Data networks have become an essential part of most businesses. With the advent and wide acceptance of the Internet they have become even more essential.
Many network systems, such as telephone network products, data network products, etc. include externally developed software applications that call various functions within the network. It is desirable, however, to limit the functions and/or information that can be called by the application or the visitor to those that are necessary and/or approved.
It is thus important for a business to take precautions against downloading a code which may be potentially damaging to its network (e.g. a code which accesses the internal resources of a switch or router, such as the routing tables or filtering information, etc) and to take precautions against unauthorized access by outsiders.
It is unlikely that computers which access the Internet will ever be completely safe from attack from hackers and viruses. However, systems are available which provide a level of protection and security against such problems.
The Java environment includes security devices such as a security manager, a byte code verifier and a class loader. A security manager is a local device which determines whether potentially threatening or unauthorized operations should be allowed. A byte code verifier verifies the byte code transmitted with the download, and the class loader loads the Java Byte code to the JVM.
However, the security devices of a respective environment may not be backward compatible with earlier versions. In the Java environment, as an example, the security devices in version 1.2 are not backward compatible with those in versions 1.1 and 1.0.2, and the security devices in version 1.1 are not backwards compatible with those in version 1.0.2. Thus, an application program written in a respective version of Java is not compatible with other versions.
Furthermore, in some programming environments, such as in the Java environment, the security devices provide multi-level security but are not transparent, namely the user code must explicitly interact with the system, and the security devices are not dynamic, namely that off-line changes to the system may be necessary. Alternatively, the security devices are code transparent but do not provide multi-level security.
Accordingly, there exists a need for a security system which is system wide which prevents harmful programs from being downloaded onto a network.
There exists a need for a security system which is system wide and which prevents unauthorized access to the internal resources of a switch or router.
There also exists a need for such a system which enables a system view or configuration.
There also exists the need for such a system which is distributed.
There exists a need for such a system which allows other security entities to participate in the security system.
Accordingly, it is an object of the present invention to provide a security system which prevents harmful programs from being downloaded onto a network.
It is an object of the invention to provide a security system which prevents unauthorized access to the internal resources of a switch or router.
It is another object of the invention to provide such a system which is system wide and which enables a system view or configuration.
It is still another object of the invention to provide such a system which is distributed.
It is another object of the invention to provide a such a system which allows other security entities to participate in the security.
These and other objects of the invention will become apparent to those skilled in the art from the following description thereof.