Storage protection utilizing public storage key control
First Claim
1. Means for protecting against unauthorized accesses by program requests for accessing data units in blocks in a storage of a computer system, comprising:
- processor means for providing an address of a data unit to be accessed in a block in storage and providing an access key associated with a program requesting the access in the block and providing a fetch/store signal identifying the manner of access;
means for fetching a storage key associated with an addressed block in storage;
means for testing if an access key equals a supervisory key for providing a supervisory key signal;
means for comparing an access key with the storage key to provide an equal key signal;
means for determining if the storage key equals a public key value to provide a public storage key signal;
means for finding if an access key equals the public key value to provide a public access key signal; and
circuit means for enabling the addressed data unit to be accessed and sent to the requesting processor means if (1) the supervisory key signal is provided, or (2) if the equal signal is provided, or (3) if the public storage key signal and no public access key signal and no equal signal and no supervisory key signal are provided, or (4) if the fetch request signal and the public access key signal and no equal signal and no supervisory key signal are provided whenever the use of the public key value is enabled, or (5) if the fetch request signal and the public access key signal and no equal signal or no supervisory key signal are provided whenever use of the public key value is disabled.
1 Assignment
0 Petitions
Accused Products
Abstract
Provides three access levels of storage key protection, comprising a supervisory level (key 0), an intermediate level of non-public and non-supervisory keys (keys 1-8, 10-15), and an unique public level (key 9). The program routines operating with a supervisory-level access key can access both the public level and the intermediate level of storage blocks. Although a program routine operating with an access key in the intermediary access level cannot access any supervisory level storage block, it can access any block assigned a public level storage key, as well as any storage block assigned the respective intermediate level key. One or more third-level public storage keys (PSKs) may be provided. A program access key using one of the PSK values can only access blocks having the same PSK value, and it cannot access blocks having any other key value.
148 Citations
17 Claims
-
1. Means for protecting against unauthorized accesses by program requests for accessing data units in blocks in a storage of a computer system, comprising:
-
processor means for providing an address of a data unit to be accessed in a block in storage and providing an access key associated with a program requesting the access in the block and providing a fetch/store signal identifying the manner of access; means for fetching a storage key associated with an addressed block in storage; means for testing if an access key equals a supervisory key for providing a supervisory key signal; means for comparing an access key with the storage key to provide an equal key signal; means for determining if the storage key equals a public key value to provide a public storage key signal; means for finding if an access key equals the public key value to provide a public access key signal; and circuit means for enabling the addressed data unit to be accessed and sent to the requesting processor means if (1) the supervisory key signal is provided, or (2) if the equal signal is provided, or (3) if the public storage key signal and no public access key signal and no equal signal and no supervisory key signal are provided, or (4) if the fetch request signal and the public access key signal and no equal signal and no supervisory key signal are provided whenever the use of the public key value is enabled, or (5) if the fetch request signal and the public access key signal and no equal signal or no supervisory key signal are provided whenever use of the public key value is disabled. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of providing access protection for data blocks in a storage of a data processing system, in which different programs may access the blocks, comprising the steps of:
-
electronically-detecting one or more key values as public storage and access keys available in a computer system of which the remaining key values are detected electronically as non-public storage and access keys; electronically-assigning a public access key value to electronically constrain accesses by a particular program to the storage; and electronically-assigning a public storage key value to each block to be electronically stored-in primarily by programs executing with a public access key and also being storable by programs executing with a non-public access key, and any block assigned a non-public storage key not being storable by programs assigned a public access key. - View Dependent Claims (7, 8, 9, 11, 12)
-
-
10. A method of providing access protection for data blocks in a computer storage of a data processing system, in which different processes may access the block, comprising the steps of:
-
electronically-signaling an assignment of a public access key to a particular program selected from one or more keys as public access key(s) from a range of key values 0-15 usable in the system, and electronically-signaling an assignment of the value of the public access key as a public storage key to each block in storage to be accessed by the particular program and by each program in the system assigned a non-public access key from the remaining key values in the range; and electronically-allowing the particular program to store in blocks assigned the public storage key only when that key is equal to the public access key of the particular program, but allowing storing in the block by each program using a non-public access key without having equality between the non-public access key of the program and the public storage key of the block.
-
-
13. A electronic method of providing unidirectional isolation among blocks in a storage in a computer system using protect keys for protecting blocks from being stored into by programs not having a required storing authority, comprising:
-
electronically-signaling an assignment of at least one of the protect keys as a supervisory key in a supervisory key class (1st class) for use by supervisory programs, assigning at least one other of the protect keys as a public storage and access key in a public key class (3rd class) for use by programs restricted to storing in blocks assigned a storage protect key equal to the public storage key, and assigning one or more of the protect keys to an intermediate key class (2nd class); and electronically-allowing programs assigned an access key equal to any key in the supervisory key class or equal to any key in the intermediate key class to have store and fetch access to blocks assigned the public storage key, but not allowing any program using the public access key to store into any block not assigned the value of the public access key as a storage key. - View Dependent Claims (14)
-
-
15. A method of providing access protection to blocks of storage in a system having concurrent execution of multiple programs, comprising:
-
electronically-representing a set of keys for preventing store and fetch accesses by unauthorized programs to assigned blocks in storage; electronically-selecting a plurality of key values in the set as public access and storage keys (3rd class), selecting another key value in the set as a supervisory key (1st class), and selecting the remaining key values in the set as intermediate keys, the supervisory and intermediate keys being non-public keys; and electronically-allowing any program assigned an access key value equal to any non-public storage key value in the set to have read and write access to any block assigned a storage key equal to any public storage key, but electronically-allowing a program assigned an access key value equal to any public access key to have read and write access to a block assigned a public storage key equal to the value of the public access key, and not electronically-allowing the latter program to have write access to any block having a storage key equal to a non-public storage key or a storage key equal to a public storage key different from the public access key. - View Dependent Claims (16, 17)
-
Specification