公开(公告)号：US4584639A

公开(公告)日：1986-04-22

申请号：US565194

申请日：1983-12-23

申请人： Norman Hardy

发明人： Norman Hardy

IPC分类号： G06F9/46 ,  G06F1/00

CPC分类号： G06F9/52

摘要： A capability based computer system includes means, called a factory, for allowing two domains to share resources in a secure manner. Factories are special domains which, in combination with corresponding kernel functions, allow a first domain (called a builder domain) to install a program and other components in a factory for use by other domains, and then to seal the factory, thereby leaving the builder domain with no keys to the factory except a special type of entry key called a requestor key.The holders of requestor keys can use the program in the factory by invoking the requestor key. This causes the factory to set up a new special domain for the requestor which allows the requestor to use the program in the factory to process data without being able to inspect the program. Further, the factory mechanism includes means for the requestor to confirm that the factory includes no keys which could compromise the confidentiality of the requestor's data.A second aspect of the present invention is the ability to provide different memory fault resolution mechanisms (called segment keeper domains) for different memory segments.

摘要翻译： 基于能力的计算机系统包括称为工厂的手段，用于允许两个域以安全的方式共享资源。 工厂是特殊的领域，结合相应的内核功能，允许第一个域（称为构建器域）在工厂中安装程序和其他组件以供其他域使用，然后密封工厂，从而离开构建器 域中没有密钥到工厂，除了特殊类型的入口密钥称为请求方密钥。 请求者密钥的持有者可以通过调用请求方密钥来使用工厂中的程序。 这导致工厂为请求者设置一个新的特殊域，允许请求者使用工厂中的程序来处理数据，而无需检查程序。 此外，工厂机制包括请求者确认工厂不包含可能危及请求者数据的机密性的方式的手段。 本发明的第二方面是提供用于不同存储器段的不同存储器故障解析机制（称为段保持器域）的能力。