System and method for loading application classes

Description

FIELD OF THE INVENTION

This disclosure relates to secure applications and in particular to loading classes into applications based on user security permissions.

BACKGROUND OF THE INVENTION

When invoking an application on a device, it may be necessary to prevent unauthorized access to the application or to some capabilities of the application depending on the security permissions of the user. Existing solutions use conditional logic within application logic or within a security module to determine whether protected capabilities can be accessed. However, if permissions are set incorrectly, either accidentally or through malicious intent, protected capabilities may be accessed if the code implementing those capabilities is visible to the application. This can be a serious problem in distributed applications.

What is required is an improved system and method for developing and/or providing secure applications.

SUMMARY OF THE INVENTION

In one aspect of the disclosure, there is provided a method for loading a class in an application comprising determining a class requirement, determining a security permission, retrieving a class variant of the required class associated with the security permission and loading the retrieved class variant.

In one aspect of the disclosure, there is provided an application comprising a request handler and at least one class loader. The request handler may be configured to process a request for a class and determine a security permission of the application. The class loader may be configured to load a class variant dependent on the security permission.

In one aspect of the disclosure, there is provided a computer-readable medium comprising computer-executable instructions for execution by a processor, that, when executed, cause the processor to decode a security token, determine a security permission from the security token, select a class repository associated with the security permission, and load a class from the selected class repository.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made, by way of example only, to specific embodiments and to the accompanying drawings in which:

FIG. 1 illustrates an application structure;

FIG. 2 illustrates a process for loading classes into the application of FIG. 1;

FIG. 3 illustrates a process for performing an invocation;

FIG. 4 illustrates a process for obtaining a class instance;

FIG. 5 illustrates a process and memory for executing the application;

FIG. 6 illustrates an instruction set that is executable on the processor of FIG. 5; and

FIG. 7 illustrates an application processor in communication with a class repository processor.

DETAILED DESCRIPTION OF THE INVENTION

An application structure 10 is illustrated in FIG. 1. The application 10 includes application classes 12 that have been loaded and are used to perform the functions of the application. Application classes are typically loaded using a classloader 14 within a request handler 15. In an embodiment of the present disclosure, the application 10 may be configured to have a set of security permissions encoded as a security token. When the application performs a secure operation, the request handler 15 intercepts the invocation. The request handler 15 may be local to the caller or in a remote process. The class loader of the present embodiment is configured to load multiple variants of classes based on the permissions encoded in the security token. The security token may be generated when the application is installed on a specific computing device, when a user performs a login operation, or by any other means that establishes the user's security credentials. In a distributed application, the security token may be passed between processes using established mechanisms for performing remote operations, such as remote invocation through a secure (encrypted) connection. The class loader 14 uses the security permissions to determine which variant to load.

A process for loading a class is shown in the flowchart 100 of FIG. 2. At step 101, a requirement for a class to be loaded is generated. The security permissions for the application are then evaluated (step 102). A class variant of the required class associated with the security permission is then retrieved (step 103) and loaded (step 104).

A specific set of permissions is mapped to a specific variant set of classes. Each set may contain a different group of classes. However, each variant class that will be directly accessed by the application has the same name and namespace and provides the same public API. Each set of variant classes is contained in a separate repository, such as Repository A 17, Repository B 18, etc. The class repositories may be located locally in the filesystem or available via the network from a central remote server. The classloader 14 determines which repository to load classes from using the security permissions. When the application requires access to a class subject to security permissions, the class loader will load a variant of the class from the appropriate repository based on the application's permissions. This protects the system from accidental or malicious use of protected capabilities. Because each variant of the class has the correct namespace and provides the correct public API, the class will execute properly when loaded and invoked within the application.

One variant of the class may be coded to provide a full capability that is only accessible by a user with administrative security permissions while another variant of the same class may be coded to provide a reduced functionality accessible by a user with read-only security permissions. For example, one class variant may support creation and deletion of all user accounts, another class variant may support updating account information but not creation or deletion, and a third class variant may only support viewing account information for the current user.

