WO1998032073A1 - Protecting resources in a distributed computer system - Google Patents
Protecting resources in a distributed computer system Download PDFInfo
- Publication number
- WO1998032073A1 WO1998032073A1 PCT/IB1997/000025 IB9700025W WO9832073A1 WO 1998032073 A1 WO1998032073 A1 WO 1998032073A1 IB 9700025 W IB9700025 W IB 9700025W WO 9832073 A1 WO9832073 A1 WO 9832073A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- entity
- name
- access
- guard
- resource
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
- G06F9/548—Object oriented; Remote method invocation [RMI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3015—Name registration, generation or assignment
- H04L61/3025—Domain name generation or assignment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/35—Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Definitions
- this invention is related to methods for the protection of resources residing in or owned by these entities. Since, in such an open system, any entity can in principle access any resource of any other entity, protection of resources is of ultimate importance to warrant integrity and function of an entity.
- a current example for such a system is the Internet with its distributed processing stations, servers and end-user computers, which provide and own the resources, e.g. data or program files.
- the present invention concerns the intelligent protection of such resources, in particular against unauthorized access.
- Resource sharing is a well-known concept in many areas: by sharing a scarce, expensive, or seldom used resource, the burden of maintaining this resource is distributed among a group of users.
- Hand in hand with the desire to share a resource goes the desire to protect the resource from unauthorized use: Resource sharing usually implies resource protection.
- resource sharing and resource protection are key issues of distributed, networked computers. The more computers become ubiquitous and connected, the more the need arises to have means of protecting resources in these connected systems. This requirement is especially true for open networks like the Internet. In such an open, distributed, networked system, it is unavoidable to protect specific resources from unauthorized access, such as sensitive data like password files and private materials, or hardware resources like file system space and communication capacity, or services like cryptographic services.
- Protecting here means both the basic access to the resource itself and the use of it by an accessing entity; that is, both coarse-grained resource protection (e.g. an entity is allowed to use file system services) and fine-grained resource protection (e.g. an entity is allowed to use file system services, but cannot access password files).
- coarse-grained resource protection e.g. an entity is allowed to use file system services
- fine-grained resource protection e.g. an entity is allowed to use file system services, but cannot access password files
- Kerberos for example, as described by J.G. Steiner, B.C. Neuman, and J.I. Schiller in "Kerberos: An authentication service for open network systems" in Usenix Conference Proceedings, Usenix, February 1988, requires encrypted tickets to be sent along with each service request. After having authenticated her- self/himself with a special and trusted ticket granting service, the user can request Kerberos tickets for any other service he/she is entitled to use and wants to invoke. Though rather safe, this is a burdensome, time-consuming, and traffic-increasing way to achieve the desired goal of resource protection.
- the Kerberos approach to resource protection suffers from the drawbacks both that it is not transparent (in the sense that it visible) to the service-providing entities and that it is a discretionary mechanism in the sense that the called entity itself has to check explicitly for a valid ticket from the calling entity.
- the code implementing the entity must contain calls to respective libraries; an entity that "forgets" to check for a valid ticket will provide access to its resource to any caller.
- an attacker compromises the central ticket granting service he/she also has access to all entities that participate in the associated distributed system.
- Clifton's approach to resource protection does not suffer from the central vulnerability as Kerberos does, this immunity also represents one of its disadvantages.
- Clifton's approach is not applicable to distributed systems as it is tied to the memory address translation mechanism - and thus to a single address space - through the use of its descriptors.
- a distributed system however, practically by definition comprises several address spaces connected by some kind of communication medium.
- Clifton's solution is also not transparent, the user must use the special descriptors and thus has to code his/her programs accordingly.
- Kerberos and the Clifton approaches cannot deal with resources that appear dynamically during the runtime of the system (and after the resource protection mechanism has been set up).
- entities can immigrate into a distributed system from the outside (e.g. a Java applet coming in from the Internet) exist dynamically created resources and it is necessary to offer protection for these resources, too.
- a further object of the invention is to establish a resource protection mechanism that is applicable to dynamic distributed systems.
- a further object is to create a resource protection mechanism that is transparent to a program and/or entity that wants to access the resources to be protected.
- a still further object of the invention is to devise a method for resource protection that is dynamically expandable, preferably during runtime, to protect newly created resources.
- Resources to be protected against unauthorized access in a distributed system are usually owned or provided by entities, e.g. servers or other processing stations. Although, in principle, in an open, distributed system, .each entity is allowed to access any resource of any other entity, as discussed above, security requires to protect certain resources and to allow access to them only for certain entities and/or under certain conditions.
- Resources may be disk space, files, network connections, but also methods offered by objects and objects themselves. Access to such resources in a distributed system occurs through services or methods, provided by entities or objects.
- the inventive concept starts from the idea to reduce the access to a resource to the access to a service.
- To invoke or use a service the names of both the entity owning or providing the service and of the service itself must be known.
- To actually access a service a mapping of its name to its location is obtained, i.e. the name is resolved.
