The present invention relates to computer security systems for networked applications. More specifically, the present invention relates to limiting access by one or more users to networked applications.
Most computer systems currently in place are used by multiple users in parallel and/or serially. This includes networked computer systems that have two or more of computer processors, storage units, and/or other computer hardware, some of which can include various computer software. In addition to limiting access to the computer system itself, it is sometimes desirable for different users to have different rights or access to various applications or services on the network (xe2x80x9cnetwork servicesxe2x80x9d). Such access control may be useful to maintain the integrity of the computer system, including that of resident data or programs. Such needs can become increasingly important and their solutions more complex as the number of users and/or size of the network increases.
Access to an application server or particular use of an application server can be limited by the application server requiring permission information associated with the application and the user invoking the application client. When the user invokes the application client, the permission information is passed to the application server. The application server evaluates the permission information to determine whether and/or how to proceed with the server functions. For example, in a web browser application, when the web browser client is invoked to access a requested URL via the web browser server, the permission information related to the user and the web browser client are passed to and used by the web browser server. The web browser server can use the permission information to make access control decisions, e.g., by evaluating whether the user has the permissions that are appropriate for accessing the requested URL. It can be appreciated, therefore, that when permission information associated with a first user is used by an application client when invoked by a second user, the second user may masquerade as the first user and gain access to information for which that second user does not have rights. Depending upon the permission information, the second user may be able to read, write, execute, or perform some other process with regard to information, when the second user does not have such predetermined rights.
Permission information or information from which the permission information can be determined, collectively called access information, can be stored in an access file in memory of the host computer system. Typically, an individual host computer of a computer network includes an operating system which can facilitate control of the host file system of files, including the access file. The file system can maintain the file permissions or access control lists (ACL""s) of the various files located in memory of the host. Usually these permissions can be modified by the owner of the file or by another entity with appropriate rights. More particularly, such permissions and ACL""s can include an identification of the user(s) that have permission to, for example, write to and/or read from the particular file. Thus, the file system can provide a measure of access control for such files under its purview. However, with some operating systems, techniques can be used by a user to gain access to the access file, and therefore to permission information, associated with any other user. Such users can then masquerade as other users and gain unauthorized access to information.
Accordingly, a security system and method is desired to provide increased access control to network applications and/or services by more effectively controlling access to network security credentials that allow users to authenticate to application servers. It is also desired to extend such access control to a per-process granularity on the user host computer system. In particular, it is desired that such security system require minimal complexity and minimal amount of change to an existing computer system, while maximizing allowable user access and access control flexibility. Such a system and method are implemented in conjunction with an operating system with which each process is prevented from accessing the memory associated with the operating system and the memory associated with other processes on the host computer system.
The foregoing and other needs that will become apparent from the following description, are achieved by the present invention which comprises, in one aspect, a computer-implemented method of limiting access to a credential that can facilitate access by a first user to a computer networked service on a networked computer system. The method includes receiving user information provided by the first user and storing the credential such that the credential is accessible only by using a local security authority. The method also includes generating a random secret value corresponding to the credential, and storing the random secret value in a secret file that can be modified and retrieved only by the first user.
In another embodiment, a computer readable medium containing program instructions for limiting access to a credential that can facilitate access by a first user to a computer networked service on a networked computer system, wherein when the computer readable medium is read by a computer system having a processor and memory the program instructions are configured to be executed by the processor. The computer readable medium includes program instructions for recognizing user information provided by the first user and program instructions for storing the credential such that the credential is accessible only by using a local security authority. The computer readable medium also includes program instructions for generating a random secret value corresponding to the credential, as well as program instructions for storing the random secret value in a secret file that can be modified and retrieved only by the first user.
In yet another embodiment, a computer system configured to limit access by users to networked services on a computer network includes a local security authority configured to authenticate the identity of a user, to determine a credential corresponding to the user, to generate a random secret value corresponding to the determined credential, and to determine authorization information associated with both the user and an application. The computer system also includes a local security authority memory associated with the local security authority, configured only by operation of the local security authority, as well as computer-readable memory configured to store a secret file which is configured to store the random secret value and which is readable substantially only by processes executed by the user.