Browse Prior Art Database

Symbolic Machine Security Feature Implementation

IP.com Disclosure Number: IPCOM000085105D
Original Publication Date: 1976-Feb-01
Included in the Prior Art Database: 2005-Mar-02
Document File: 3 page(s) / 56K

Publishing Venue

IBM

Related People

Frye, HE: AUTHOR [+2]

Abstract

When all users of a symbolic machine share the same user interface, some mechanism is required to restrict a given user's access to instructions, functions and/or data. As with nonsymbolic machines (those which address by machine level bit patterns called "addresses"), symbolic machines (those which address by character strings called "names") must "privilege" (a S/370 machine-language term) some instructions or functions and restrict access to data. For the simplest design and maximum execution speed, it is desirable to perform privilege and protection tests prior to translating a user's symbolic machine program to executable machine codes.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 3

Symbolic Machine Security Feature Implementation

When all users of a symbolic machine share the same user interface, some mechanism is required to restrict a given user's access to instructions, functions and/or data. As with nonsymbolic machines (those which address by machine level bit patterns called "addresses"), symbolic machines (those which address by character strings called "names") must "privilege" (a S/370 machine-language term) some instructions or functions and restrict access to data. For the simplest design and maximum execution speed, it is desirable to perform privilege and protection tests prior to translating a user's symbolic machine program to executable machine codes.

This can be done by restricting the character set available to each user. Any "privileged" instruction, function, routine or datum includes in its name a character or characters which are not in the set of characters available to nonprivileged users. For example: Class of User Character Set

Nonprivileged A, B, C, ...Z

Privileged A, B, C, ...,Z, #.

Any name using the character "#" would be restricted for use bv privileged users.

This mechanism is implemented by the table-driven translator whose flow diagram is shown in Fig. 1. The function of the translator is to produce executable machine codes from the symbolic machine program. One step of translation is to convert symbolic character strings (a line) to internal codes (step
1). A translation table is supplied by some central authority such as a system supervisor. The table contains a replacement internal code for each possible input character.

By table look-up, legal charac...