Object
Computing
Rev. 1.0
FJP
Foil 1
Biitl~
,
And
Rev. 1.0
FJP
Foil 2
Biill~
And
Rev. 1.0
FJP
Foil 3
Biill1M
Rev. 1.0
FJP
Foil 4
BiillTM
Topics
Rev. 1.0
FJP
FoilS
VLSI-Based
Object Addressing and Protection
Tag-Bit
GJ
Access Descriptor
Object Index
Rights
.....
....
Rev. 1.0
FJP
Foil 6
Virtual Addressing
66-bit
Virtual Address
Access Descriotor
Object Index
Object Index
Rights
Offset
Object Table
Object Representation
!OffS:t
Object Table Maps Virtual Addresses
to Physical Addresses
Rev. 1.0
FJP
Foil 7
L~",**
64 bytes 4 gigabytes
Biill~
Object Structure
Tag-Bit
[2J
Object Table
Access Descriptor
Object Index
Rights
.....
......
Rev. 1.0
FJP
FoilS
Biillf
Address Translation
~~~~t
_D_I---LI~P_I~I_p_o~1 Offset
1-1
31
:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.L:
21
11
(.:
:'-':--~-~11~p~o~
Object
.
Representation
Simple
64 B ~. 4 KB
O"N"~'-
- 64 bytes to 4K bytes
- 64 byte increments
Page Table
;::
~.~
.:~
64 B4
KB
IPO
4
Paged
4 KB
....._ ...
- 4K bytes to 4M bytes
- 4K byte increments
Bipaged
- 4M bytes to 4G bytes
- 4K byte increments
Rev. 1.0
FJP
Foil 9
backup
Object Typing
Object Types are Defined by Type
Definition Objects (TDO)
Object Table
Base address
"
Type Definition
Object (TOO)
Rev. 1.0
FJP
Foil 10
Object
Representation
Representation Rights
Tag-Bit
Access Descriptor
Ltsage
Fligh1s
Object Index
~~
32
31
RJp
Rights
~~
II
2 1
Rev. 1.0
FJP
Foil 11
Topics
Computational Model
Type Manager Based Protection
Inheritance
Object Persistence
Rev. 1.0
FJP
Foil 12
Biill~
.....
....
Region
Selection
31
40000000 16
80000000
Offset
30 29
Address Space
Each of 3 Regions is an Object
Regular Call-Return Used for Procedure Calls
Reserved Region is Processor-specific
Rev. 1.0
FJP
Foil 13
00000000
16
16
C0000000
16
Rev. 1.0
FJP
Foil 14
Domain Object
t-------I~
Call Domain
subprogram number
EJ
entry points
I I
stack
code
Rev. 1.0
FJP
Foil 15
Biill~
Closer Look At
Call Domain
Process
Hash Table
Subsystem 10
data
Entry Points
code
Rev. 1.0
FJP
Foil 16
backup
Library
Servioe
Protected
Subsystem
(address space)
,(D\ Public
~ Interface
(domain object)
o
Rev. 1.0
FJP
Foil 17
Private
Modules
BiiN/OS
Comm.
Service
Rev. 1.0
FJP
Foil 18
Biill~
Topics
Inheritance
Object Persistence
Rev. 1.0
FJP
Foil 19
BiiN~
Object-Oriented Design
Rev. 1.0
FJP
Foil 20
BiilNf
Mapping to Ada
Object-oriented Design
Define Abstract Data Type
procedure Store(Lib:
library;
Name: string;
Data: text} ;
end Library_Service;
Rev. 1.0
FJP
Foil 21
Mapping To Architecture
D
package Library_Service is
type library_object is limited private;
type library is access library_object;
function Create_library return library;
procedure Store(Lib:
library;
Name: string;
Data: text} ;
end Library_Service;
Runtime Protection of
- Package body
Rev. 1.0
FJP
Foil 22
Protected
Subsystem
Application
(address space)
,{l/\ Public
~ Interface
(domain object specified
Ada package specification)
Private
Modules
(internal Ada
packages)
Library
Service
Principles Of
Type Manager Based Protection
Objects are Typed
The X Service is the Type Manager (TM) for
Objects of Type X
.
