Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information

US 4,525,780 A
Filed: 05/31/1984
Issued: 06/25/1985
Est. Priority Date: 05/22/1981
Status: Expired due to Term

First Claim

Patent Images

1. In a digital computer system includingmemory means for performing memory operations including storing and providing items of data, said items of data including instructions;

processor means connected to said memory means for performing operations in response to said instructions including processing said items of data;

memory organization means operative on said memory means for organizing said memory means into objects identified by unique identifiers and allowing the location of said items therein, each said item being associated with an object and addressable by a logical address specifying the unique identifier of the object with which said item is associated and an offset specifying the location of said item its associated object,said memory organization means further identifying for each one of said objects a selected set of subjects representing entities for which said processor means responds to said instructions;

memory operation specifier generation means in said processor means responsive to said instructions for providing a memory operation specifier for each item processed by said processor, said memory operation specifier for a given item specifying the object in which said given item is to be located and one of said memory operations; and

memory operations means responsive to a memory operation specifier which includes a logical address and a memory command specifying a memory operation for performing the memory operation specified by the memory command on the item specified by the logical address for a current subject for which said processor means is currently executing said instructions only when said current subject is one of the subjects in the selected set of subjects identified for the object specified in said memory operation specifier.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital data processing system has a memory organized into objects containing at least operands and instructions. Each object is identified by a unique and permanent identifier code which identifies the data processing system and the object. The system uses a protection technique to prevent unauthorized access to objects by users who are identified by a subject number which identifies the user, a process of the system for executing a user'"'"'s procedure, and the type of operation of the system to be performed by the user'"'"'s procedure. An access control list for each object includes an access control list entry for each subject having access rights to the object and means for confirming that a particular active subject has access rights to a particular object before permitting access to the object. The system also includes stacks for containing information relating to the current state of execution of the system.

333 Citations

17 Claims

1. In a digital computer system includingmemory means for performing memory operations including storing and providing items of data, said items of data including instructions;
- processor means connected to said memory means for performing operations in response to said instructions including processing said items of data;
  
  memory organization means operative on said memory means for organizing said memory means into objects identified by unique identifiers and allowing the location of said items therein, each said item being associated with an object and addressable by a logical address specifying the unique identifier of the object with which said item is associated and an offset specifying the location of said item its associated object,said memory organization means further identifying for each one of said objects a selected set of subjects representing entities for which said processor means responds to said instructions;
  
  memory operation specifier generation means in said processor means responsive to said instructions for providing a memory operation specifier for each item processed by said processor, said memory operation specifier for a given item specifying the object in which said given item is to be located and one of said memory operations; and
  
  memory operations means responsive to a memory operation specifier which includes a logical address and a memory command specifying a memory operation for performing the memory operation specified by the memory command on the item specified by the logical address for a current subject for which said processor means is currently executing said instructions only when said current subject is one of the subjects in the selected set of subjects identified for the object specified in said memory operation specifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. In a digital computer system of claim 1 whereinsaid memory operation specifier further includes a length specifier specifying the length of said item at the location specified by said logical address;
    - andsaid memory operation means performs said memory operation specified by said memory command on said item at said location specified by said logical address having the length specified by said length specifier.
  - 3. In a digital computer system of claim 2 wherein said length specifier specifies a length in bits.
  - 4. In a digital computer system of claim 1 wherein said offset is a bit-granular offset and may specify any bit of the items associated with the object specified in said logical address.
  - 5. In a digital computer system of claim 1 wherein said memory organization means identifies each said object with a single unique identifier and said single unique identifier never identifies any other said object.
  - 6. In a digital computer system of claim 1 wherein said unique identifier contains 80 bits.
  - 7. In a digital computer system of claim 1 whereinsaid memory organization means includes means for organizing said memory means into a plurality of logical allocation untis, each said object being associated with one of said logical allocation units, andsaid unique identifier further includesa logical allocation unit identifier specifying the logical allocation unit associated with the object identified by said unique identifier, andan object serial number identifying said object in said associated logical allocation unit.
  - 8. In a digital computer system of claim 7 whereinsaid memory organization means identifies each said logical allocation unit by a single logical allocation unit identifier and said single logical allocation unit identifier never identifies any other said logical allocation unit, andsaid memory organization means identifies each object associated with said logical allocation unit by a single object serial number and said object serial number never identifies any other said object associated with said logical allocation unit.
  - 9. In a digital computer system of claim 7 wherein said logical allocation unit identifier further includesa logical allocation unit group number specifying a logical allocation group including a plurality of said logical allocation units, anda logical allocation unit serial number identifying one of the logical allocation units of said plurality of logical allocation units.
  - 10. In a digital computer system of claim 9 whereinsaid memory organization means identifies each of said plurality of logical allocation unit groups by a single logical allocation unit group number and said single logical allocation unit group number never identifies any other said logical allocation unit group;
    - andsaid memory organization means identifies each logical allocation unit associated with the logical allocation unit group identified by said logical allocation unit group number by a single logical allocation unit serial number and said single logical allocation unit serial number never identifies any other logical allocation unit in the logical allocation unit group specified by said logical allocation unit group number.
  - 11. In a digital computer system of claim 9 whereinsaid logical allocation unit group number contains 9 bits;
    - said logical allocation unit serial number contains 8 bits;
      
