WO2007130512A3 - Methods and systems for specifying and enforcing access control in a distributed system - Google Patents

Methods and systems for specifying and enforcing access control in a distributed system Download PDF

Info

Publication number
WO2007130512A3
WO2007130512A3 PCT/US2007/010730 US2007010730W WO2007130512A3 WO 2007130512 A3 WO2007130512 A3 WO 2007130512A3 US 2007010730 W US2007010730 W US 2007010730W WO 2007130512 A3 WO2007130512 A3 WO 2007130512A3
Authority
WO
WIPO (PCT)
Prior art keywords
list
access
systems
methods
access control
Prior art date
Application number
PCT/US2007/010730
Other languages
French (fr)
Other versions
WO2007130512A2 (en
Inventor
Anthony Spataro
Vishal Mittal
John Kennedy
Ashih V Thapliyal
Original Assignee
Citrix Online Llc
Anthony Spataro
Vishal Mittal
John Kennedy
Ashih V Thapliyal
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citrix Online Llc, Anthony Spataro, Vishal Mittal, John Kennedy, Ashih V Thapliyal filed Critical Citrix Online Llc
Priority to EP07776672A priority Critical patent/EP2024896A2/en
Priority to AU2007248551A priority patent/AU2007248551B2/en
Priority to CA2650929A priority patent/CA2650929C/en
Publication of WO2007130512A2 publication Critical patent/WO2007130512A2/en
Publication of WO2007130512A3 publication Critical patent/WO2007130512A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Abstract

Methods and systems for controlling access to objects of a distributed computing environment are described. In one configuration, a computing device receives a request from a principal to access a protected object and evaluating the transitive closure of the list of group identifiers. The protected object is associated with an access control list and has a time invariant list of group identifiers. The list of group identifiers includes the access list is associated with the protected object to identify at least one principal authorized to access the protected object.
PCT/US2007/010730 2006-05-04 2007-05-03 Methods and systems for specifying and enforcing access control in a distributed system WO2007130512A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP07776672A EP2024896A2 (en) 2006-05-04 2007-05-03 Methods and systems for specifying and enforcing access control in a distributed system
AU2007248551A AU2007248551B2 (en) 2006-05-04 2007-05-03 Methods and systems for specifying and enforcing access control in a distributed system
CA2650929A CA2650929C (en) 2006-05-04 2007-05-03 Methods and systems for specifying and enforcing access control in a distributed system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/381,698 US7895639B2 (en) 2006-05-04 2006-05-04 Methods and systems for specifying and enforcing access control in a distributed system
US11/381,698 2006-05-04

Publications (2)

Publication Number Publication Date
WO2007130512A2 WO2007130512A2 (en) 2007-11-15
WO2007130512A3 true WO2007130512A3 (en) 2008-03-20

Family

ID=38662639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/010730 WO2007130512A2 (en) 2006-05-04 2007-05-03 Methods and systems for specifying and enforcing access control in a distributed system

Country Status (5)