- the total of the names that an entity "knows" form the name space of that entity; similarly, the total of the entity locations of a system constitute the entity location space of that system.
- the underlying basic concept of the invention thus consists in controlling an entity's access to a service by controlling the name resolution process, e.g. by limiting the visibility of services for this entity.
- a further feature of the invention consists in providing a variable-grained control of the name space and of the name resolution process, e.g. by executing this control by an "intelligent" interception manager.
- An independent main feature of the invention consists in providing attachable and detachable "guards" which are associated with a name and called before or after this name is used and provide for fine-grained resource protection.
- a dynamically configurable protection domain is created, meaning a controlled and confined environment, i.e. a dynamically configurable "sandbox", in which entities can operate freely. Effects of any malicious behavior are restricted to the sandbox and thus cannot propagate to the rest of the system.
- Fig. 1 shows an entity with its interfaces and resources (terms defined below);
- Figs. 2a, 2b depict ways of mapping a name and its object object reference;
- Figs. 3a - 3c exhibit steps and variations of the method according to the invention
- Fig. 4 is a block diagram of an implementation of the invention.
- Java is a programming language and environment developed by Sun Microsystems, Inc. 2550 Garcia Ave., Mountain View, CA 94043-1 100, USA; the term "Java” is a trademark of this company.
- Java bytecode which is typically is loaded from a remote source; it is usually not considered trustworthy.
- An application is Java bytecode which is typically loaded from local; it is usually considered trustworthy.
- the Internet is a worldwide, open computer network consisting of many different subnetworks.
- the World Wide Web (WWW) is an open subnetwork of the Internet.
- An intranet is a closed internal network, usually a subnetwork of the Internet, often used within companies.
- a browser is a computer software or environment supporting the looking around (surfing) in the World Wide Web and for downloading and executing applets.
- Java bytecode is code produced by a compiler for the JVM, see below.
- Java Virtual Machine is a fictional, but well-specified processor which executes the Java bytecode. It is fictional because the machine is implemented in software. • A library is a collection of defined functions or classes for use in a program.
- a sandbox is a playground to which Java applets are confined. It is an execution environment delineated by borders with defined entry and exit points (gates), see below.
- Stand-alone applications on the other hand are typically developed locally, i.e. in a secure environment, or travel over trusted networks such as an intranet. Therefore, applications are usually considered trustworthy. However, this coarse black and white distinction between applets and applications is not sufficient. Since the sandbox approach is applied to applets only and not to applications, the implemented security is limited to applets. In addition, numerous bugs have been discovered in the implementation of presently known sandboxes which renders its available implementations insufficient and incomplete.
- the sandbox is implemented in the browser. It is hard-coded with no enduser interaction possibility and is not programmable. It is therefore a static model with fixed borders and fixed gates. Only the decision of a gate varies, not the gate itself, i.e. its location, its policy, or its existence. This model does not consider the origin of downloaded code; it only coarsely distinguishes between local and remote programs, i.e. applications and applets.
- the known implementation of the Java security model fails to separate the enforcement of an appropriate security policy and the mechanisms that implement the policy.
- the known security model is static, and its implementation of the sandbox paradigm is insufficient as most user-controlled decisions are hard-coded in the Java Virtual Machine.
- the lack of configurable security features limits the accep- tance and applicability of this known security model.
- the new security mechanism for object-oriented systems according to the invention can be directly applied to the Java environment. Whereas some of the terms essential for this chapter have well-accepted definitions, others are used in a specific way in this description. For consistency, a short definition of those terms follows.
- Objects encapsulate data and provide methods; the data can be accessed only through these methods. Objects are created dynamically, that is, they are instantiated. • Classes are definitions for objects and are static.
- Entities are considered as objects or referenced classes, regardless of whether they are active or passive; entities own or provide resources.
- An interface consists of a set of methods of an entity through which the entity data and services can be accessed and transformed.
- a name is a symbolic reference to a method of an entity; a name is NOT understood, i.e. interpretable, by the execution component of the runtime system.
- An object reference is a pointer to a location of a method of an entity; an object reference is understood, i.e. interpretable, by the execution environment of the runtime system.
- a service is considered a method of an entity, either referenced through an object reference or through a symbolic reference.
- the novel security mechanism is aimed at protecting resources against unauthorized access in an object-oriented system. It can be used for auditing and monitoring resource usage as well as for access control. The design of it is based on the basic assumption that no program can do any harm if resource access is strictly controlled.
- Name resolution To obtain an object reference for a given name (a symbolic reference), a name resolution is necessary. This name resolution maps the name to an object reference. In the novel mechanism, this mapping may be intercepted by an interception manager which controls the name resolution.
- Guard object They can be attached arbitrarily to object references. These guards are invoked before and/or after the object reference is used. In addition, they may access context information.
- Resources are encapsulated by entities and can be accessed only through provided interfaces. Thus, in order to protect resources in an object-oriented system against unauthorized access, one can reduce the issue of controlled access to such resources to the problem of controlling access to the interfaces of the associated entity.
