Browse Prior Art Database

Device Protection of Executable Programs

IP.com Disclosure Number: IPCOM000085140D
Original Publication Date: 1976-Feb-01
Included in the Prior Art Database: 2005-Mar-02
Document File: 2 page(s) / 13K

Publishing Venue

IBM

Related People

Attansio, CR: AUTHOR

Abstract

In an environment where only duly generated programs may execute, a method is proposed whereby generated programs can currently be modified while on auxiliary storage.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Device Protection of Executable Programs

In an environment where only duly generated programs may execute, a method is proposed whereby generated programs can currently be modified while on auxiliary storage.

A penetration of an operating system is said to have occurred when one of the mechanisms by which the system controls resources is subverted, thereby allowing a conscious agent to gain access to some object illicitly. Every software operating system of commercial significance has been shown to be penetrable. Managers of installations with valuable resources under computer control have become increasingly aware of this problem, and work is being done to attempt to improve the capability of operating systems to resist deliberate attack.

In computing system architectures, for example IBM System/370, which contain privileged instructions reserved for the software supervisor, penetrations have been accomplished by exploiting a flaw in the software supervisor to gain control in the penetrator's program in supervisor state, whereupon the penetrator can execute privileged instructions in his program to gain access to any resources in the system.

If the program generators, i.e., compilers and assemblers, are modified to disallow the generation of privileged instructions by nonprivileged users, and care is taken to prevent the execution of data portions of programs,for example by supporting an execute-only attribute for the contents of main storage, then this technique for system penetration can be countered to some degree. However, to complete the defense mechanism, generated programs must be protected while resident on auxiliary storage. The mechanism for providing this protection is the subject of this description.

Each addressable unit of information (i.e., record) on auxiliary storage carries an additional, hardware addressable "program" indicator, which when set to TRUE specifies that the record currently contains...