In FIG. 3 there is shown a process 200 for performing an invocation of a class by the application. At step 201, the request handler 15 receives the invocation and decodes the security token from the invocation at step 202. Provided the security token is valid (step 203), the classloader 14 retrieves the class variant from the appropriate class repository that matches the security permissions indicated in the security token (step 204). The retrieved class may then be used to perform the invocation (step 205).

A process for retrieving the class instance is shown in the flowchart 300 of FIG. 4. At step 301, a class requirement is created based on the security permission required and the class operation being performed. If the class has been previously loaded, as determined at step 302 and there is an instance of the class available as determined at step 303 then the invocation may be performed routinely 305. If the class instance is not available but has been previously loaded, then the class instance can be created at step 304 before proceeding to perform the invocation 305. If the class has not been previously loaded (302) then the classloader to be used to load the class is determined at step 306. Each class repository may have a separate classloader for it within the application. This helps to properly firewall the application, and allows multiple variants of the same class to be loaded within the same application process. The classloader is determined based on the security permissions indicated in the class requirement, such as from the security token. If the selected classloader is available (307) then the class is loaded 308. If the class is loaded successfully as determined at step 309, then an instance of the class is created 304 so that the invocation can be performed 305.

When the application is started, it loads a set of security permissions stored on the local computing device. The application is also configured to be aware of a number of class repositories and the permissions each repository requires. The application then initializes a set of security classloaders to load classes from each repository. Each security classloader is configured to load classes from one of the repositories, and is aware of the security permissions required by the repository. As stated previously, the class repositories may be local to the computing device, or remotely accessible through a server.

The application may be embodied in hardware, software, firmware or a combination of hardware, software and/or firmware. In a hardware embodiment, the application may execute on a processor 61 operatively associated with a memory 62 as shown in FIG. 5. The memory 62 may store an instruction set 400 executable by the processor 61 as shown in FIG. 6. The instruction set allows the processor 61 to decode a security token (step 401), which may be stored in the memory 62. Once decoded, the processor 61 may determine a security permission indicated in the security token (step 402) and then select a class repository associated with the security permission (step 403). The processor 61 then loads a class from the selected repository (step 403).

The processor 61 may communicate with a second processor 71, such as a class repository processor associated with a memory 72 that stores a number of class repositories. The application processor 61 may send class requests to the class repository processor 71 through a suitable communications link 65.

Although embodiments of the present invention have been illustrated in the accompanied drawings and described in the foregoing description, it will be understood that the invention is not limited to the embodiments disclosed, but is capable of numerous rearrangements, modifications, and substitutions without departing from the spirit of the invention as set forth and defined by the following claims. For example, the capabilities of the invention can be performed fully and/or partially by one or more of the blocks, modules, processors or memories. Also, these capabilities may be performed in the current manner or in a distributed manner and on, or via, any device able to provide and/or receive information. Further, although depicted in a particular manner, various modules or blocks may be repositioned without departing from the scope of the current invention. Still further, although depicted in a particular manner, a greater or lesser number of modules and connections can be utilized with the present invention in order to accomplish the present invention, to provide additional known features to the present invention, and/or to make the present invention more efficient. Also, the information sent between various modules can be sent between the modules via at least one of a data network, the Internet, an Internet Protocol network, a wireless source, and a wired source and via plurality of protocols.