- An entity may provide different resources, and therefore, provide different interfaces, as shown in Figure 1.
- the name (and the location) of this resource must be known; this name is then transformed into an object reference, which points to a location, where the corresponding method resides.
- Binding is the process of linking necessary components of an executable code together.
- the components are produced by the compiler and are called object files.
- Object files contain symbolic references to other object files.
- a linker substitutes symbolic references with a corresponding object reference.
- the executable code possesses the necessary object reference, that is understandable, i.e. interpretable, by the execution environment, and thus the executable code is able to invoke the referenced methods.
- substitution is done at runtime; otherwise, i.e. if the substitution is done before the code is executed, it is static binding.
- link process is called eager binding. In case it is done only once an object reference for a symbolic name is needed at runtime, it is called lazy binding.
- a C++ compiler merges the human readable, symbolically referenced methods of other entities (i.e. names) with their type information into further symbolic references. Any of these references is still symbolic (i.e. a name), but not in human readable format anymore.
- the binder then includes the appropriate code, according to the symbolic references, and substitutes the symbolic references with an appropriate object reference.
- This object reference then points to the beginning of the location where the method resides.
- the Java environment uses a lazy binding approach. Each symbolic reference is substituted once the execution environment uses it.
- proxy objects which act as their local representatives.
- proxy objects locate, create, destroy and invoke the remote object.
- the object reference points to the location of the corresponding proxy object.
- a particular feature of the novel mechanism intercepts the binding process, whether it is an eager binding or a lazy binding scheme, and interposes an interception manager.
- the resolution of the symbolic reference i.e. the name
- the process of finding the corresponding object reference to a given symbolic reference (name) is the name resolution. This is executed by a name resolution process as shown in Figs. 2a and 2b.
- the calling entity has to know the symbolic reference or name which must be properly resolved to an object reference.
- the presumed name space of an entity consists of a set of symbolic references. These symbolic names are not yet resolved, but are candidates for the resolving process. Entities presume that these references exist, but these presumptions have not yet been verified through the resolving process. These methods can not yet be invoked; they are not understandable by the runtime execution component.
- the concrete name space of an entity consists of a set of object references. These object references are resolved names, which are definitely known by the entity because they have been verified by the resolving process. Object references are understandable by the runtime execution environment.
- the set of methods referenced in the concrete name space is usually a subset of the methods referenced in the presumed name space.
- the references are different (object reference vs. symbolic reference), but the referenced method is the same.
- the so-called interception manager shown in Fig. 2b is an optional feature of the invention.
- the main responsibility of the interception manager if provided, is to control and modify the name resolution process according to a particular security policy. For example, it can tighten the concrete name space by preventing the resolution of some symbolic name.
- To intercept the name resolution process and interpose the interception manager leads to an access control mechanism.
- This regulation of the concrete name space for security purposes is based on the assumption that no resource can be used without having the object reference of its representing entity. A symbolically referenced method is resolved, if and only if the interception manager allows this resolution.
- the interception manager is part of the name resolution process.
- the result of the name resolution process an object reference, is intercepted; the interception manager either returns the unmodified object reference or an object reference attached with guard objects or an exception that the referenced entity does not exist.
- the granularity of access control performed by the interception manager depends on the granularity of the resolution process. More precisely, the interception manager may act on a coarser level but not on a finer level. Nevertheless, variable-grained access control is still existing.
- the interception manager has access to context sensitive information, such as the source entity name, the destination entity name, and their data. To control access alone may not be sufficient in some cases and it may be necessary to monitor or to audit resource usage. This demands a further component of the security mechanism to be invoked before and/or after the protected resource is used. Such an object is called a guard which can be inserted by the interception manager. Guard Objects
- Guard objects are associated with a particular object reference and will be called before and/or after that object reference is used, depending on how the interception manager installed the guard objects.
- a guard object is said to be installed before the destination entity, if the guard object is invoked before the associated object reference is used, and thus has access to the supplied arguments for the destination entity.
- a guard object is said to be installed after the destination entity, if the guard object is invoked after the associated object reference is used, that is, the called method returns, and thus has access to its return value.
- Figure 2b shows the modified object reference with attached guard objects as one of the return results of the intercepted name resolution process.
- guard objects Similar to the context information used by the interception manager, guard objects also have access to context sensitive information. This includes the source entity name, the destination entity name, and invocation parameter(s). If guard objects are installed before the destination entity, they may perform the following actions:
- guard objects are installed after the destination entity, they may perform the following actions:
- Guard objects cannot be influenced by the source or destination, i.e. calling and called, entity, because they have been attached from outside by the interception manager. Guard objects are invisible, transparent, as far as the invoking and the invoked, i.e. calling and called, entities are concerned. Contrary to the interception manager, guard objects are unable to tighten the concrete name space directly, they may influence it indirectly, though: They are able to unresolve the object reference to which they are attached to the original symbolic reference. As a consequence of this unresolving, the next usage of this method shall again encounter a symbolic reference, and shall lead to a call to name resolution and, therefore, to the interception manager. The interception manager then has again the possibility of modifying the concrete name space of the calling entity according to its security policy. Object reference unresolving might be useful if the security policy changes after the symbolic reference has been resolved.
