Method of automatically limiting access following a file system authorization failure
Original Publication Date: 2001-Nov-03
Included in the Prior Art Database: 2003-Jun-20
AbstractMethod of automatically limiting access following a file system authorization failure
Method of automatically limiting access following a file system authorization
Disclosed is a method for creating a new authorization check point in the logical file system of a UNIX* based OS. It will automatically limit access on the number of access failures returned by the underlying physical file systems. There are two keys to security on a computer system: authentication and authorization. Authentication put simply , you are who you say you are. This is typically done with log in names and passwords. You say you are "jones" and then you must authenticate yourself with the appropriate password for "jones". Authorization is when you have already been authenticated, but now you are allowed certain restricted access permission within the system. The log in name can also be locked preventing login on that name until an administrator takes action to allow that login name access to the machine.
This disclosure proposes enhancements to the logical file system layer of a UNIX base OS to automatically limit access for a user process following an authorization failure from a physical file system. The logical file system which is a set of kernel utilities that abstract a physical file system away from the OS on which it is running will increment an access failure counter in the user block for the running process whenever a physical file system denies access to a file or directory that the user is attempting to access. When this access failure counter reaches an administrator assigned limit for a specific user, the process can be terminated, the login session terminated, the process interrupted, or denied access to all physical file systems. In essence the us...