ACCESSING PRIVILEGED OBJECTS IN A SERVER ENVIRONMENT

摘要

Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object. Upon positive authorization the CPU executes the semi-privileged instruction and grants access to the privileged object, and upon authorization failure denies execution of the semi-privileged instruction and performs a corresponding authorization check failure handling.

主权项

1. A computer-implement method of accessing privileged objects in a server environment, the method comprising:
associating one or more privileged objects with an application, the application comprising at least one process resource and a corresponding semi-privileged instruction, the associating providing an association; filing the association in an entity of an operating system kernel; based on the semi-privileged instruction being issued by a process resource of the at least one process resource and attempting to access the privileged object, performing an authorization check, the authorization check comprising accessing the entity to determine authorization of the process resource to access a privileged object; and performing processing based on performing the authorization check.