- each guard object has the possibility to decide how long it wants to be attached to its object reference.
- a guard object may decide to detach itself, and therefore will not be called any longer for the invocation of the object reference.
- a so-called capability is the right to invoke a particular object in a particular mode (explained further down in the description).
- the right may include three components:
- a pointer to the object The required pointer is accomplished by the resolved reference - the object reference. It is assumed, that a proper runtime system makes the invocation possible, if an executable code has the pointer. That means that every entity that possesses a capability is able to invoke the corresponding method.
- the type information of the object The required type information is accomplished through attached guard object(s). The type of the capability depends on the associated guard object(s).
- guard object The required access right is accomplished by attached guard object(s). They may check the rights, the calling entity must provide to use a particular method. In addition, if the calling entity has the appropriate rights, the guard object may enhance existing rights, or may assign new rights, to use this service. Guard objects together with the object reference are similar to a capability, but are not the same. A resolved name with an installed guard object may be considered as an enhanced dynamic capability. The dynamic component of a capability is the associated guard object.
- the presented approach for protecting resources in an object-oriented system thus includes one or more of the following features:
- the object-oriented paradigm lends itself well to control access to resources through objects and their interfaces. Access control is achieved through control of the name space for the calling entity, thus controlling the visibility of resolved names. If the calling entity is unable to see a service, it cannot invoke it; without invocation possibility of a method, the associated resource cannot be used. Since the resolution manager (and the optional guard objects) may use context information, they may act very flexible and context dependent. Guard objects can be attached from outside, without the knowledge of either entity; they are invisible, transparent as far as the calling and the called entity are concerned. Thus, the mechanism protects with little costs in terms of performance overhead and in a dynamic fashion.
- the implemented functionality of the invented security mechanism comprises an implementation of an interception manager and some rudimentary guard objects.
- entity is refined from the previous chapter to apply to particular classes.
- a class is an entity in the sense that it owns and represents resources. Since system resources are represented through their corresponding system classes in the Java library, the classes are well-known with an unambiguous, fully qualified name. Thus, this implementation provides protection of system classes that reside in the Java library.
- An object reference received from the name resolution process is a pointer to the corresponding piece of code, which actually points to the beginning of a method description. Thus, the object reference includes the knowledge of the location, and the method can be invoked immediately.
- the concrete name space of the calling object is controlled; it is either tightened or enlarged.
- Java's lazy object binding method is exploited.
- Java's binary file layout references others classes and interfaces and their fields, methods, and constructors symbolically, using fully qualified names.
- these symbolic references include the name of the class or interface type that declares the field or method, as well as the name of the field or method itself, together with appropriate type information.
- object reference Before an object can be used, its name must be resolved to an object reference: The identifier is checked to be correct and, typically, replaced with a direct object reference that can be more efficiently processed if the refer- ence is used repeatedly. If an error occurs, an exception will be thrown, see J. Goslin, B. Joy, and G. Tele in "The Java Language Specification” and T. Lindholm and F. Yellin in "The Java Virtual machine Specification", both by Addison-Wesley Publishing Co., 1996.
- the interception manager decides whether resolution of the symbolic reference should be permitted (see
- Code fragment C1 depicts the new code that was inserted in the name resolution function. This C code fragment performs the following steps:
- the interception manager may attach several guard objects, the method invocation scheme required modification, in addition to the name resolution process.
- the Java interpreter is responsible for executing methods that have been resolved already. A detailed discussion about the method invocation related procedures was described by T. Lindholm and F. Yellin in "The Java Virtual Machine Specification",
- Figure 4 outlines the control flow of a method invocation.
- the ten new components added by the invention are 19 - 25 and 27 - 29, the other components are original Java components.
- the new components according to the invention include checks concerning name resolving and execution of guard objects.
- An opcode is a short term, usually a number, representing a particular set of operations. It represents a particular functionality.
- the opcode 182 ( 0xb6 ) , associated with the mnemonic opc_invokevirtual, represents the basic steps to invoke a virtual method.
- a detailed description of the various Java opcodes and the functionality they provide can be found in T. Lindholm et al, supra.
- To install and maintain guard objects the implementation of opcodes dealing with method invocation is changed. The functionality is extended with a check for guard objects and with code to execute them subsequently. After the last guard object is executed, the original method is executed.
- C2 is a C code fragment that has been inserted in every opcode dealing with method invocation. This code fragment performs the following steps:
- This code fragment is inserted before execution of the original method.
- the binary representation of a method is split into static components and dynamic components.
- the static components include its class description and static fields, the dynamic components include its dynamic fields.
- the distinction between the text and data segments in the representation of the binary executable in the UNIX operating system is a similar concept; both segments are mapped into different areas of the address space - the text segment is mapped in read-only mode and the data segment is mapped in read/write mode.
