| 摘要 |
A computer security mechanism including an access control table specifying the predetermined access rights of each of a plurality of predetermined security subjects relative to predetermined security objects; a collection of mutually exclusive execution domains for each of the security subjects so that the executing processes of a security subject can only directly access code and data contained within the collection of domains of such security subject; a collection of mutually exclusive domains for a plurality of security object type managers, each of which is the sole owner of the right and ability to create and control access to security objects of a predetermined type, such that the only interaction between the execution environment of a security subject and the execution environment of another security subject is through operations on security objects performed through the services of the type managers; an object table for storing entries identifying the nature and location of security objects; and unforgeable access descriptors created by the security type managers by reference to the access control table for validation of access rights and utilized to allow access by security subjects to security objects via the object table, each access descriptor containing an index to the object table entry for the associated security object and identification of the access rights of the security subject with which the access descriptor is associated, whereby use of an access descriptor allows for efficient validation and mechanization of a requested access.
|
