1. Field of Invention
This invention relates to security systems and methods for computer system software, and more particularly to security shields for computer system's software and methods for implementing such security shields.
2. Description of the Related Art
The present invention provides a software technology and methodology to implement security shields and enhance security capabilities for open systems such as UNIX and NT. Disclosed are software event interception methods for implementing security access control and security monitoring that is non-circumventable and does not require modification of the operating system (OS) and system commands, and which is transparent to the user. The disclosure also describes a unique security language to implement simple but configurable Global Default Protection that is easily implemented on networked systems with significantly reduced administration and costs.
Heretofore, various security systems for computer system software have been proposed and implemented. However, security systems and methods have been limited by significant drawbacks. It is generally agreed in the computer industry that the challenge to computer security lies in both a lack of functional capabilities and in the inability to fully implement the security solutions and methods. A partially implemented security plan is as weak as the weakest point in the entire security system.
Some security systems are provided with point solutions for specific security problems, however, these solutions typically do not have a full set of features and functionality. For example, authentication is only one component of security, and for a security system to be complete it should be accompanied by granular authorization, policy management, and full monitoring and audit reporting.
Other current software security products are ported from other operating system environments or merged together through acquisition. For example, though such approaches to security used in mainframe computers are very effective, using the same approach in a UNIX client/server environment requires addressing issues that are specific to UNIX. By porting security products to UNIX, vendors frequently attempt to implement capabilities that are incomplete for the new operating systems environment. In addition, by combining various products and attempting to integrate them, vendors are faced with complex architectural differences. Frequently, these differences leave the system vulnerable due to lack of integration, limited administrative capabilities, or inadequate security.
Still other approaches use methodologies that are simply too complex to be fully implemented or too costly to manage. These solutions, by necessity, must be complicated in order to secure and protect all distributed computing resources. By way of comparison, the software of the present invention provides a methodology where the scope of the problem is simplified, where prior security methods and products apply complex solutions in an attempt to secure the Superuser. By definition, complexity increases the likelihood of operator error, and increases the inability to validate implemented policies against written policies, and with a concomitantly high administrative cost.
Such prior systems and methods have resulted in extremely high costs to users to evaluate, standardize, purchase, implement, administer, and upgrade. For an enterprise that is seeking end-to-end integrated solutions, the total cost of ownership is a crucial factor. Since such systems and methods offer limited functionality, lack integration, and are very complex to set up and administer, improved solutions and methodologies are clearly needed. Furthermore, such limitations often lead to poor implementation, leaving the system vulnerable and resulting in losses far in excess of the cost of the product.
For example, Dynasoft Inc.'s, BOKS security system provides one level of security control, namely user authentication. BOKS does not provide resource level access control for file and application access. The present invention, however, provides two levels of security, authentication and authorization. Once a user has logged in (authenticated) using the present method, their access is verified (authorized) against the security policy so that only they are able to access the resources for which they have been given permission. This greatly minimizes the destructive activities that an "authorized" user can engage in after they have been logged in.
Another example is memco, Inc.'s SeOS. This methodology is very complicated both to implement and to maintain. Such complexity results primarily from the presence of the Superuser, and SeOS's use of access control lists (ACL) as the principal access control mechanism. The SeOS method retains the user of the Superuser and then attempt to control Superuser access. SeOS protects login access from consoles and terminals, leaving the system vulnerable to attacks from other alternate access paths. The present invention, in contrast, protects access from all alternative access paths and eliminates Superuser access. The computer system is protected because no "backdoor" access exists and no user can assume Superuser control. Moreover, SeOS's architecture makes it difficult to verify a corporate security policy against the SeOS implementation. This results from the presence of the Superuser and access control being provided at the system resource level using ACL's, a bottom up approach. The present invention provides a methodology that insures that resource protection is defined at the user level, a top down approach. Accordingly, using the method of the present invention written corporate security policy can be easily implemented and verified, simplifying centralized security administration, easily meeting audit requirements quickly, and is both secure and easy to manage at a lower cost.
A further example of security systems and methods is Axent, Inc.'s Omniguard. The Omniguard system relies on system access control, security assessment, audit, monitoring, and root privilege delegation capabilities. However, OmniGuard also uses the Superuser and all of the abovementioned vulnerabilities and limitations exist. Furthermore, OmniGuard does not provide access control to files leaving data vulnerable to attack and misuse.
Prior methods to implement security enhancements to an existing computer system have utilized one or a combination of the following approaches to implement security: 1) The development of a new more secure operating system, which is very expensive to both the product developers and the users. For example, the Secure OS from Hewlett Packard, Corp., which uses a government B1 security standard, which is a total rewrite of the OS. 2) The addition of security-related services that require customized changes to the existing OS. Such services include system libraries, new system commands and system configuration files. This approach alters the underlying OS and the interactions with the users, it also involves customized solutions and security management procedures for different computer an operating system.
Accordingly, the primary objects of this invention are to provide a security shield and security methodology for computer system software which adds increased security to existing computer systems and their operating systems, and which is implemented without requiring changes to the software, either source code or binary code of the underlying operating system; which does not require users to change their normal interaction with the computer system and the operating system; which is simple to implement and manage; which has a small operational overhead; which has a uniform implementation approach for different and/or heterogeneous systems; and which is extremely efficient and reliable.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instrumentality's and combinations particularly pointed out in the appended claims.