- the static components of a method are shared by all objects instantiated from the same class description, but each object has its own dynamic components.
- Guard objects are attached to a static component of a method, the f ieldblock structure.
- a guard object is also shared by all instances of the same class description.
- guard objects are attached to the static component, the implementation is prepared to attach guard objects to distinct objects and their methods rather than to classes and their methods.
- the guard dispatch table manages attached guard objects. It holds the references of each guard object and indicates how many guard objects are installed.
- the header consists of the following administrative elements. (For historical reasons, guard objects are called "filter objects" in the code): • a variable indicating how many guard objects are used
- the following code fragment 03 shows the structure of the guard dispatch table header.
- code fragment C4 The type of element of the array, which is denoted by filters, is shown in code fragment C4; it comprises the following components:
- Each entry in a filter dispatch table is of the type f ilterdesc .
- guard objects are implemented in Java, they are in turn potential candidates for name space modifications and for attaching guard objects. To avoid a recursion problem, the executing thread is marked accordingly.
- a thread is an execution path in an address space. This address space can be shared by many concurrently executing threads.
- a detailed discussion about the thread concept was given by A.D. Birell in "An Introduction to Programming with Threads", System Research Center (SRC) Report, Digital Equipment Corp., 6 January 1989.
- Guard objects and the interception manager according to the invention are implemented in Java. Since they also access resources, a criteria is needed to distinguish between components that belong to the mechanism according to the invention and components that do not. Otherwise, every time the interception manager accesses a resource, and therefore invokes a method, it is checked by the interception manager itself. This recursion is broken by appropriately marking a thread. If the thread enters a guard object or the interception manager, it is marked as a thread being in a supervisor state. The next time it tries to enter a guard object or the interception manager, it is checked whether the thread is marked as being in a supervisor state. Depending on the presence of this mark, the runtime system decides whether to subject the thread to the novel mechanism. If the thread leaves the guard objects or the interception manager, the marker is erased.
- This temporarily assigned status is somewhat similar to the traditional UNIX system call concept where the process executing a system call has more rights for accessing resources than a process not executing a system call. While in the kernel mode, a supervisor status is assigned temporarily to the executing process. With these privileges, the process has access to protected resources maintained by the operating system. When leaving the system call, the privilege status is erased.
- a detailed description of the system call concept was given by S.J. Leffler et al in "4.4 BSD UNIX Operating System", Addison Wesley Publishing Co., 1996.
- Guard objects and the interception manager also can access context data and may modify them, including arguments supplied to the original method. If the original method invocation is intercepted and the interception manager is asked, or the guard objects are called, the executing thread is temporarily assigned a pointer to the stack frame of the original method. Hence, they have access to the method arguments sitting on the stack.
- a pointer to the appropriate guard dispatch table is assigned to the executing thread.
- the thread has complete access to all guard objects.
- the thread structure is enlarged with the following components, which are all assigned to when the thread crosses the boundary between normal code and security code:
- Interceptionlnf o is an abstract class in Java. It is used to provide the basic security functionality according to the invention. A discussion of the class modifiers in Java was given by J. Goslin et al, supra. The components of this base class can roughly be divided into the following categories:
- API Application Programming Interface
- Interceptionlnf o base class is given in the code fragment C5.
- the interception manager class and all guard objects must subclass this interceptionlnf o base class as shown.
- This class provides the interface for the implemented native C code.
- the interception manager is implemented in Java and is declared final and static.
- the interception manager subclasses the Interceptionlnf o base class. It is responsible for controlling and modifying the name space of the calling entity.
- the interception manager implements the security policy for the Java environment, regardless of whether the calling entity is part of an application or part of an applet, i.e. there is no distinction between application and applet.
- the interception manager defines the boundaries of a security sandbox and establishes gates for communication with the outside of the sandbox.
- garbage collection Since Java has its own memory management, the garbage collection is responsible for removing obsolete objects and freeing up the memory. An object is to be considered obsolete if no reference exists on the Java level anymore. Thus, the interception manager has to keep track of every guard object it created and installed subsequently, otherwise the garbage collection will remove this object while compactifying the memory. A detailed discussion about of garbage collection was given by T. Lindholm et al, supra. The interception manager creates guard objects and decides which one to attach to which method. It also specifies the order in which they will be called before and/or after the original method.
- the Intercept ionFilter class provides the basic functionality required by the guard objects. It subclasses the Interceptionlnf o class in order to access the same native C code methods as the interception manager. This class extends the subclassed one with a method to detach itself from the original method (the object refer- ence where it is attached to). In the actual implementation, guard objects are executed before the original method is called. Code fragment C6 shows a rudimentary guard object base class.
