Privilege level checking instruction for implementing a secure hierarchical computer system
First Claim
1. A method of securing a computer system having a memory and an instruction unit when a calling routine having an original low privilege level desires to call on a service routine having a higher privilege level than the calling routine is normally permitted to access, said method comprising the steps of:
- reading an access rights field contained in a register within the instruction unit to determine current access rights of the calling routine;
reading an access rights field of a page in the memory containing a gateway instruction indicated by the calling routine;
comparing the access rights field in the register within the instruction unit to the access rights field of the page in memory containing the gateway instructions indicated by the calling routine to determine whether the calling route is permitted entry to the page containing the gateway instruction; and
performing the following substeps if the access rights field of the calling routine indicates that the calling routine is permitted entry to the page containing the gateway instruction;
raising the low privilege level of the calling routine to the higher privilege level specified by the gateway instruction,storing a return address and the low privilege level of the calling routine in a target register of the calling routine, so that the calling routine cannot forge its privilege level,branching control of the instruction unit from the calling routine to a location of the service routine as specified by the gateway instruction,executing the service routine, andreturning control to the calling routine at an address specified by the target register with the original low privilege level stored in the target register.
2 Assignments
0 Petitions
Accused Products
Abstract
A low overhead way for insuring that only routines of sufficient privilege can execute on a secured page of memory in an hierarchial computer system, and for raising the privilege level of a low privilege process in an orderly and secure way is presented. This is done through the execution of a single "gateway" branch instruction standing between a procedure call by a lower privileged routine, such as a user program, and an operating system itself.
-
Citations
3 Claims
-
1. A method of securing a computer system having a memory and an instruction unit when a calling routine having an original low privilege level desires to call on a service routine having a higher privilege level than the calling routine is normally permitted to access, said method comprising the steps of:
-
reading an access rights field contained in a register within the instruction unit to determine current access rights of the calling routine; reading an access rights field of a page in the memory containing a gateway instruction indicated by the calling routine; comparing the access rights field in the register within the instruction unit to the access rights field of the page in memory containing the gateway instructions indicated by the calling routine to determine whether the calling route is permitted entry to the page containing the gateway instruction; and performing the following substeps if the access rights field of the calling routine indicates that the calling routine is permitted entry to the page containing the gateway instruction; raising the low privilege level of the calling routine to the higher privilege level specified by the gateway instruction, storing a return address and the low privilege level of the calling routine in a target register of the calling routine, so that the calling routine cannot forge its privilege level, branching control of the instruction unit from the calling routine to a location of the service routine as specified by the gateway instruction, executing the service routine, and returning control to the calling routine at an address specified by the target register with the original low privilege level stored in the target register. - View Dependent Claims (2, 3)
-
Specification