage and organization of the associations to these attributes, and subsequent recognition of attached attributes. In this approach, the attributes would define authorization policy for controlling access to objects in the file system.

대표청구항 ▼

I claim: 1. A method external from a native operating system of a computer system for generating a file identifier for use in controlling access to file system resources in a computer system comprising the steps of: generating a data structure having a pointer to an index related to a physical location of a file resource in the file system and a pointer to a directory containing a requested file resource, wherein the file resource and the directory are on a memory device; obtaining a unique physical attribute of the file system object, by retrieving a serial number for a file location where a requested file system resource resides the file system location is retrieved from an inode or vnode index or from a serial number generated using a programming interface; obtaining the name of the file system object, by opening the directory identified in the data structure, for each entry in the directory, reading the serial number for the file location, comparing said vnode or inode number to said serial number for the file location number and retrieving the file name of the resource out of the directory; and constructing a file identifier for that file system object from said obtained unique physical attribute and said file system object name, by coupling the unique physical attribute to the file system object name to produce the file identifier for a particular file system object. 2. The method as described in claim 1 wherein said file identifier construction step comprises placing the index number at the beginning of the bytes that will be the file identifier and appending the file name to the file of bytes. 3. The method as described in claim 1 further comprising after said comparing step, the steps of: retrieving the next entry in the directory when the said comparison is not equal; determining if this entry is the last entry; and proceeding to read said entry is not the last entry. 4. The method as described in claim 3 further comprising the step of returning no file identifier when no directory entry file serial number equals the index file space number. 5. A method external from a native operating system of a computer system for generating a file identifier for use in controlling access to file system resources in the computer system, the external file generating method comprising the steps: obtaining an underlying object data pointer for a file system object; obtaining an object pointer of for the parent directory of the file system object; obtaining a physical file location number for the system object using the obtained underlying object data pointer for the system file object and the obtained object pointer of for the parent directory of the file system object, wherein the system object and the parent directory are on a memory device; obtaining the file name for the system file object by using the data pointer for the parent directory by using the data pointer for the parent directory to open the directory; obtaining a specific file serial number for the system file object using the physical file; reading information contained in the directory to get a directory entry's serial number or node index; determining whether there is a match between a serial number of an entry in the parent directory and the obtained serial number of the specific file system object; when the determination is that the serial number of a directory entry is equal to the serial number of the specific file system object, retrieving the name of the entry in the directory and the length of that name; constructing a file identifier for a file system resource of the file system object by placing the file serial number at the beginning of the file of bytes; appending the length of the file name and file name to the constructed file identifier resulting in memory locations containing the serial number, the length of the file name and the file name in consecutive memory locations; setting a file identifier length for the constructed file identifier to be equal to the length of the file name plus the number of bytes required for the serial number plus the number of byes required to write the length of the file name; and returning the newly constructed file identifier to the user.

이 특허에 인용된 특허 (9)

Gomola John W. (Pittsburgh PA) Wood William G. (Pittsburgh PA) Jones F. David (Pittsburgh PA) Wallace Frank E. (Irwin PA) Marano Ross T. (Murrysville PA), Combined file and directory system for a process control digital computer system.
상세보기
Sakurai Naoki (Yokohama JPX), Computer file system.
상세보기
Gore ; Jr. Robert C., File system and method for file system object customization which automatically invokes procedures in response to acces.
상세보기
David A. Farber ; Ronald D. Lachman, Identifying and requesting data in network using identifiers which are based on contents of data.
상세보기
Burkes Daniel F. ; Jones William H. ; Kish John W. ; Moody Paul B. ; Royal Eliza H., Method and apparatus for creating and organizing a document from a plurality of local or external documents represented as objects in a hierarchical tree.
상세보기
Duvall Keith E. (Georgetown TX) Hooten Anthony D. (Round Rock TX) O\Quin ; III John C. (Chappaqua NY) Smith Todd A. (Austin TX), Method to automatically increase the segment size of unix files in a page segmented virtual memory data processing syste.
상세보기
Winterbottom Philip Steven, Methods and apparatus for storage and retrieval of name space information in a distributed computing system.
상세보기
Zarmer Craig (Mountain View CA) Jones Anne (Redwood City CA) Arnold Kevin M. (Cupertino CA) Chambers Paul S. (San Jose CA) Eastwood Tom (Menlo Park CA) Helfinstein Ruth A. (Sunnyvale CA) Rusoff Jason, System for managing local database updates published to different online information services in different formats from.
상세보기
Karp,Alan H.; Gupta,Rajiv; Banerji,Arindam; Chao,Chia Chiang; Mak,Ernest; Kumar,Sandeep, Task-specific flexible binding in a software system.
상세보기

이 특허를 인용한 특허 (12)

Osmond, Roger F.; Goren, Gil, Achieving strong cryptographic correlation between higher level semantic units and lower level components in a secure data storage system.
상세보기
Gunawardena, Dinan Srilal; Harper, Richard; Thereska, Eno, Data store including a file location attribute.
상세보기
Hom, Richard V.; Roxin, David C., Data system forensics system and method.
상세보기
Hom, Richard V.; Nelson, Eric M.; Roxin, David C., Gathering, storing and using reputation information.
상세보기
Horn, Richard V.; Nelson, Eric M.; Roxin, David C., Gathering, storing and using reputation information.
상세보기
Meketa, Deneb, Loading applications in non-designated environments.
상세보기
Hom, Richard V.; Roxin, David C., Party reputation aggregation system and method.
상세보기
Factor, Michael; Kolodner, Elliot K; Shulman-Peleg, Alexandra, Policy access control lists attached to resources.
상세보기
Factor, Michael; Kolodner, Elliot K; Shulman-Peleg, Alexandra, Policy access control lists attached to resources.
상세보기
Hom, Richard V.; Roxin, David C., Reputation based access control.
상세보기
Hom, Richard V.; Roxin, David C., Reputation based access control.
상세보기
Hom, Richard V.; Roxin, David C., Reputation based access control.
상세보기

내보내기 메뉴

내보내기 구분

파일저장
인쇄
메일전송

구성항목

기본정보
상세정보

관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC

저장형식

Text(ASCII format)
Excel format
PIAS분석(.xls)

메일정보

받는사람 (필수): @
보내는사람 (선택): @
제목
내용: KISTI 검색결과 이메일 서비스

안내

총 건의 자료가 검색되었습니다.

다운받으실 자료의 인덱스를 입력하세요. (1-10,000)

검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다.

데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요)

다운로드 파일은 UTF-8 형태로 저장됩니다.
파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오.

Text(ASCII format)
Excel format

AI-Helper ※ AI-Helper는 을 사용합니다.

AI-Helper

안녕하세요, AI-Helper입니다. 좌측 "선택된 텍스트"에서 텍스트를 선택하여 요약, 번역, 용어설명을 실행하세요.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

연합인증

Method for file system security by controlling access to the file system resources using externally stored attributes 원문보기