- the def aultCallFilter ( ) method is the method which is called by default before the object reference is invoked.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP97900074A EP0953172B1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
KR10-1999-7006161A KR100373526B1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
DE69706440T DE69706440T2 (en) | 1997-01-17 | 1997-01-17 | PROTECTIVE AGENTS IN A DISTRIBUTED COMPUTER SYSTEM |
US09/341,739 US6658573B1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
JP53332398A JP3381927B2 (en) | 1997-01-17 | 1997-01-17 | Method of protecting resources in a distributed computer system |
PCT/IB1997/000025 WO1998032073A1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB1997/000025 WO1998032073A1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1998032073A1 true WO1998032073A1 (en) | 1998-07-23 |
Family
ID=11004521
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB1997/000025 WO1998032073A1 (en) | 1997-01-17 | 1997-01-17 | Protecting resources in a distributed computer system |
Country Status (6)
Country | Link |
---|---|
US (1) | US6658573B1 (en) |
EP (1) | EP0953172B1 (en) |
JP (1) | JP3381927B2 (en) |
KR (1) | KR100373526B1 (en) |
DE (1) | DE69706440T2 (en) |
WO (1) | WO1998032073A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001018650A2 (en) * | 1999-09-03 | 2001-03-15 | General Instrument Corporation | Resource access control system |
JP2002092221A (en) * | 2000-08-18 | 2002-03-29 | Hewlett Packard Co <Hp> | Performance of service on computing platform |
EP1559003A2 (en) * | 2002-11-04 | 2005-08-03 | Oberthur Card Systems Sa | Microcircuit card comprising means for publishing its computer objects |
US7607175B2 (en) * | 1999-01-22 | 2009-10-20 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier on a small footprint device using an entry point object |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6760746B1 (en) | 1999-09-01 | 2004-07-06 | Eric Schneider | Method, product, and apparatus for processing a data request |
USRE43690E1 (en) | 1999-03-22 | 2012-09-25 | Esdr Network Solutions Llc | Search engine request method, product, and apparatus |
US9141717B2 (en) | 1999-03-22 | 2015-09-22 | Esdr Network Solutions Llc | Methods, systems, products, and devices for processing DNS friendly identifiers |
US6338082B1 (en) | 1999-03-22 | 2002-01-08 | Eric Schneider | Method, product, and apparatus for requesting a network resource |
US7188138B1 (en) * | 1999-03-22 | 2007-03-06 | Eric Schneider | Method, product, and apparatus for resource identifier registration and aftermarket services |
USRE44207E1 (en) | 1999-09-01 | 2013-05-07 | Esdr Network Solutions Llc | Network resource access method, product, and apparatus |
EP1113361A1 (en) * | 2000-01-03 | 2001-07-04 | Wimba.Com S.A. | Process of communication between an applet and a local agent using a socket communication channel |
US7096466B2 (en) * | 2001-03-26 | 2006-08-22 | Sun Microsystems, Inc. | Loading attribute for partial loading of class files into virtual machines |
US7237257B1 (en) * | 2001-04-11 | 2007-06-26 | Aol Llc | Leveraging a persistent connection to access a secured service |
US6964033B2 (en) * | 2001-06-20 | 2005-11-08 | Sun Microsystems, Inc. | Object band customization of Java runtime environments |
US7117489B2 (en) * | 2001-06-20 | 2006-10-03 | Sun Microsystems, Inc. | Optional attribute generator for customized Java programming environments |
US7155728B1 (en) * | 2001-06-28 | 2006-12-26 | Microsoft Corporation | Remoting features |
US20030018909A1 (en) * | 2001-07-17 | 2003-01-23 | International Business Machines Corporation | Method and apparatus for enforcing security policies in Java applications |
GB0212314D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Secure mobile wireless device |
AU2003245574A1 (en) * | 2002-06-21 | 2004-01-06 | Probix, Inc. | Method and system for protecting digital objects distributed over a network using an electronic mail interface |
US7453448B2 (en) * | 2002-09-10 | 2008-11-18 | Research In Motion Limited | User interface and method of adapting a sensor signal to actuate multiple dimensions |
CA2402717C (en) * | 2002-09-10 | 2013-04-09 | Research In Motion Limited | User interface and method of adapting a sensor signal to actuate multiple dimensions |
US20050005105A1 (en) * | 2003-06-24 | 2005-01-06 | Brown Larry Cecil | Remote access control feature for limiting access to configuration file components |
FR2864658B1 (en) * | 2003-12-30 | 2006-02-24 | Trusted Logic | DATA ACCESS CONTROL THROUGH DYNAMIC VERIFICATION OF LICENSED REFERENCES |
US7640573B2 (en) | 2004-02-16 | 2009-12-29 | Microsoft Corporation | Generic security claim processing model |
US7716728B2 (en) * | 2004-02-16 | 2010-05-11 | Microsoft Corproation | Security scopes and profiles |
US7873831B2 (en) * | 2004-02-26 | 2011-01-18 | Microsoft Corporation | Digests to identify elements in a signature process |
