1. Field of the Invention
This invention relates generally to data processing systems and more particularly to ring protection of information.
2. Description of the Prior Art
Computer software includes an operating system, utilities, language programs and application programs. The programmer writes the application program in a higher level language using a particular language program. The operating system software interfaces with the hardware to execute the instructions thereby compiling the application program in machine language. The operator interfaces with the compiled application to perform a particular job.
In order to safeguard the software stored in the system from accidental or deliberate modification, a ring protection arrangement was devised. Ring protection consists of a set of hierarchical levels of protection and may be visualized as a set of N concentric circles in memory numbered 0, 1, 2, . . . N-1, from the inside out. The memory space included in circle 0 is called ring 0, the memory space included between circles 1 and 2 is called ring 2. Every segment of a process is placed in one ring of memory. The closer the segment is to the center, the greater its protection and privilege. Four rings numbered 0, 1, 2, and 3 are supported by the system. Ring 0 is the most privileged, ring 3 the least privileged.
A portion of the operating system typically resides in ring 0. The process scheduling of a memory management unit typically resides in ring 1. Software requiring high integrity typically resides in ring 2. User applications reside in ring 3.
A user is given a classification by the operating system. This classification gives the user access to processes in specific rings. Assume the user is given access to ring 2. Then that user cannot read processes in rings 0 and 1, but may read processes in rings 2 and 3.
A virtual memory consists of a collection of objects; each object has a name (in the form of a path name), a summary description (for example, length, a list of users allowed to use the object with their respective access rights) and a body.
To facilitate object management, objects are classified into two types: directory objects (containing descriptions of non-directory objects); and non-directory objects (containing the programs and data of the system). Whenever a request is made to reference an object, the Operating System (OS) uses the object's path name to promptly search the directory objects for the directory entry of the requested object. The directory entry is then used by the OS to determine if the object is accessible to the requesting user, and, if so, where the object is located, its size, and so forth.
Prior art systems with a virtual memory capability provided complex ring reduction logic as a part of a Virtual Memory Management Unit. U.S. Pat. No. 3,916,385 entitled, "Ring Checking Hardware" and U.S. Pat. No. 4,177,510 entitled "Protection of Data in an Information Multiprocessing System by Implementing a Concept of Rings to Represent the Different Levels of Privileges Among Processes" describe ring protection mechanisms. However present day computers have greater throughput requirements.
In a multi-stage production line system it is necessary to collect and process information regarding the protection of data whenever it is referenced. Protection provided by the operating system is enforced by localized hardware in different stages of the production line.
Accordingly, it is an object of the invention to provide a ring protection system having greater throughput in a stage of the production line.