Electrical computers and digital processing systems: virtual mac – Task management or control
Reexamination Certificate
2000-02-14
2004-06-08
An, Meng-Al T. (Department: 2127)
Electrical computers and digital processing systems: virtual mac
Task management or control
C718S102000, C718S104000, C718S107000, C710S240000, C710S243000, C711S100000, C711S163000
Reexamination Certificate
active
06748592
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of electronic data/information processing. More specifically, the present invention relates to methods and apparatuses for protectively operating data/information processing devices.
2. Background Information
The term “data/information processing devices” as used herein is intended to include all microprocessor based devices and/or systems, operated under the control of an operating system. Examples of these devices/systems include but are not limited to general as well as special purpose computing devices/systems, regardless of form factors, palm sized, laptops, desktops, rack mounted, and the like. Examples of special purpose computing devices include but are not limited to set-top boxes, wireless communication devices, and the like. The term “operating system” as used herein is intended to include all software provided to manage and facilitate application usage of hardware resources, however minimal the control and resource scope may be. Typical resource management functions of an “operating system” include task scheduling, memory management and the like. The term “task” as used herein is intended to include its common meaning of an executing instance of a program (a collection of programming instructions).
Ever since the early days of computing, computer systems have provided privilege protection to protect the system from being brought down by failures of non-essential programs, such as application programs. The IBM 360 systems provided a supervisor mode and a user mode to segregate privileged system programs and unprivileged user programs. The Multics (Multiplexed Information and Computing Service) developed by Massachusetts Institute of Technology, in cooperation with others, employed a 64 ring approach, combining access node and a triple of ring numbers (r
1
, r
2
, r
3
). In U.S. Pat. No. 4,177,510, issued to Appell et al., a hardware facilitated 4 ring approach is disclosed. Today, the Intel Architecture processors are known to provide a 4 ring hardware facilitated protection through the employment of memory segment descriptors and current task privilege level (CPL). However, partly because most of the other microprocessors remain having a two mode protection approach, the Windows® operating system, used in most Intel Architecture compatible processors, merely employ two of the four ring protection provided by the hardware. The virtual memory manager and various virtual device drivers (V×D) are executed in ring
0
, while all other programs, including kernel system services and so forth are executed out of ring
3
.
The two levels of protection were reasonably adequate in the days when few programs are executed on most computer systems. Moreover, most of the computer systems operate by themselves, with few interactions from the outside world.
Advances in microprocessor, telecommunication and networking technology have dramatically expanded the applications of computing devices, and changed their operating environment. Today, most data/information processing systems are connected to private and/or public networks, such as the Internet, executing programs that are dynamically downloaded from a number of sources. Some sources are trustworthy, and their programs tend to be well behaved, but others are not.
Accordingly, a need exists to improve the protection of data/information processing systems.
SUMMARY OF THE INVENTION
In a data/information processing system, a nested privilege protection is employed to protect the system when executing instructions. A first privilege protection having at least two privilege levels is enforced. Additionally, a second privilege protection having at least two sub-privilege levels is further enforced for at least one privilege level of the first privilege protection to further differentiate the privileges otherwise afforded.
In one embodiment, core system services, programming language runtime support and application programs are afforded the same privilege level of the first privilege protection, and the different types of programs are afforded different sub-privilege levels of the second privilege protection to differentiate the privileges afforded by the first privilege protection. In one embodiment, the differential sub-privilege level protection is further extended to application programs of different sources, such as trusted and untrusted.
In one embodiment, the first privilege protection is hardware facilitated, while the second privilege protection is software facilitated.
REFERENCES:
patent: 4177510 (1979-12-01), Appell et al.
patent: 4926322 (1990-05-01), Stimac et al.
patent: 5163096 (1992-11-01), Clark et al.
patent: 5446903 (1995-08-01), Abraham et al.
patent: 5469556 (1995-11-01), Clifton
patent: 5553239 (1996-09-01), Heath et al.
patent: 5784615 (1998-07-01), Lipe et al.
patent: 5901312 (1999-05-01), Radko
patent: 5933632 (1999-08-01), Cahill, III
patent: 5941947 (1999-08-01), Brown et al.
patent: 6009525 (1999-12-01), Horstmann
patent: 6086623 (2000-07-01), Broome et al.
patent: 6154818 (2000-11-01), Christie
patent: 6175924 (2001-01-01), Arnold
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6202145 (2001-03-01), Barnes et al.
patent: 6308317 (2001-10-01), Wilkinson et al.
patent: 6351778 (2002-02-01), Orton et al.
patent: 6370606 (2002-04-01), Bonola
patent: 6453353 (2002-09-01), Win et al.
patent: 6480818 (2002-11-01), Alverson et al.
patent: 0 472 487 (1992-02-01), None
patent: 472487 (1992-02-01), None
patent: WO 98/47072 (1998-10-01), None
patent: WO 9847072 (1998-10-01), None
M.R. Zick: “Two Mode Storage Protection Mechanisms. Jul. 1976”, IBM Technical Disclosure Bulletin, vol. 19, No. 2, Jul. 1, 1976, pp. 425-428, XP002168726, New York, US, p. 427, last paragraph, p. 428, last paragraph; figures 4-7.
An Meng-Al T.
Schwabe Williamson & Wyatt P.C.
Vo Lilian
Xoucin, Inc.
LandOfFree
Method and apparatus for protectively operating a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for protectively operating a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for protectively operating a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3343209