公开(公告)号：GB2507339A

公开(公告)日：2014-04-30

申请号：GB201219367

申请日：2012-10-29

Applicant: IBM

Inventor： BACHER UTZ ,  BLASCHKA FRANK ,  LUECK EINAR ,  RAISCH CHRISTOPH

IPC: G06F9/54 ,  G06F21/44

Abstract: Method comprising: associating privileged objects (socket connection, disk-device, input/output bus access) 32.1-32.2 with application 20 comprising process resources 22.1-22.2 and corresponding semi-privileged instruction; filing the association in entity (associating table) 34 of operating system kernel 30; wherein central processing unit (CPU) 40 performs authorization check 42 if semi-privileged instruction attempts accessing privileged objects; wherein CPU executes 44 the semi-privileged instruction granting access to privileged objects if the kernel issued the semi-privileged instruction; or accesses kernel-entity if resources 22.1-22.2 issued the instruction to determine their authorization to access privileged objects; upon positive authorization, CPU executes the semi-privileged instruction granting access to privileged objects; upon failure, CPU denies execution of instruction and performs 46 corresponding authorization failure handling. File descriptor is used: by semi-privileged instruction to transfer data; by user space library to block, use select, poll, epoll; by kernel to verify resource authorization to use data transfer connection if forking occurs.