Software security system for maintaining integrity of compiled object code by restricting users ability to define compilers
First Claim
Patent Images
1. In a computer system having program files, the method of authorizing a code file as a compiler, comprising the steps of:
- (a) establishing, via an operating system, a FILEKIND attribute value to differentiate files as to being a data file, a code file, or an authorized compiler;
(b) requesting, via a first program, the operating system to assign a FILEKIND value to a secondprogram, where said first program is prevented, by the operating system, from assigning a FILEKIND value that would indicate a code file or a compiler;
(c) establishing, via an operating system routine, the ability to assign a COMPILERCODEFILE value to a program'"'"'s FILEKIND attribute where only a privileged user/privileged program is permitted access to the operating system routine, designated SETSTATUS, wherein said COMPUTERCODE FILE value represents an integer created by the operating system which designates a code file as a compiler;
(d) permitting, via a supervisory program designated DCKEYIN, that only a privileged user or privileged program, will get access capability to request, via said operating system routine, said operating system to authorize a code file as a compiler.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system which uses a main processor with main memory, and operates under a specialized software operating system, provides for checking the integrity of its compiler by use of software routines which permit an authorized user or an authorized program to authorize a file as a compiler and additionally will operate to identify any ordinary user and ordinary programs so as to prevent such ordinary user or ordinary program from authorizing a code file as a compiler.
-
Citations
7 Claims
-
1. In a computer system having program files, the method of authorizing a code file as a compiler, comprising the steps of:
-
(a) establishing, via an operating system, a FILEKIND attribute value to differentiate files as to being a data file, a code file, or an authorized compiler; (b) requesting, via a first program, the operating system to assign a FILEKIND value to a secondprogram, where said first program is prevented, by the operating system, from assigning a FILEKIND value that would indicate a code file or a compiler; (c) establishing, via an operating system routine, the ability to assign a COMPILERCODEFILE value to a program'"'"'s FILEKIND attribute where only a privileged user/privileged program is permitted access to the operating system routine, designated SETSTATUS, wherein said COMPUTERCODE FILE value represents an integer created by the operating system which designates a code file as a compiler; (d) permitting, via a supervisory program designated DCKEYIN, that only a privileged user or privileged program, will get access capability to request, via said operating system routine, said operating system to authorize a code file as a compiler. - View Dependent Claims (2, 3)
-
-
4. In a computer system, the method of controlling files which might be used as a compiler, comprising the steps of:
-
(a) providing, through a system administrator, a Master Control Program (MCP) which includes an entry point designated SETSTATUS which has the capability of changing a FILEKIND attribute value of a designated file into a COMPILERCODEFILE value; (b) establishing a routine, designated as DCKEYIN, for receiving a MAKE COMPILER command from both ordinary programs and privileged programs; (c) denying, through said DCKEYIN routine, said ordinary programs from transmitting said MAKE COMPILER command to a CONTROLLER program, where said CONTROLLER program initiates entry into said SETSTATUS program entry point of said Master Control Program; (d) permitting, via said DCKEYIN routine, said privileged program to transmit said MAKE COMPILER command to said CONTROLLER program; (e) receiving, by said CONTROLLER program, of said MAKE COMPILER command from said DCKEYIN routine; (f) transmitting, by said CONTROLLER program, of said MAKE COMPILER command to said SETSTATUS entry point of said MCP operating system; (g) changing, via said SETSTATUS initiation of said MCP operating system, the FILEKIND value of said designated file into the COMPILERCODEFILE value which will authorize said designated file to operate as a compiler.
-
-
5. In a computer system, the method of controlling files which might be used as a compiler, comprising the steps of:
-
(a) establishing, by a system administrator, a Master Control Program (MCP) which includes an entry point designated SETSTATUS having the capability of changing a FILEKIND attribute value of a designated file into a COMPILERCODEFILE value; (b) providing, via said system administrator, a CONTROLLER program to transmit MAKE COMPILER commands to said SETSTATUS entry point, and to receive MAKE COMPILER commands from a menu-assisted resource control (MARC) program; (c) inputting, from ordinary users and privileged users, the MAKE COMPILER commands into said MARC program; (d) inhibiting, by said MARC program, said MAKE COMPILER commands from said ordinary users; (e) transmitting, by said MARC program, said MAKE COMPILER commands from privileged users to said CONTROLLER program; (f) initiating, via said CONTROLLER program, of the SETSTATUS entry point of the Master Control Program to authorize the program designated by the MAKE COMPILER command. - View Dependent Claims (6)
-
-
7. A method for ensuring that only properly privileged personnel and programs can authorize a code file as a compiler in a computer system, said method comprising the steps of:
-
(a) providing, via a system administrator, a Master Control Program (MCP) operating system which includes safeguard routines to check any "MAKE COMPILER" command generated in said system, said MCP being initiated via a SETSTATUS entry point; (b) recognizing, by checking the FILEKIND attribute, via the said MCP operating system, whether a file is or is not a compiler; (c) assigning, via a program, a FILEKIND value to a file which will identify it as a "compiler" or as a "code file" or as a "system code file" or as a "data file"; (d) checking out the source of any "MAKE COMPILER" commands by means of programs designated as DCKEYIN, and menu-assisted resource control (MARC) which cooperate with a CONTROLLER program which can allow or deny further transmission of the MAKE COMPILER command to the SETSTATUS entry point of the MCP operating system; (e) enabling, via the said SETSTATUS entry point and the MCP operating system, the MAKE COMPILER command to authorize a file to act as a compiler.
-
Specification