As individuals and enterprises become more dependent on the use of electronic computing devices, there is an increasing need to provide security for electronic applications and their data. Users of computing devices must feel confident that their private data will not be exposed to other, unauthorized persons or groups. Moreover, providers of electronic services must also feel confident that applications which are used in connection with their services will not be corrupted by other applications from other providers. Such corruption may result in poor service quality or in a complete failure to provide the service, thereby inconveniencing the customer and tarnishing the reputation of the service provider.
In traditional desktop computing environments, most applications are either provided by a single developer or are specially designed to function and cooperate with applications from other developers. For example, in desktop, environments, common applications such as a word processor, a spreadsheet, an electronic mail application, and an Internet browser are often designed by a single developer. Additionally, even if designed by different developers, there is generally a mutual trust that desktop applications will function efficiently with one another. Accordingly, desktop security concerns generally are primarily focused on untrusted users accessing a system rather than on untrusted applications within the system. Thus, desktop security systems generally invoke user oriented security models.
In an exemplary desktop security model, each user or group of users has a corresponding security account. When a user logs on to a computing device or network of computing devices, the user enters a password to authenticate his identity. A token is then generated for the user that includes the user's corresponding accounts and privileges. A privilege is the right of an account to perform various system related operations such as, for example, shutting down the system, loading device drivers, and changing the system time. An exemplary prior art token 100 is shown in FIG. 1. Token 100 includes a user account entry 102, which includes the user's account, and a group account list 104, which includes the accounts of every group of which the user is a member. Token 100 also includes a privilege list 106, which lists each of the user's associated privileges.
The token is used to determine whether its corresponding user is authorized access to secure objects within the system. Specifically, each secure object within the system has a discretionary access control list (DACL), that identifies the access rights of each account with respect to the secure object. The DACL has a number of entries, referred to as access control entries (ACE's), each specifying the access rights of a particular account. An exemplary prior art DACL 210 is shown in FIG. 2. DACL 210 includes ACE's 212-216. User tokens 100 and 101 are both attempting to gain access to secure object 200. User token 100 has been denied access to secure object 200 because, as indicated by ACE 212, Andrew does not have access to secure object 200. The denied access of token 100 is represented by the dashed line shown in FIG. 2. By contrast, user token 101 has been granted access to secure object 200 because, as indicated by ACE 214, Group A has write access secure object 200.
Unlike desktop computers, portable computing devices such as, for example, cellular phones and personal data assistants (PDA's) generally include a number of different applications from a number of different service providers. For example, a single cellular phone may include applications from a telephone service provider, a software provider, and a company which issues the phone to an employee. Service providers and companies tend to have concerns of allowing untrusted applications to be executed on devices which are on their networks or connected to their enterprise systems. Accordingly, user oriented security models, such as the one set forth above, are not ideal for portable devices because user oriented security models do not necessarily protect one application and its data from other applications running on the system. Accordingly, there is a need in the art for an efficient application oriented security model. The present invention satisfies these and other needs.