Generating rule-based access control policies using a bytecode instrumentation system

Generating rule-based access control policies using a bytecode instrumentation system

Instrumentation codes are inserted into predetermined portions of a bytecode. Every transaction referenced in the bytecode is virtually combined and arranged hierarchically to describe a virtual transaction stack describing the computer-based resources accessed during the transaction. Based at least...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gupta, Ruchir, Kishore, Somesula Pradeep, Agarwal, Sanjay Kumar
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Instrumentation codes are inserted into predetermined portions of a bytecode. Every transaction referenced in the bytecode is virtually combined and arranged hierarchically to describe a virtual transaction stack describing the computer-based resources accessed during the transaction. Based at least on the origin of the transaction, the characteristics of the transaction and the computer-based resources accessed during the transaction, the sensitivity of the transaction, and the security context of each of the computer-based resources accessed during the transaction are determined. A policy store is searched for at least one access control policy referencing the transaction, or the computer-based resources requested accessed by the transaction. If such an access control policy is found, it is selectively modified to refer exclusively to the transaction and the corresponding sensitive computer-based resources. Otherwise, a new access control policy exclusively referencing the data-oriented transactions and the corresponding sensitive computer-based resources is created.