1. Field of the Invention
The present invention relates generally to systems and methods for maintaining security of computer systems connected to one or more networks (e.g., Local Area Networks or Wide Area Networks) and, more particularly, to a system providing methodology for access control with cooperative enforcement.
2. Description of the Background Art
The first computers were largely stand-alone units with no direct connection to other computers or computer networks. Data exchanges between computers were mainly accomplished by exchanging magnetic or optical media such as floppy disks. Over time, more and more computers were connected to each other using Local Area Networks or LANs. In both cases, maintaining security and controlling what information a computer user could access was relatively simple because the overall computing environment was limited and clearly defined.
With the ever-increasing popularity of the Internet, however, more and more computers are connected to larger networks. Providing access to vast stores of information, the Internet is typically accessed by users through Web “browsers” (e.g., Microsoft® Internet Explorer or Netscape Navigator) or other Internet applications. Browsers and other Internet applications include the ability to access a URL (Universal Resource Locator) or “Web” site. In the last several years, the Internet has become pervasive and is used not only by corporations, but also by a large number of small businesses and individual users for a wide range of purposes. Many applications are now Web-enabled, providing services to remote users through various types of networks.
As more and more computers are now connected to other local and remote computers (e.g., via the Internet), a whole new set of challenges face system administrators and individual users alike: these previously closed computing environments are now open to a worldwide network of computer systems. A particular set of challenges involves attacks by perpetrators (hackers) capable of damaging the local computer systems, misusing those systems, and/or stealing proprietary data and programs. Another challenge is in maintaining and securing applications (services) that are made available to remote users.
A service is a unit of program logic (e.g., an application or process) which runs on a remote computer or in the background on a local computer and provides data to and/or performs tasks for other programs (e.g., application programs). The work performed or offered by a service may include simply serving simple requests for data to be sent or stored or it may involve more complex tasks. A well known example of a service that is currently in wide use is the domain name service (DNS). The domain name service resolves a URL name to an IP address (and vice versa). Another example of a service is an FTP (file transfer protocol) service for transfer of files. Historically, using a service has involved calling a remote server to obtain data and/or work from the remote server. However, as computers have become more powerful, a typical computer environment also includes services that are available locally.
Currently, most computer services (i.e., server programs in a client-server scheme) grant access to remote computers based on user authentication. In multiprocessing systems, they do the same thing for other processes on the same computer. For the purposes of the following discussion, both of these situations will be referred to as “client/server” computing, where the “client” is a user/program attempting to access a “server” to use a particular service (e.g., an application or service on a remote computer).
Once a client (e.g., user) is authenticated to have access, these services typically assign access privileges to each user or group of users. Depending on the function of the program, the set of access privileges can vary. For file system service programs (e.g., Netbios, SAMBA, and other file sharing systems), access rights include the ability to read, write, execute files, and create or delete files in directories. For Web servers, access rights include the ability to execute specific access verbs (e.g., GET, POST, etc.) to specific URLs. For a sales transaction system, access rights may include the ability to register a sale, to perform a refund, to report the day's tally, and so on.
Access privilege to a given resource is often specified as an access control list (ACL) associated with a specific resource by the operating system or a service application. An ACL names users and groups, and the list of access rights each is assigned. ACLs also list the access rights (if any) of users who are not members of any of the listed groups.
Although current user authentication systems are widely used to control access to computer systems and networks, several problems remain. One problem that is not addressed by current user authentication systems is ensuring that all devices that connect to a service or resource comply with applicable security policies in order to protect these services and resources. For example, if a remote user that is connected to a bank for on-line banking does not apply and enforce the bank's required security policies, a hacker could gain unauthorized access to the bank's systems through the remote user's unsecured system. Although a secure connection may be established between the bank and the user, and the user may be authenticated for access to the bank's systems, if the user's system is vulnerable to any security breaches the security of the overall environment may be jeopardized.
A related problem is that if a client device is infected with a virus or worm, it may infect other machines to which it is connected. For example, an infected computer that is connected to a particular network (e.g., a corporate LAN) may be infected with a virus that intentionally tries to spread itself to other machines. One machine that is not running the correct anti-virus engine or is not equipped with current virus signature definition files may jeopardize the security of many other machines. Ensuring that connected client devices are running current anti-virus programs is particularly important, as virus suppression methods are very time sensitive and failure to use current anti-virus programs may result in the introduction of a virus that can cause significant damage.
A solution is required that validates access and assigns access privileges to clients based on credentials in addition to user identity. The solution should ensure that client devices connecting to services or other resources are using appropriate security mechanisms and are otherwise in compliance with required security policies to maintain the overall security of the environment. In particular, the solution should ensure that a client device requesting access to a particular service has appropriate security mechanisms and virus suppression measures installed and operational before it is permitted to access the service. The present invention provides a solution for these and other needs.