Browse Prior Art Database

State Switch Solution to the Implicit Privilege Transfer Integrity Problem

IP.com Disclosure Number: IPCOM000080408D
Original Publication Date: 1973-Dec-01
Included in the Prior Art Database: 2005-Feb-27
Document File: 1 page(s) / 12K

Publishing Venue

IBM

Related People

Byrne, PH: AUTHOR [+3]

Abstract

This procedure relates to system integrity and specifically to the problem derived from a control program operating in privileged state performing services, in behalf of a nonprivileged (user) program. The exposure that results from this situation is that the privileged program may be using user-supplied and, therefore, untrustworthy data in the performance of the service and since the control programs privileged state may be accepted in lieu of a validity check of the data supplied.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 81% of the total text.

Page 1 of 1

State Switch Solution to the Implicit Privilege Transfer Integrity Problem

This procedure relates to system integrity and specifically to the problem derived from a control program operating in privileged state performing services, in behalf of a nonprivileged (user) program. The exposure that results from this situation is that the privileged program may be using user-supplied and, therefore, untrustworthy data in the performance of the service and since the control programs privileged state may be accepted in lieu of a validity check of the data supplied.

The prior art solution is to have the control program check the validity of the user-supplied data, before performing or calling another control routine to perform the requested operation. However, the problem of this prior art technique is that deliberate user damage could occur, if the user changed the data after the time of check and before the time of use.

The solution presented here is to transfer the state of the privileged system routine performing the operation to that of the user for the duration of the operation. The solution mechanism is to; 1) associated on/off states with each operation to be controlled; and, 2) define a state-switch state which allows switching of states to on or off (a program may hold more than one "on" state simultaneously). The control program would normally run with the state-switch state on, allowing it to adjust the state(s) relating to a given operation to that of the use...