Apparatus and method for controlling access to data using domains
First Claim
1. A computer system having data contained in a plurality of objects, said computer system comprising:
- data storage means for storing said plurality of objects in said computer system;
task execution means for executing a plurality of tasks requiring access to data contained in said objects;
wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least the of said protection domains occupy the same hierarchical level, wherein each of said tasks executing in said system is executing in one of said protection domains and each object stored in said system is contained in one of said protection domains;
access verification means, responsive to an attempt to access data by said task execution means, for determining whether a task being executed by said task execution means may access data contained in an object, wherein said access verification means determines that the task may access the data if either of the following two conditions is met;
(a) the protection domain in which the task is executing is the domain containing the object, or(b) the protection domain in which the task is executing occupies a higher hierarchical level than the domain containing the object; and
means, responsive to said access verification means and coupled to said data storage means, for accessing said data.
1 Assignment
0 Petitions
Accused Products
Abstract
In an object-based computer system, each object is contained in, and each task executes in, a protection domain. Domains exist at several hierarchical domain levels, some levels having multiple discrete domains, while others have one common domain. A task may access an object if the domain in which the task is executing is the same as the domain containing the object, or if the domain in which it is executing occupies a higher hierarchical domain level than the domain containing the object. Each object includes a domain attribute, which is a numerical value defining the domain in which it is contained. The domain attribute of the currently executing task is stored in a domain register. When an attempt is made to access data within an object, the domain attribute of the object is compared with the domain attribute stored in the domain register. If the access conditions are met, access is permitted.
-
Citations
26 Claims
-
1. A computer system having data contained in a plurality of objects, said computer system comprising:
-
data storage means for storing said plurality of objects in said computer system; task execution means for executing a plurality of tasks requiring access to data contained in said objects; wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least the of said protection domains occupy the same hierarchical level, wherein each of said tasks executing in said system is executing in one of said protection domains and each object stored in said system is contained in one of said protection domains; access verification means, responsive to an attempt to access data by said task execution means, for determining whether a task being executed by said task execution means may access data contained in an object, wherein said access verification means determines that the task may access the data if either of the following two conditions is met; (a) the protection domain in which the task is executing is the domain containing the object, or (b) the protection domain in which the task is executing occupies a higher hierarchical level than the domain containing the object; and means, responsive to said access verification means and coupled to said data storage means, for accessing said data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for controlling access to data contained in objects stored in a computer system by tasks executing in said system, the steps of said method being performed on said computer system, said method comprising the steps of:
-
associating a protection domain with each object stored in said computer system; associating a protection domain with each task executing in said system; wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least two of said protection domains occupy the same hierarchical level; determining whether a task executing in said system may access data contained in an object stored in said system, wherein said determining step determines that the task may access the data if either of the following two conditions is met, and that the task may not access the data if neither condition is met; (a) the protection domain associated with the task is the same as the protection domain associated with the object, or (b) the protection domain associated with the task occupies a higher hierarchical level than the protection domain associated with the object; and accessing said data in response to the results of said step of determining whether a task may access data. - View Dependent Claims (11, 12, 13)
-
-
14. An apparatus for controller access to data stored in a computer system by tasks executing in said system, said apparatus comprising:
-
means for associating with each tack executing in said system a protection domain, whereby said task executes in said protection domain associated therewith; means for associating with each data location in said system a protection domain, whereby said data location is contained in said protection domain associated therewith; wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least two of said protection domains occupy the same hierarchical levels, wherein the lowest hierarchical level is occupied by a single domain; and access verification means for determining whether a task being executed in said system may access a data location, said access verification means being coupled to said means for associating with each task a protection domain and to said means for associating with each data location a protection domain, wherein said access verification means determines that the task may access the data if either of the following two conditions is met; (a) the protecting domain in which the task is executing is the domain containing the data, or (b) the protection domain in which the task is executing occupies a higher hierarchical level then the domain containing the data. - View Dependent Claims (15, 16, 17, 18)
-
-
19. An apparatus for controlling access to data stored in a computer system by tasks executing in said system, said apparatus comprising:
-
means for associating with each task executing in said system a protection domain, whereby said task executes in said protection domain associated therewith; means for associating with each data location in said system a protection domain, whereby said data location is contained in said protection domain associated therewith; wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, and wherein a first said protection domain and a second said protection domain occupy one of said hierarchical levels, and a third said protection domain and a fourth said protection domain occupy another of said hierarchical levels; and access verification means for determining whether a task being executed in said system may access a data location, said access verification means being coupled to said means for associating with each task a protection domain and to said means for associating with each data location a protection domain, wherein said access verification means determines that the task may access the data if either of the following two conditions is met; (a) the protection domain in which the task is executing is the domain containing the data, or (b) the protection domain in which the task is executing occupies a higher hierarchical level than the domain containing the data. - View Dependent Claims (20, 21, 22, 23)
-
-
24. An apparatus for controlling access to data stored in a computer system by tasks executing in said system, said computer system having an address space divisible into segments, said apparatus comprising:
-
means for associating a domain attribute with each segment of addresses contained in said computer system, said domain attribute identifying a protection domain in which said segment is contained; means for associating a domain attribute with each task executing in said computer system, said domain attribute identifying a protection domain in which the task is executing; wherein a plurality of hierarchical protection domain levels and a plurality of protection domains are defined for said computer system, each of said protection domains occupying one of said hierarchical levels, wherein at least two of said protection domains occupy the same hierarchical level, and wherein each of said tasks executing in said system is executing in one of said protection domains and each segment of addresses stored in said system in contained in one of said protection domains; access verification means for comparing the domain attribute of a task being executed in said system with the domain attribute of a segment to determine whether said task may access a first data location contained in said segment, wherein said access verification means determines that the task may access said data if either of the following two conditions is met; (a) the domain attributed associated with the task equals the domain attribute associated with the segment, or (b) the domain identified by the domain attribute associated with the task occupies a higher hierarchical level than the domain identified by the domain attribute associated with the segment; and means, coupled to said means for comparing the domain attributes, for directly accessing a second data location contained in said segment subsequent to accessing said first data location without comparing said domain attributes. - View Dependent Claims (25, 26)
-
Specification