Country Link
US (1) US7895639B2 (en)
EP (1) EP2024896A2 (en)
AU (1) AU2007248551B2 (en)
CA (1) CA2650929C (en)
WO (1) WO2007130512A2 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9361137B2 (en) * 2006-03-10 2016-06-07 International Business Machines Corporation Managing application parameters based on parameter types
US7908298B1 (en) * 2007-08-09 2011-03-15 Robert C. Lancaster Calculating list
US8561136B2 (en) * 2007-10-10 2013-10-15 R. Brent Johnson System to audit, monitor and control access to computers
US8196187B2 (en) * 2008-02-29 2012-06-05 Microsoft Corporation Resource state transition based access control system
US8245291B2 (en) * 2008-11-18 2012-08-14 Oracle International Corporation Techniques for enforcing access rights during directory access
US8250628B2 (en) 2009-08-28 2012-08-21 International Business Machines Corporation Dynamic augmentation, reduction, and/or replacement of security information by evaluating logical expressions
TW201117590A (en) * 2009-11-10 2011-05-16 Aten Int Co Ltd Method and system of desktop broadcasting
US10454997B2 (en) * 2012-09-07 2019-10-22 Avigilon Corporation Distributed physical security system
US8954467B2 (en) * 2012-11-29 2015-02-10 Citrix Systems, Inc. Systems and methods for automatically associating communication streams with a file presented during a meeting
CN104077328B (en) * 2013-03-29 2019-05-24 百度在线网络技术(北京)有限公司 The operation diagnostic method and equipment of MapReduce distributed system
US10891651B1 (en) 2014-03-12 2021-01-12 Groupon, Inc. Method and system for launching application programs using promotion impressions
US10846749B1 (en) 2014-03-12 2020-11-24 Groupon, Inc. Method and system for offering promotion impressions using application programs
US9860252B2 (en) * 2014-03-25 2018-01-02 Open Text Sa Ulc System and method for maintenance of transitive closure of a graph and user authentication
US9959109B2 (en) 2015-04-10 2018-05-01 Avigilon Corporation Upgrading a physical security system having multiple server nodes
US10044718B2 (en) * 2015-05-27 2018-08-07 Google Llc Authorization in a distributed system using access control lists and groups
US10560499B2 (en) 2015-12-31 2020-02-11 Screenbeam Inc. Displaying content from multiple devices
US10997557B2 (en) 2016-10-14 2021-05-04 Slack Technologies, Inc. Method, apparatus, and computer program product for authorizing and authenticating user communication within an enterprise group-based communication platform
US11341093B2 (en) 2017-07-20 2022-05-24 Slack Technologies, Llc Method, apparatus and computer program product for generating externally shared communication channels
US10541825B2 (en) 2017-07-20 2020-01-21 Slack Technologies, Inc. Method, apparatus and computer program product for generating externally shared communication channels
US10402371B2 (en) 2017-07-20 2019-09-03 Slack Technologies, Inc. Method, apparatus and computer program product for generating externally shared communication channels
US10708223B2 (en) * 2017-12-22 2020-07-07 Nicira, Inc. Dynamically defining encryption spaces across multiple data centers
US11782965B1 (en) * 2018-04-05 2023-10-10 Veritas Technologies Llc Systems and methods for normalizing data store classification information
US11431769B2 (en) * 2018-04-26 2022-08-30 Slack Technologies, Llc Systems and methods for managing distributed client device membership within group-based communication channels
US10346378B1 (en) * 2018-11-30 2019-07-09 Slack Technologies, Inc. Data storage architecture for an enterprise communication system
US10885113B2 (en) 2019-03-27 2021-01-05 Slack Technologies, Inc. Expandable data object management and indexing architecture for intersystem data exchange compatibility
WO2021108716A1 (en) 2019-11-27 2021-06-03 Screenbeam Inc. Methods and systems for reducing latency on a collaborative platform
US20220198037A1 (en) * 2020-12-21 2022-06-23 Dropbox, Inc. Evaluating an access control list from permission statements
US11803652B2 (en) 2020-12-21 2023-10-31 Dropbox, Inc. Determining access changes
US11789976B2 (en) 2020-12-21 2023-10-17 Dropbox, Inc. Data model and data service for content management system
US11799958B2 (en) 2020-12-21 2023-10-24 Dropbox, Inc. Evaluating access based on group membership

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5220604A (en) * 1990-09-28 1993-06-15 Digital Equipment Corporation Method for performing group exclusion in hierarchical group structures
US20020087859A1 (en) * 2000-05-19 2002-07-04 Weeks Stephen P. Trust management systems and methods
US6516317B1 (en) * 2000-12-21 2003-02-04 Oracle Corporation Method and apparatus for facilitating compartmentalized database user management
US20040221037A1 (en) * 2003-05-02 2004-11-04 Jose Costa-Requena IMS conferencing policy logic