US7950000B2 (en) * | 2004-03-17 | 2011-05-24 | Microsoft Corporation | Architecture that restricts permissions granted to a build process |
US8607299B2 (en) * | 2004-04-27 | 2013-12-10 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
US20070233883A1 (en) * | 2004-05-04 | 2007-10-04 | Paolo De Lutiis | Method and System for Access Control in Distributed Object-Oriented Systems |
US7484247B2 (en) | 2004-08-07 | 2009-01-27 | Allen F Rozman | System and method for protecting a computer system from malicious software |
US7793350B2 (en) * | 2004-10-28 | 2010-09-07 | International Business Machines Corporation | Apparatus, system, and method for simulated access to restricted computing resources |
GB2422453A (en) * | 2005-01-22 | 2006-07-26 | Hewlett Packard Development Co | Dynamically allocating resources according to a privacy policy |
US7574700B2 (en) * | 2005-03-31 | 2009-08-11 | Sun Microsystems, Inc. | Supporting dynamically-typed languages in typed assembly languages |
US8984636B2 (en) | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US8272058B2 (en) | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
US8209685B1 (en) | 2007-11-26 | 2012-06-26 | Adobe Systems Incorporated | Virtual machine device access |
US8505029B1 (en) * | 2007-11-26 | 2013-08-06 | Adobe Systems Incorporated | Virtual machine communication |
US8046778B1 (en) | 2007-11-26 | 2011-10-25 | Adobe Systems Incorporated | Managing device application program interfaces |
US9166797B2 (en) * | 2008-10-24 | 2015-10-20 | Microsoft Technology Licensing, Llc | Secured compartment for transactions |
CN102073597B (en) * | 2009-11-19 | 2016-04-13 | 北京明朝万达科技股份有限公司 | A kind of operating system dish full disk encryption method based on authenticating user identification |
JP5739182B2 (en) | 2011-02-04 | 2015-06-24 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Control system, method and program |
JP5731223B2 (en) | 2011-02-14 | 2015-06-10 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Abnormality detection device, monitoring control system, abnormality detection method, program, and recording medium |
JP5689333B2 (en) | 2011-02-15 | 2015-03-25 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Abnormality detection system, abnormality detection device, abnormality detection method, program, and recording medium |
US8918841B2 (en) * | 2011-08-31 | 2014-12-23 | At&T Intellectual Property I, L.P. | Hardware interface access control for mobile applications |
US8898459B2 (en) | 2011-08-31 | 2014-11-25 | At&T Intellectual Property I, L.P. | Policy configuration for mobile device applications |
US10146515B1 (en) * | 2015-03-10 | 2018-12-04 | Twitter, Inc. | Live code updates |
US10956136B2 (en) * | 2018-10-16 | 2021-03-23 | Ebay, Inc. | User interface resource file optimization |
KR102239902B1 (en) * | 2019-06-03 | 2021-04-13 | 김덕우 | Apparatus and method for file system protection on auxiliary storage device |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3173004B2 (en) * | 1990-09-06 | 2001-06-04 | 日本電気株式会社 | Access right control method |
US5577252A (en) | 1993-07-28 | 1996-11-19 | Sun Microsystems, Inc. | Methods and apparatus for implementing secure name servers in an object-oriented system |
US5717911A (en) * | 1995-01-23 | 1998-02-10 | Tandem Computers, Inc. | Relational database system and method with high availability compliation of SQL programs |
US5857102A (en) * | 1995-03-14 | 1999-01-05 | Sun Microsystems, Inc. | System and method for determining and manipulating configuration information of servers in a distributed object environment |
GB2301912A (en) * | 1995-06-09 | 1996-12-18 | Ibm | Security for computer system resources |
US5745683A (en) * | 1995-07-05 | 1998-04-28 | Sun Microsystems, Inc. | System and method for allowing disparate naming service providers to dynamically join a naming federation |
JP3738787B2 (en) * | 1995-10-19 | 2006-01-25 | 富士ゼロックス株式会社 | Resource management apparatus and resource management method |
US5944793A (en) * | 1996-11-21 | 1999-08-31 | International Business Machines Corporation | Computerized resource name resolution mechanism |
US6145083A (en) * | 1998-04-23 | 2000-11-07 | Siemens Information And Communication Networks, Inc. | Methods and system for providing data and telephony security |
US6205466B1 (en) * | 1998-07-17 | 2001-03-20 | Hewlett-Packard Company | Infrastructure for an open digital services marketplace |
-
1997
- 1997-01-17 US US09/341,739 patent/US6658573B1/en not_active Expired - Lifetime
- 1997-01-17 JP JP53332398A patent/JP3381927B2/en not_active Expired - Fee Related
- 1997-01-17 EP EP97900074A patent/EP0953172B1/en not_active Expired - Lifetime
- 1997-01-17 WO PCT/IB1997/000025 patent/WO1998032073A1/en active IP Right Grant
- 1997-01-17 DE DE69706440T patent/DE69706440T2/en not_active Expired - Lifetime
- 1997-01-17 KR KR10-1999-7006161A patent/KR100373526B1/en not_active IP Right Cessation
