Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information
First Claim
1. In a digital computer system includingmemory means for performing memory operations including storing and providing items of data, said items of data including instructions;
- processor means connected to said memory means for performing operations in response to said instructions including processing said items of data;
memory organization means operative on said memory means for organizing said memory means into objects identified by unique identifiers and allowing the location of said items therein, each said item being associated with an object and addressable by a logical address specifying the unique identifier of the object with which said item is associated and an offset specifying the location of said item its associated object,said memory organization means further identifying for each one of said objects a selected set of subjects representing entities for which said processor means responds to said instructions;
memory operation specifier generation means in said processor means responsive to said instructions for providing a memory operation specifier for each item processed by said processor, said memory operation specifier for a given item specifying the object in which said given item is to be located and one of said memory operations; and
memory operations means responsive to a memory operation specifier which includes a logical address and a memory command specifying a memory operation for performing the memory operation specified by the memory command on the item specified by the logical address for a current subject for which said processor means is currently executing said instructions only when said current subject is one of the subjects in the selected set of subjects identified for the object specified in said memory operation specifier.
0 Assignments
0 Petitions
Accused Products
Abstract
A digital data processing system has a memory organized into objects containing at least operands and instructions. Each object is identified by a unique and permanent identifier code which identifies the data processing system and the object. The system uses a protection technique to prevent unauthorized access to objects by users who are identified by a subject number which identifies the user, a process of the system for executing a user'"'"'s procedure, and the type of operation of the system to be performed by the user'"'"'s procedure. An access control list for each object includes an access control list entry for each subject having access rights to the object and means for confirming that a particular active subject has access rights to a particular object before permitting access to the object. The system also includes stacks for containing information relating to the current state of execution of the system.
333 Citations
17 Claims
-
1. In a digital computer system including
memory means for performing memory operations including storing and providing items of data, said items of data including instructions; -
processor means connected to said memory means for performing operations in response to said instructions including processing said items of data; memory organization means operative on said memory means for organizing said memory means into objects identified by unique identifiers and allowing the location of said items therein, each said item being associated with an object and addressable by a logical address specifying the unique identifier of the object with which said item is associated and an offset specifying the location of said item its associated object, said memory organization means further identifying for each one of said objects a selected set of subjects representing entities for which said processor means responds to said instructions; memory operation specifier generation means in said processor means responsive to said instructions for providing a memory operation specifier for each item processed by said processor, said memory operation specifier for a given item specifying the object in which said given item is to be located and one of said memory operations; and memory operations means responsive to a memory operation specifier which includes a logical address and a memory command specifying a memory operation for performing the memory operation specified by the memory command on the item specified by the logical address for a current subject for which said processor means is currently executing said instructions only when said current subject is one of the subjects in the selected set of subjects identified for the object specified in said memory operation specifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification