[54] OBJECT-ORIENTED TRUSTED APPLICATION FRAMEWORK
[75] Inventor: Gary L. Luckenbaugh, Gaithersburg, Md.
[73] Assignee: Lockheed Martin Corporation,
Bethesda, Md.
[21] Appl. No.: 08/834,784 [22] Filed: Apr. 3, 1997
[51] Int. CI. G06F 12/00
[52] U.S. CI 713/200; 707/5
[58] Field of Search 395/186, 600,
395/700, 726, 187.01, 188.01, 614, 701, 601, 54, 683; 380/25, 4, 9, 23; 707/9, 10,
103, 1, 5, 7; 713/200, 187.01; 364/286.4
[56] References Cited
U.S. PATENT DOCUMENTS
5,560,005 9/1996 Hoover et al 395/600
5,680,452 10/1997 Shanton 380/4
5,682,535 10/1997 Knudsen 395/701
5,689,700 11/1997 Miller et al 395/610
5,717,755 2/1998 Shanton 380/25
5,720,033 2/1998 Deo 395/186
5,781,633 7/1998 Tribble et al 380/25
5,787,427 7/1998 Benantar et al 707/9
5,787,438 7/1998 Cink et al 707/103
5,826,268 10/1998 Schaefer et al 707/9
Primary Examiner—Robert W. Beausoliel, Jr.
Assistant Examiner—Nadeem Iqbal
Attorney, Agent, or Firm—-Whitham, Curtis & Whitham
[57] ABSTRACT
An object-oriented framework provides ease of development and alteration of access control systems for arbitrary applications and accomodates arbitrary security policies while providing fine-grained security by providing for creation of labels for portions of a resource such as an application or portions of files, credentials corresponding to users and any other objects of the access control system by providing templates for such objects within at least one policy manager class of objects and which can be selected or modified at will. Provision for creation of label and credential objects which are later compared or correlated for granting or denying access to portions of a resource effectively decouples security policy from security enforcement and allows reconciliation of security policies having inconsistent requirements as well as development of hybrid and customized security policies.
6 Claims, 4 Drawing Sheets