Claims

1. A method, comprising: determining, at a processing device, a class invoked by an application at run time;decoding, at the processing device, a security permission encoded as a security token in the application; andretrieving, from at least one depository, a class variant from a plurality of class variants associated with the class based at least in part on the security permission;wherein each of the plurality of class variants is configured to define a corresponding functionality of the application; andwherein the security token is generated upon installation of the application.
2. The method according to claim 1, further comprising associating each of the plurality of class variants with a corresponding security permission.
3. The method according to claim 2, further comprising storing each of the plurality of class variants in separate repositories.
4. The method according to claim 2, wherein each of the plurality of class variants comprises a same namespace.
5. The method according to claim 2, wherein each of the plurality of class variants comprises a same application programming interface.
6. The method according to claim 2, wherein a first class variant provides a first functionality; andwherein a second class variant provides a reduced functionality in comparison to the first class variant.
7. The method according to claim 2, further comprising associating each of the corresponding security permissions with a class variant repository.
8. The method according to claim 7, wherein the plurality of class variants for the class are stored in a repository with a plurality of class variants for at least another class having equivalent security permissions.
9. An apparatus, comprising: a memory device; anda processing device operatively coupled to the memory device comprising: a request handler; andat least one class loader;wherein the request handler is configured to: process a request for a class invoked by an application at run time; anddecode a security permission encoded as a security token in the application;wherein the at least one class loader is configured to retrieve a class variant from a plurality of class variants associated with the class based at least in part on to the security permission;wherein each of the plurality of class variants corresponds to a particular functionality of the application; andwherein the security token is generated upon installation of the application.
10. The apparatus according to claim 9, wherein a first class variant provides a first functionality; andwherein a second class variant provides a reduced functionality in comparison to the first class variant.
11. The apparatus according to claim 10, wherein the first class variant is associated with a first security permission; andwherein the second class variant is associated with a second security permission.
12. A computer-readable storage device including computer-executable instructions stored thereon that, when executed by a processing device, configure the processing device to perform operations comprising: decoding a security permission encoded as a security token in an application;determining a class invoked by the application at run time;selecting a class repository associated with the class; andloading a variant from a plurality of variants corresponding to the class from the class repository based at least in part on the security permission;wherein the security token is generated upon installation of the application.
13. The computer-readable storage device of claim 12, wherein the processing device is configured to perform operations further comprising associating each of the plurality of variants with a corresponding security permission level.
14. The computer-readable storage device of claim 13, wherein the processing device is configured to perform operations further comprising: storing each of the plurality of variants in distinct repositories.
15. The computer-readable storage device of claim 14, wherein the processing device is configured to perform operations further comprising: associating each of the corresponding security permissions levels to a distinct repository.
16. The computer-readable storage device of claim 13, wherein each of the plurality of variants comprises a common namespace.
17. The computer-readable storage device of claim 13, wherein each of the plurality of variants comprises a common application programming interface.
18. The computer-readable storage device of claim 13, wherein the plurality of variants for the class are stored in a repository with a plurality of class variants for at least another class having equivalent security permission levels.
19. The computer-readable storage device of claim 12, wherein a first class variant provides a first functionality; andwherein a second class variant provides a reduced functionality in comparison to the first class variant.
20. A device, comprising: a memory device configured to store instructions; anda processing device configured to execute the instructions stored in the memory device to: determine a class invoked by an application at run time;decode a security level encoded as a security token in the application upon installation of the application;select a class repository associated with the security level; andload a class variant from a plurality of class variants corresponding to the class from the class repository.
21. The device of claim 20, wherein the processing device is configured to execute the instructions further to: associate each of the plurality of class variants with a corresponding security permission level.
22. The device of claim 21, wherein the processing device is configured to execute the instructions further to: store each of the plurality of class variants in distinct repositories.
23. The device of claim 21, wherein the processing device is configured to execute the instructions further to: associate corresponding security levels to distinct repositories.
24. The device of claim 21, wherein each of the plurality of class variants comprises a common namespace.
25. The device of claim 21, wherein each of the plurality of class variants comprises a common application programming interface.
26. The device of claim 21, wherein the processing device is configured to execute the instructions further to: store the plurality of class variants for the class in a repository with a plurality of class variants for at least another class having equivalent security permission levels.
27. The device of claim 20, wherein a first class variant provides a first functionality; andwherein a second class variant provides a reduced functionality in comparison to the first class variant.
28. A method, comprising: decoding, at a processing device, a security permission encoded as a security token in an application;identifying, at the processing device, a requirement for a class in the application at run time;in response to the class not having been previously loaded, loading, at the processing device, a class variant corresponding to the requirement based at least in part on the security permission;creating, at the processing device, an instance of the class variant; andperforming, at the processing device, an invocation of the instance of the class variant;wherein the security token is generated upon installation of the application.
29. A method, comprising: determining, at a processing device, a class invoked by an application at run time;decoding, at the processing device, a security permission encoded as a security token in the application;retrieving, from at least one depository, a class variant from a plurality of class variants associated with the class based at least in part on the security permission;associating each of the plurality of class variants with a corresponding security permission; andassociating each of the corresponding security permissions with a class variant repository;wherein each of the plurality of class variants is configured to define a corresponding functionality of the application;wherein the plurality of class variants for the class are stored in a repository with a plurality of class variants for at least another class having equivalent security permissions; andwherein the security token is generated upon installation of the application.

