Importance

Loading Importance Indicators...

Abstract

A method for administering secure access to files of a computer system. For a process-file pair, a first security label associated with the process is compared with a second security label associated with the file in response to a request to read or write the file. If the security label of the destination (file or process) of the read or write operation does not dominate the security label of the source (file or process), the security label of the destination is dynamically raised accordingly. If the security label of the file or process is raised, an indicator associated with this process and with this file is set to a first state representing that the file is safe for this process-file pair. Indicators associated with every other process linked with this file are set to a second state representing that the file is unsafe for those process-file pairs. The steps of testing the security labels of a file and a process on a read or write operation are omitted when the indicator associated with the process-pair is set to the safe state. The security labels of certain files are assigned a frozen status. These security labels of such files cannot be altered in response to attempted read or write operations. Therefore, an attempt to wire a file having frozen status is denied when the security label of the writing process dominates that of the file. This mechanism is used to guarantee that files cannot be written to media external to the system, such as terminals, disk drives, tape drives and the like, unless the security label of the external media clears the media for access to the file.

Loading the Abstract Image...

First Claim