Techniques for permitting access across a context barrier in a small footprint device using shared object interfaces
First Claim
1. A small footprint device comprising:
- a. at least one processing element on said small footprint device;
b. memory on said small footprint device, andc. a context barrier, on said small footprint device, for isolating program modules, on said small footprint device, from one another wherein said program modules use said memory and execute on said processing element,d. in which at least one program module contains one or more shared interface objects for permitting access by another program module across said context barrier.
2 Assignments
0 Petitions
Accused Products
Abstract
A small footprint device can securely run multiple programs from unrelated vendors by the inclusion of a context barrier isolating the execution of the programs. The context barrier performs security checks to see that principal and object are within the same namespace or memory space or to see that a requested action is authorized for an object to be operated upon. Each program or set of programs runs in a separate context. Access from one program to another program across the context barrier can be achieved under controlled circumstances by using shared interface objects. Shared interface objects have a property that permits them to be accessed across the context barrier regardless of security restrictions that would otherwise apply. Shared interface objects, however, may enforce their own security rules independently of the context barrier.
-
Citations
38 Claims
-
1. A small footprint device comprising:
-
a. at least one processing element on said small footprint device; b. memory on said small footprint device, and c. a context barrier, on said small footprint device, for isolating program modules, on said small footprint device, from one another wherein said program modules use said memory and execute on said processing element, d. in which at least one program module contains one or more shared interface objects for permitting access by another program module across said context barrier. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of permitting access between program modules on different sides of a context barrier on a small footprint device, said method comprising:
-
a. identifying at least part of one program module on one side of said context barrier as a shared interface object, and b. providing a reference to the shared interface object to a second program module on another side of said context barrier wherein said program modules use a memory of said small footprint device and execute on a processing element of said small footprint device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
- 18. A method of operating a small footprint device, comprising separating program modules, on said small footprint device, using a context barrier, on said small footprint device, and permitting access to shared interface objects across the context barrier wherein said program modules use a memory of said small footprint device and execute on a processing element of said small footprint device.
-
20. A computer program product comprising
a memory medium having embedded therein instructions for implementing a context barrier on a small footprint device and for bypassing said context barrier using a shared interface object.
-
21. A computer program product, comprising
a memory medium having embedded therein instructions for separating a plurality of programs on a small footprint device by running the plurality of programs in respective contexts and for permitting one program to access one or more shared interface objects of another program.
-
22. A small footprint device comprising:
-
a. at least one processing element on said small footprint device; b. memory on said small footprint device, and c. a context barrier, on said small footprint device, for isolating program modules, on said small footprint device, from one another wherein said program modules use said memory and execute on said processing element, d. in which at least one program module contains one or more shared interface objects which are unknown to at least one other program module across said context barrier. - View Dependent Claims (23, 24)
-
-
25. A method of permitting access between a first program module and a second program module on different sides of a context barrier on said small footprint device, said method comprising:
-
a. querying said second program module for the identity of one or more shared interface objects contained in said second program module, b. providing a reference to at least one shared interface object of said second program module to said first program module, and c. using said reference provided to said first program module to access said shared interface object of said second program module wherein said first and second program modules use a memory of said small footprint device and execute on a processing element of said small footprint device. - View Dependent Claims (26)
-
-
27. A method of permitting access between a first program module and a second program module on different sides of a context barrier on said small footprint device, said method comprising:
-
a. obtaining the identity of one or more shared interface objects in said second program module, b. designating, using said first program module, a shared interface object of said second program module to be accessed across a context barrier, and c. returning a reference to said shared interface object to said first program module wherein said first and second program modules use a memory of said small footprint device and execute on a processing element of said small footprint device. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of operating a small footprint device, said method comprising:
-
a. separating program modules using a context barrier on said small footprint device, b. querying one program module for the identity of at least one shared interface object contained in said one program module, and c. permitting access to one or more shared interface objects across the context barrier wherein said program modules use a memory of said small footprint device and execute on a processing element of said small footprint device. - View Dependent Claims (37)
-
-
38. A computer program product comprising a memory medium having embedded therein computer readable instructions for implementing a context barrier on a small footprint device, for querying a program module for the identity of any shared interface objects and for bypassing said context barrier using a shared interface object.
Specification