1. Field of the Invention
The present invention relates generally to open architecture software systems, and particularly to software execution control in which a series of two-way rule checks is performed among system components based on predefined configuration and rule information for each of the components to enhance overall system security and integrity.
2. Description of Related Art
Open architecture communications systems are typically defined by a plurality of software applications, each of which is defined by one or more corresponding hardware and software modules. These underlying software and hardware modules are usually created and supplied by numerous vendors. In such systems, it is common for new versions of software modules to be periodically downloaded to upgrade existing modules, existing hardware modules to be periodically replaced or upgraded, and new hardware and software modules to be added to the system.
For security, licensing and compatibility-related reasons, it may be necessary to control usage of certain software modules in such systems. For example, usage of a particular module could be restricted to ensure that the module worked only in combination with certain other modules. Also, restrictions could limit the use of software modules with only certain versions of hardware modules. Further, restrictions on certain software modules may require that the modules be endorsed or certified by a particular organization, that the modules originate from trusted sources, and/or that the modules have not been modified.
Existing execution control techniques are capable of determining the source and integrity of software modules, and are capable of preventing the use of certain modules if a license for those modules is not present. However, these techniques are not capable of enabling a module to crosscheck other modules that may have originated from other vendors. In addition, the techniques typically perform checking during execution of the modules or application, and are therefore not capable of asserting additional rules prior to execution to increase system integrity.
The invention is directed to a method of controlling operation of an open architecture system including a system platform, a plurality of stored applications, and a plurality of stored modules for realizing the stored applications. The method includes the steps of performing a two-way rule check between the system platform and a called application; performing a two-way rule check between the called application and a module identified by the called application as being necessary to execute the called application; performing a two-way rule check between the module identified by the called application and the system platform; and instantiating both the called application and the module identified by the called application if the performing of a two-way rule check between the system platform and a called application, the performing of a two-way rule check between the called application and a module identified by the called application, and the performing of a two-way rule check between the module identified by the called application and the system platform are successful.
The invention also is directed to an open architecture software-defined system including a computing platform; a plurality of applications each for performing a predetermined system operation when called by the system platform; a plurality of modules each, either singly or in combination with others of the plurality of modules, for defining one of the plurality of applications, each of the plurality of applications including one of more module pointer records for identifying an application-defining module or modules; the computing platform for performing two-way rule checks among records of the computing platform, a called application from the plurality of applications, and an application-defining module or modules defining the called one of the plurality of applications prior to loading the called application and the application-defining module or modules.
The invention is further directed to an open architecture software-defined communications system, including a plurality of modules each independent from one another and each for executing one of a predetermined hardware and software function; a plurality of applications and each defined by at least one of the plurality of modules; and a computing platform for selectively calling each of the plurality of applications based on received application commands, for enforcing loading of a called application based on rules of the computing platform, the called application and one or more of the plurality of modules that define the called application, and for initiating a series of two-way rule checks among the computing platform, the called application and the one or more of the plurality of modules that define the called application to ensure load-time enforcement of rules of the computing platform, the called application and the one or more of the plurality of modules that define the called application.