Non-Patent Citations (6)
Title |
---|
DEAN D ET AL: "JAVA SECURITY: FROM HOTJAVA TO NETSCAPE AND BEYOND", PROCEEDINGS OF THE 1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, OAKLAND, CA., MAY 6 - 8, 1996, no. SYMP. 17, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 190 - 200, XP000634844 * |
DECOUCHANT D ET AL: "A SYNCHRONIZATION MECHANISM FOR AN OBJECT ORIENTED DISTRIBUTED SYSTEM", INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS, ARLINGTON, TEXAS, MAY 20 - 24, 1991, no. CONF. 11, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 152 - 159, XP000221853 * |
FERENCZI S: "GUARDED METHODS VS. INHERITANCE ANOMALY INHERITANCE ANOMALY SOLVED BY NESTED METHOD CALLS", ACM SIGPLAN NOTICES, vol. 30, no. 2, pages 49 - 58, XP000526083 * |
GEIHS K ET AL: "PROTECTED OBJECT REFERENCES IN HETEROGENEOUS DISTRIBUTED SYSTEMS", IEEE TRANSACTIONS ON COMPUTERS, vol. 42, no. 7, pages 809 - 816, XP000397930 * |
HAMILTON M A: "JAVA AND THE SHIFT TO NET-CENTRIC COMPUTING", COMPUTER, vol. 29, no. 8, pages 31 - 39, XP000632765 * |
PARDYAK P ET AL: "DYNAMIC BINDING FOR AN EXTENSIBLE SYSTEM", OPERATING SYSTEMS REVIEW (SIGOPS), vol. 30, no. SPECIAL ISSUE, pages 201 - 212, XP000643513 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7607175B2 (en) * | 1999-01-22 | 2009-10-20 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier on a small footprint device using an entry point object |
WO2001018650A2 (en) * | 1999-09-03 | 2001-03-15 | General Instrument Corporation | Resource access control system |
WO2001018650A3 (en) * | 1999-09-03 | 2001-09-20 | Gen Instrument Corp | Resource access control system |
JP2002092221A (en) * | 2000-08-18 | 2002-03-29 | Hewlett Packard Co <Hp> | Performance of service on computing platform |
EP1559003A2 (en) * | 2002-11-04 | 2005-08-03 | Oberthur Card Systems Sa | Microcircuit card comprising means for publishing its computer objects |
EP1559003B1 (en) * | 2002-11-04 | 2019-03-27 | IDEMIA France | Microcircuit card comprising means for publishing its computer objects |
Also Published As
Publication number | Publication date |
---|---|
JP2000508104A (en) | 2000-06-27 |
KR100373526B1 (en) | 2003-02-25 |
JP3381927B2 (en) | 2003-03-04 |
EP0953172B1 (en) | 2001-08-29 |
DE69706440T2 (en) | 2002-05-16 |
EP0953172A1 (en) | 1999-11-03 |
DE69706440D1 (en) | 2001-10-04 |
US6658573B1 (en) | 2003-12-02 |
KR20000069948A (en) | 2000-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0953172B1 (en) | Protecting resources in a distributed computer system | |
Wallach et al. | Extensible security architectures for Java | |
Gong et al. | Going beyond the sandbox: An overview of the new security architecture in the Java Development Kit 1.2 | |
US6192476B1 (en) | Controlling access to a resource | |
Gong | Java security architecture (JDK 1.2) | |
Chander et al. | Mobile code security by Java bytecode instrumentation | |
US20020174224A1 (en) | Stack-based access control | |
US20050108516A1 (en) | By-pass and tampering protection for application wrappers | |
US20080066187A1 (en) | Mobile Wireless Device with Protected File System | |
Gong | Java 2 platform security architecture | |
US8387111B2 (en) | Type independent permission based access control | |
US20030084325A1 (en) | Method and apparatus for implementing permission based access control through permission type inheritance | |
Dean et al. | Java security: Web browsers and beyond | |
Butt et al. | Grid-computing portals and security issues | |
Levy et al. | The Safe-Tcl Security Model. | |
Bank | Java security | |
Petkac et al. | Security agility in response to intrusion detection | |
Edwards et al. | High security Web servers and gateways | |
Montanari et al. | Flexible security policies for mobile agent systems | |
EP1222537B1 (en) | Resource access control system | |
Welch et al. | Using reflection as a mechanism for enforcing security policies in mobile code | |
Balfanz et al. | A Java filter | |
Herzog et al. | An evaluation of Java application containers according to security requirements | |
Shin et al. | Java bytecode modification and applet security | |
Shioya et al. | A sandbox with a dynamic policy based on execution contexts of applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP KR US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1997900074 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1019997006161 Country of ref document: KR |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 1998 533323 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09341739 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 1997900074 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1019997006161 Country of ref document: KR |
|
WWG | Wipo information: grant in national office |
Ref document number: 1997900074 Country of ref document: EP |
|
WWG | Wipo information: grant in national office |
Ref document number: 1019997006161 Country of ref document: KR |