Object encapsulation protection apparatus
First Claim
Patent Images
1. A data protection apparatus, said data protection apparatus comprising:
- a first object, said first object being stored on a computer system;
first object data and a first at least one method program associated with said first object; and
a storage protection mechanism which enforces encapsulation of said first object, said storage protection mechanism enforcing encapsulation by restricting access to said first object data to only first authorized method programs, said first authorized method programs being a set of method programs which includes at least one method program, said first method program being included in said first authorized method programs.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention utilizes a hardware Window Storage Protection Controller (WSPC) and an Object Encapsulation Enforcement Manager (OEEM) to limit access to object data to only those methods which are encapsulated by the object All of the objects of the computer system which require protection are stored in protected storage by a base storage protection mechanism so that only the mechanisms of the present invention can deny or permit access to the data encapsulated by the objects.
17 Citations
21 Claims
-
1. A data protection apparatus, said data protection apparatus comprising:
-
a first object, said first object being stored on a computer system;
first object data and a first at least one method program associated with said first object; and
a storage protection mechanism which enforces encapsulation of said first object, said storage protection mechanism enforcing encapsulation by restricting access to said first object data to only first authorized method programs, said first authorized method programs being a set of method programs which includes at least one method program, said first method program being included in said first authorized method programs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing data protection within a computer system, said method comprising the machine executed steps of:
-
calling a first server method program of a first server object, said first server method program being one of at least one first server method programs associated with said first server object, said first server object having first object data and being stored on a computer system, said first server object being called by a client object;
enforcing encapsulation of said first server object by restricting access to said first object data to only first authorized method programs, said first authorized method programs being a set of method programs which includes at least one method program, said first server method program being included in said first authorized method programs. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
permitting said first authorized method programs to access only said first object data; and
permitting said second authorized method programs to access only said first object data and said second object data.
-
-
15. The method of claim 14 wherein said enforcing step further comprises the step of restricting access based on access permissions that are associated with said first authorized method programs and said second authorized programs.
-
16. The method of claim 15 further comprising the step of:
opening a first access window for said first authorized method programs and for said second authorized method programs, said first access window being a first address range within data storage, said first address range corresponding in location and size to said first object.
-
17. The method of claim 16 comprising the step of:
opening a second access window for said second authorized method programs, said second access window being a second address range within said data storage, said second address range corresponding in location and size to said second object.
-
18. The method of claim 17 further comprising the steps of:
-
loading a first object ID into a first low order register, said first object ID being a starting address of said first object;
loading a first merged mask into a first high order register, said first merged mask being access permissions combined with a binary representation of said first object'"'"'s length.
-
-
19. The method of claim 18 further comprising the steps of:
-
loading a second object ID into a second low order register, said second object ID being a starting address of said second object;
loading a second merged mask into a second high order register, said second merged mask being access permissions combined with a binary representation of said second object'"'"'s length.
-
-
20. A computer system, said computer system comprising:
-
a central processing unit;
data storage;
at least one system bus;
a first object, said first object being stored in said data storage;
first object data and a first at least one method program associated with said first object; and
a storage protection mechanism which enforces encapsulation of said first object, said storage protection mechanism enforcing encapsulation by restricting access to said first object data to only first authorized method programs, said first authorized method programs being a set of method programs which includes at least one method program, said first method program being included in said first authorized method programs. - View Dependent Claims (21)
-
Specification