Security policy for protection of files on a storage device

Assignee

• International Business Machines Corporation · US

Inventors

• Vernon Ralph Austel · Somers, US
• Paul A. Karger · Chappaqua, US
• David C. Toll · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99939
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function. The respective access classes of the target file, target program, and accessing program are compared. If the comparison results meet the security requirements, the function is performed.