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4649510A (en) 1982-04-30 1987-03-10 Schmidt Walter E Methods and apparatus for the protection and control of computer programs
US5175852A (en) 1987-02-13 1992-12-29 International Business Machines Corporation Distributed file access structure lock
JPH087709B2 (en) * 1989-05-15 1996-01-29 インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン Access privilege control method and system
US5187790A (en) 1989-06-29 1993-02-16 Digital Equipment Corporation Server impersonation of client processes in an object based computer operating system
US5263165A (en) 1990-02-15 1993-11-16 International Business Machines Corporation System for providing user access control within a distributed data processing system having multiple resource managers
AU639802B2 (en) 1990-08-14 1993-08-05 Oracle International Corporation Methods and apparatus for providing dynamic invocation of applications in a distributed heterogeneous environment
US5173939A (en) * 1990-09-28 1992-12-22 Digital Equipment Corporation Access control subsystem and method for distributed computer system using compound principals
AU3944793A (en) 1992-03-31 1993-11-08 Aggregate Computing, Inc. An integrated remote execution system for a heterogenous computer network environment
US5412717A (en) 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5586260A (en) 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
CA2143874C (en) 1994-04-25 2000-06-20 Thomas Edward Cooper Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5604490A (en) 1994-09-09 1997-02-18 International Business Machines Corporation Method and system for providing a user access to multiple secured subsystems
US5630757A (en) 1994-11-29 1997-05-20 Net Game Limited Real-time multi-user game communication system using existing cable television infrastructure
US5677851A (en) * 1994-12-15 1997-10-14 Novell, Inc. Method and apparatus to secure digital directory object changes
US5729734A (en) 1995-11-03 1998-03-17 Apple Computer, Inc. File privilege administration apparatus and methods
US5838910A (en) 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server at an internet site
US5923756A (en) 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6256739B1 (en) 1997-10-30 2001-07-03 Juno Online Services, Inc. Method and apparatus to determine user identity and limit access to a communications network
US6157953A (en) 1998-07-28 2000-12-05 Sun Microsystems, Inc. Authentication and access control in a management console program for managing services in a computer network
EP1127425A4 (en) 1998-10-28 2004-12-01 L 3 Comm Corp Apparatus and methods for cryptographic synchronization in packet based communications
US6584493B1 (en) 1999-03-02 2003-06-24 Microsoft Corporation Multiparty conferencing and collaboration system utilizing a per-host model command, control and communication structure
GB9913165D0 (en) 1999-06-08 1999-08-04 Secr Defence Access control in a web environment
US6609198B1 (en) 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6535879B1 (en) 2000-02-18 2003-03-18 Netscape Communications Corporation Access control via properties system
US7013485B2 (en) * 2000-03-06 2006-03-14 I2 Technologies U.S., Inc. Computer security system
US6671695B2 (en) * 2001-06-18 2003-12-30 The Procter & Gamble Company Dynamic group generation and management
US7194002B2 (en) * 2002-02-01 2007-03-20 Microsoft Corporation Peer-to-peer based network performance measurement and analysis system and method for large scale networks
US20040161728A1 (en) * 2003-02-14 2004-08-19 Benevento Francis A. Distance learning system
US8627489B2 (en) * 2003-10-31 2014-01-07 Adobe Systems Incorporated Distributed document version control
KR100553273B1 (en) * 2003-11-14 2006-02-22 주식회사 넷츠 Extranet access management apparatus and method
US7302708B2 (en) * 2004-03-11 2007-11-27 Harris Corporation Enforcing computer security utilizing an adaptive lattice mechanism
US8245280B2 (en) * 2005-02-11 2012-08-14 Samsung Electronics Co., Ltd. System and method for user access control to content in a network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5220604A (en) * 1990-09-28 1993-06-15 Digital Equipment Corporation Method for performing group exclusion in hierarchical group structures
US20020087859A1 (en) * 2000-05-19 2002-07-04 Weeks Stephen P. Trust management systems and methods
US6516317B1 (en) * 2000-12-21 2003-02-04 Oracle Corporation Method and apparatus for facilitating compartmentalized database user management
US20040221037A1 (en) * 2003-05-02 2004-11-04 Jose Costa-Requena IMS conferencing policy logic

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
VINTER S T: "Extended discretionary access controls", SECURITY AND PRIVACY, 1988. PROCEEDINGS., 1988 IEEE SYMPOSIUM ON OAKLAND, CA, USA 18-21 APRIL 1988, WASHINGTON, DC, USA,IEEE COMPUT. SOC. PR, US, 18 April 1988 (1988-04-18), pages 39 - 49, XP010012324, ISBN: 0-8186-0850-1 *

Also Published As

Publication number Publication date
EP2024896A2 (en) 2009-02-18
AU2007248551B2 (en) 2013-02-21
US20070261102A1 (en) 2007-11-08
AU2007248551A1 (en) 2007-11-15
US7895639B2 (en) 2011-02-22
WO2007130512A2 (en) 2007-11-15
CA2650929A1 (en) 2007-11-15
CA2650929C (en) 2015-11-24

Similar Documents

Publication Publication Date Title
WO2007130512A3 (en) Methods and systems for specifying and enforcing access control in a distributed system
MX2021011639A (en) Physical access control systems with localization-based intent detection.
WO2014078585A3 (en) Methods, systems and computer readable media for detecting command injection attacks
GB2447829A (en) Video aided system for elevator control
MXPA05007150A (en) Policy engine and methods and systems for protecting data.
WO2007009009A3 (en) Systems and methods for identifying sources of malware
WO2008008765A3 (en) Role-based access in a multi-customer computing environment
WO2009023580A3 (en) Automated application modeling for application virtualization
WO2010144815A3 (en) System and method for providing security aboard a moving platform
GB2488262A (en) Extensible access control list framework
NO20092482L (en) System analysis and handling
WO2014016695A3 (en) Presence-based credential updating
WO2006081486A3 (en) Methods and apparatus providing security for multiple operational states of a computerized device
WO2015192045A3 (en) Precisely tracking memory usage in multi-process computing environment
WO2009038651A3 (en) Systems, devices, and/or methods for managing programmable logic units
WO2007136446A3 (en) Device social-control system
WO2013048933A3 (en) System and method for disaster recovery
WO2008033153A3 (en) Methods and systems for identifying safe havens for hazardous material transports
WO2008038196A3 (en) Protecting interfaces on processor architectures
WO2010141059A3 (en) Methods for controlling host memory access with memory devices and systems
WO2009146105A8 (en) Systems and methods for event coordination and asset control
WO2009065000A3 (en) Reduced security risk apparatus and method for analyzing and managing unstructured data
GB2442172A (en) Anti-hack protection to restrict installation of operating systems and other software
WO2009006346A3 (en) System and method for resolving permission for role activation operators
GB0613116D0 (en) Handover of a communication device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2650929

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2007248551

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2007776672

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2007248551

Country of ref document: AU

Date of ref document: 20070503

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07776672

Country of ref document: EP

Kind code of ref document: A2