      said object serial number contains 48 bits; and
      
      said offset identifies a single bit which may be any bit in the items associated with the object identified by said unique identifier.
  - 12. In a digital computer system of claim 1 wherein said univeral identifiers do not specify locations of objects relative to other said objects.
  - 13. In a digital computer system of claim 1 wherein certain ones of said subjects, including said current subject, are active subjects for which said processor means is or shortly will be executing said instructions;
    - said memory operations means includesmeans for temporarily associating each said active subject with a different active subject number, said current subject being represented in said memory operation means by the active subject number currently associated therewith and said memory operations means using the active subject number currently associated with said current subject to determine whether said current subject is one of the set of subjects identified for the object specified in said memory operation specifier.
  - 14. In a digital computer system of claim 13 wherein said memory operation means further includesmeans accessible to said processor means for storing the active subject number currently associated with said current subject.
  - 15. In a digital computer system of claim 1 whereinsaid memory organization means further identifies for each of said selected set of subjects a selected set of said memory operations which said selected set of subjects is authorized to perform on the items locatable by a said object;
    - andsaid memory operation means further performs the memory operation specified in said memory operation specifier only if said specified memory operation is identified as one of the selected set of memory operations which said current subject is authorized to perform on the items locatable by the object specified in said memory operation specifier.
  - 16. In a digital computer system of claim 15 wherein said memory operation means further includesprotection cache means for encaching information specifying said memory operations which a current subject is authorized to perform on the objects specified in the memory operation specifiers produced in response to said instructions, said protection cache means receiving said memory operation specifier and responding thereto by producing an access violation signal when said encached information indicates that said current subject may not perform the memory operation specified by said memory operation specifier on the object specified by said memory operaton specifier;
    - andmeans responsive to said access violation signal for inhibiting the performance of said specified memory operation.
  - 17. In a digital computer system of claim 1 whereinsaid instructions are contained in procedures of said items and said processor means responds to said instructions only while executing one of said procedures;
    - the operations performed by said processor means further includea call operation for suspending a current execution of one of said procedures and commencing another execution as the current execution, anda return operation for terminating said current execution and resuming the execution which was suspended to commence the terminated current execution; and
      
      said current subject changes as a consequence of said call opeation and said return operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Data General Corp. (Dell Technologies Inc.)
Original Assignee
Data General Corp. (Dell Technologies Inc.)
Inventors
Mundie, Craig J., Wallach, Steven J., Schleimer, Stephen I., Gavrin, Edward S., Bratt, Richard G., Clancy, Gerald F., Gruner, Ronald H.
Primary Examiner(s)
Zache, Raulfe B.
Assistant Examiner(s)
WILLIAMS JR, ARCHIE E

Application Number

US06/616,773
Time in Patent Office

390 Days
Field of Search

364/200 MS File, 364/900 MS File
US Class Current

711/163
CPC Class Codes

G01R 31/318505   Test of Modular systems, e....

G06F 11/073   in a memory management cont...

G06F 11/0793   Remedial or corrective acti...

G06F 12/0875   with dedicated cache, e.g. ...

G06F 12/1483   using an access-table, e.g....

G06F 7/00   Methods or arrangements for...

G06F 7/483   Computations with numbers r...

G06F 7/49905   Exception handling

G06F 7/4991   Overflow or underflow

G06F 7/49926   Division by zero

G06F 9/30192   according to data descripto...

G06F 9/4488   Object-oriented

G06F 9/4843   by program, e.g. task dispa...

G06F 9/54   Interprogram communication

Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

333 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

333 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links