Browse Prior Art Database

Address/Identifier Control Block Structure and Validity Checking Mechanism

IP.com Disclosure Number: IPCOM000080575D
Original Publication Date: 1974-Jan-01
Included in the Prior Art Database: 2005-Feb-27
Document File: 7 page(s) / 94K

Publishing Venue

IBM

Related People

Byrne, PH: AUTHOR [+3]

Abstract

An operating system control program must create and maintain a record of each resource in a computer system allocated to a user, including information on the restrictions/limits on that allocation. In order to safeguard system security/integrity, the resource record must be maintained in a control block or group of control blocks that are protected, i.e., cannot be changed by the user.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 26% of the total text.

Page 1 of 7

Address/Identifier Control Block Structure and Validity Checking Mechanism

An operating system control program must create and maintain a record of each resource in a computer system allocated to a user, including information on the restrictions/limits on that allocation. In order to safeguard system security/integrity, the resource record must be maintained in a control block or group of control blocks that are protected, i.e., cannot be changed by the user.

Also, because a user may be allocated many similar resources which are accessed in much the same manner (e.g., several data sets), the system must provide a means for the user to identify the particular resource he is accessing or using. For various reasons, the most desirable way to accomplish this may be to allow the user to indirectly provide the location (address) of one or more of the protected control blocks that describe his allocation to that resource. This is done, for example, in the IBM OS/MVT system control program, where the user, in a user accessible control block called the DCB (Data Control Block), provides the address of another control block, called the DEB (Data Extent Block), which identifies the data set he wishes to perform I/O operations on. Allowing the user to use this method of identification, however, introduces a potential security/integrity problem in that, unless a suitable control block structure and validity checking mechanism is employed, the user may be able to counterfeit the protected control block(s) in question, thus allowing him to alter restrictions on his allocation of a resource, or even to access resources to which he is not allocated.

When a user program is allowed to supply a privileged control program routine with the address of a single protected control block that records his allocation to a particular resource, the control program routine must be able to verify the following:
1) That the address is that of a protected control block

created by the control program;
2) That the address is that of the correct type of protected

control block (e.g., in OS/MVT, a DEB rather than a Task

Control Block); and
3) That the address is that of a control block created

to describe the allocation to a resource for the

user in question (i.e., that it is not a description

of another user's allocation to a resource).

The following control block structure/validity-checking mechanism, when employed at the proper places as described below, provides the required verification described above in items 1), 2) and 3).

Fig. 1 shows a control block structure that will permit the appropriate validity checks to be made. Each block entry with an arrow to another block is a pointer entry which locates the other block.

Control block A is a control block that describes a user,s allocation to a particular type of resource (e.g., data sets). There also may exist other control blocks, of the same type as A. that describe the same, or different user's allocation to ot...