Security policy for protection of files on a storage device

• Main Authors: Austel, Vernon Ralph, Karger, Paul Ashley, Toll, David Claude
• Format: Patent
• Language: English
• Published: 06.08.2002

The subject invention relates to a security policy for controlling access to data, and specifically to the control of access to files on a storage device such as smart cards. Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function. The respective access classes of the target file, target program, and accessing program are compared. If the comparison results meet the security requirements, the function is performed.