Browse Prior Art Database

Method of Secure Encoding of Software Resource Identifier by a Server Process

IP.com Disclosure Number: IPCOM000103412D
Original Publication Date: 1990-Nov-01
Included in the Prior Art Database: 2005-Mar-17
Document File: 1 page(s) / 67K

Publishing Venue

IBM

Related People

Cook, JA: AUTHOR [+2]

Abstract

Disclosed provides a method of secure encoding of software resource identifiers with low overhead.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 53% of the total text.

Method of Secure Encoding of Software Resource Identifier by a Server Process

      Disclosed provides a method of secure encoding of software
resource identifiers with low overhead.

      Many server processes, including interrupt handlers, operating
system kernels, and window managers, create resources which have a
lifetime the same as the server process and which are shared with or
allocated to other processes.  These resources are identified by
resource identifiers (RIDs) which can take different forms.  An
address reference, or pointer, allows easy access by the server, but
can allow the client process to see unauthorized data.  Array indices
are other possible RIDs.  They are easily counterfeited by
"untrusted" processes.

      During the initialization of the server process, a sampling is
made of a hardware quantity with the characteristics of a random
variable.  This value is saved. If the Hamming weight of the sample
does not provide enough bits set to 1, then the sample can be
discarded and another taken.  Care must be taken to ensure that no
other process can sample this variable while it contains the same
value as the server process.

      When the server produces a RID for a client to use (henceforth
called server RID), the client RID is produced using the random
variable exclusive ored with the server RID.  This client RID is
given to the client to return to the server for resource requests.
The server retrieves the server RID by excl...