US Referenced Citations (34)

Number	Name	Date	Kind
5848232	Lermuzeaux et al.	Dec 1998	A
6044467	Gong	Mar 2000	A
6173404	Colburn et al.	Jan 2001	B1
6871277	Keronen	Mar 2005	B1
6895586	Brasher et al.	May 2005	B1
7424543	Rice, III	Sep 2008	B2
7653811	Yagiura	Jan 2010	B2
8229974	Lowry et al.	Jul 2012	B2
8271369	Gilmore	Sep 2012	B2
20010027527	Khidekel et al.	Oct 2001	A1
20020035514	Whitley et al.	Mar 2002	A1
20020174010	Rice, III	Nov 2002	A1
20030033539	Cheng	Feb 2003	A1
20040142682	Kamiya et al.	Jul 2004	A1
20040158718	Gelbord et al.	Aug 2004	A1
20050235291	Kamiya et al.	Oct 2005	A1
20050262494	Fung et al.	Nov 2005	A1
20060037082	LaMacchia et al.	Feb 2006	A1
20060047659	Yagiura	Mar 2006	A1
20060070112	LaMacchia et al.	Mar 2006	A1
20060288404	Kirshnan et al.	Dec 2006	A1
20070011749	Allison et al.	Jan 2007	A1
20070174281	Chase	Jul 2007	A1
20080159540	Maetz et al.	Jul 2008	A1
20080168528	Lin et al.	Jul 2008	A1
20080192643	Bae et al.	Aug 2008	A1
20080201693	Centonze et al.	Aug 2008	A1
20080301710	Shetty	Dec 2008	A1
20090193492	Banerjee et al.	Jul 2009	A1
20090193515	Kamiya et al.	Jul 2009	A1
20090232141	Fersman et al.	Sep 2009	A1
20090320121	Maida-Smith et al.	Dec 2009	A1
20100036869	Lowry et al.	Feb 2010	A1
20110083162	Sathish	Apr 2011	A1

Foreign Referenced Citations (12)

Number	Date	Country
1416353	Feb 2004	EP
1507211	May 2004	EP
1507211	Feb 2005	EP
5241797	Sep 1993	JP
8263441	Nov 1996	JP
2003-332978	Nov 2003	JP
2004152022	May 2004	JP
2006040146	Sep 2006	JP
2006344057	Dec 2006	JP
2007213595	Aug 2007	JP
2009271567	Nov 2009	JP
2011068630	Jun 2011	WO

Non-Patent Literature Citations (6)

Entry
Li Gong; , “Secure Java class loading,” Internet Computing, IEEE , vol. 2, No. 6, pp. 56-61, Nov/Dec 1998 doi: 10.1109/4236.735987 URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=735987&isnumber=15853.
Gong L.; “Java Security Architecture” (JDK 1.2) Version 1.0; Internet Citation, Dec. 6, 1998; XP002171445; retrieved Jul. 9, 2001.
European Patent Office; Extended search report for EP application No. 10193298.6 2212, Patent No. 2341457; May 31, 2012; 8 pages.
European Patent Office; IB International Preliminary Report on Patentability and Written Opinion of the ISA, PCT/ US2010/055703; Jun. 14, 2012; 6 Pages.
Gong L.; DK12SPEC PDF/Java—TM—SecurityArchiecture PDF: “Java Security Architecture Version 1.0”; Internet citation, Dec. 6, 1998; Retrieved on Jul. 9, 2001, URL:http://citeseer.nj.nec.com/rd; whole document, 20 pages.
European Patent Office; PCT Search Report and Written Opinion; PCT/US2010/055703; Jan. 25, 2011; 11 Pages.

Related Publications (1)

	Number	Date	Country
	20110138460 A1	Jun 2011	US

System and method for loading application classes

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications