×

Apparatus and method for controlling access to data using domains

  • US 5,280,614 A
  • Filed: 08/21/1990
  • Issued: 01/18/1994
  • Est. Priority Date: 08/21/1990
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer system having data contained in a plurality of objects, said computer system comprising:

  • data storage means for storing said plurality of objects in said computer system;

    task execution means for executing a plurality of tasks requiring access to data contained in said objects;

    wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least the of said protection domains occupy the same hierarchical level, wherein each of said tasks executing in said system is executing in one of said protection domains and each object stored in said system is contained in one of said protection domains;

    access verification means, responsive to an attempt to access data by said task execution means, for determining whether a task being executed by said task execution means may access data contained in an object, wherein said access verification means determines that the task may access the data if either of the following two conditions is met;

    (a) the protection domain in which the task is executing is the domain containing the object, or(b) the protection domain in which the task is executing occupies a higher hierarchical level than the domain containing the object; and

    means, responsive to said access verification means and coupled to said data storage means, for accessing said data.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×