发明名称 |
Hierarchical security mechanism for dynamically assigning security levels to object programs |
摘要 |
A computer system organization which allows a program to specify a predetermined security level for other programs which it invokes, while at the same time being subject to security restraints placed on it either by a higher priority level invoking program or by the operating system. A plurality of security levels organized as a hierarchy which may be established by both problem programmers, and the operating system are then controlled by the operating system. A program cannot change its previously assigned level. Only a higher level invoking program can make such an alteration. A new program's security level indicator must be validated and then a protection code or 'mask' of a predetermined size related to the security level must be validated. The system utilizes a plurality of special purpose bits in every data word which bits contain the protection field. Level indicators for the particular program determine the use of the protection field. A series of linking registers or a 'Link Stack' having appropriate logic circuitry connected thereto is utilized for keeping track of the security level of all programs in a hierarchical sequence currently running on the system. The stack allows proper branching back to an originating program and prevents violation of security rules. The hardware additionally provides a mechanism for automatically checking each and every memory access, whether read or write, to assure that a correct protection field is present in each of the memory data words which is to be accessed or stored into.
|
申请公布号 |
US4104721(A) |
申请公布日期 |
1978.08.01 |
申请号 |
US19760755899 |
申请日期 |
1976.12.30 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
MARKSTEIN, PETER WILLY;TRITTER, ALAN LEVI |
分类号 |
G06F11/00;G06F12/14;G06F21/24;(IPC1-7):G06F9/18 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|