公开(公告)号：DE2758152A1

公开(公告)日：1978-07-13

申请号：DE2758152

申请日：1977-12-27

Applicant: IBM

Inventor： MARKSTEIN PETER WILLY ,  TRITTER ALAN LEVI

IPC: G06F11/00 ,  G06F12/14 ,  G06F21/24 ,  G06F9/00

Abstract: A computer system organization which allows a program to specify a predetermined security level for other programs which it invokes, while at the same time being subject to security restraints placed on it either by a higher priority level invoking program or by the operating system. A plurality of security levels organized as a hierarchy which may be established by both problem programmers, and the operating system are then controlled by the operating system. A program cannot change its previously assigned level. Only a higher level invoking program can make such an alteration. A new program's security level indicator must be validated and then a protection code or 'mask' of a predetermined size related to the security level must be validated. The system utilizes a plurality of special purpose bits in every data word which bits contain the protection field. Level indicators for the particular program determine the use of the protection field. A series of linking registers or a 'Link Stack' having appropriate logic circuitry connected thereto is utilized for keeping track of the security level of all programs in a hierarchical sequence currently running on the system. The stack allows proper branching back to an originating program and prevents violation of security rules. The hardware additionally provides a mechanism for automatically checking each and every memory access, whether read or write, to assure that a correct protection field is present in each of the memory data words which is to be accessed or stored into.