Only TM X Can Access Representation of X Objects
Applications Can Pass Around ADs (without
Representation Rights) for X objects
Anyone Can Create a New Object Type and TM
BiiN/OS Provides Object Management Service
": : :" Service ;: : :
Rev. 1.0
FJP
Foil 23
BiilNf
Usage Rights
Tag-Bit
Access Descriptor
~----------------~~~~~~~~~
Jsade RJP
Object Index
Fligh1s
~..: .:
32
31
...~
Rights
~~
2 1
TYPE
Rev. 1.0
FJP
Foil 24
Examples
USE
MODIFY
CONTROL
FILE
READ
WRITE
DELETE
TOO
CREATE
AMPLIFY
LIST
STORE
CHANGE A-LIST
PROGRAM
EXECUTE
DEBUG
DESTROY
LIBRARY
LOOKUP
STORE
LOCK
DIRECTORY
BiiNTM
Outline
Creation of the Library Type
Creating an Object of Type Library
User-Level Protection on Library Objects
Invoking the Lookup Procedure on a Library Object
Rev. 1.0
FJP
Foil 25
Type Creation
To Define a New Data Type, TM Creates a
Type Definition Object (TOO)
- AD to TDO is never given out
- Usage Rights of that AD have TM_rights semantics
Create (use) right
Amplify (modify) right
Library Service
Library
TOO
Rev. 1.0
FJP
Foil 26
Biill~
Object Creation
Application
"CALL"
Create_Lib
Rev. 1.0
FJP
Foil 27
Biitl~
Object Creation
(cont'd)
Service
Object
Service
Allocate
,AD
I
,t
Library
TOO
Rev. 1.0
FJP
Foil 28
New
Library
Object
Object Creation
(cont'd)
Application
"CALL"
Create_Lib
Rev. 1.0
FJP
Foil 29
New
Library
Object
Biitl~
members
User ID
bob
"
Identities
Authority List
joe
umc
bob
susan
-m-
finance
finance
u--
contracts
sales
urn -
world
Rev. 1.0
FJP
Foil 30
BiiN~
--, , , ,
'r
Library
TOO
Rev. 1.0
FJP
Foil 31
(cont'd)
Rev. 1.0
FJP
Foil 32
Library
Object
Library
TDO
(cont'd)
Rev. 1.0
FJP
Foil 33
Library
Object
Library
TDO
Relationship To Security
Rev. 1.0
FJP
Foil 34
Relationship to Security
(cont'd)
NCSC/Honeywell Research
"Domains are essentially a mechanism for encapsulating managers for
different data types and transformations between data types. This
provides a way to decompose the proof of security for the system into
manageable pieces and to tailor the security policy for a system in an
application dependent fashion. ... Thus, type enforcement is more
than a mere convenience. It provides a way to unify the treatment of
trusted subjects with that of generic untrusted subjects."
From "Extending the Noninterference Version of MLS for SAT", IEEE
Transactions on Soft. Eng. Feb. 1987.
Rev. 1.0
FJP
Foil 35
Biill~
Topics
Inheritance
Object Persistence
Rev. 1.0
FJP
Foil 36
Behavior Inheritance
Implementations
File, Pipe, Magtape, Terminal
Rev. 1.0
FJP
Foil 37
Record AM
1'1~';:':
INDEPENDENCE
BSAM
open
read
write
Record AM
open
read
write
Terminal AM
l: ~ i~
Rev. 1.0
FJP
Foil 38
Call Vectoring
Behavior Specification
Service
Implementation
Record AM
New AM
Rev. 1.0
FJP
Foil 39
BlltI~
Call Domain
as_AM. Read
(DevXAD,
.... )
Rev. 1.0
FJP
Foil 40
TM Service
Implementation
X's Domain
Object
Rev. 1.0
FJP
Foil 41
Topics
Object Persistence
Rev. 1.0
FJP
Foil 42
Object States
Two object states: Passive and Active
A Passivated Object is
- Stored in permanent storage (disk)
- Managed by Passive Store Management
- Protected by Authority List
An Activated Object is .
- Stored in virtual memory
- Managed by object service
- Protected by VLSI-based object addressing
Rev. 1.0
FJP
Foil 43
Activation
Authority
List
Implicit
- Similar to VM fault
- Rights in AD determined by authority-list
Object
Activation
Rev. 1.0
FJP
Foil 44
~<
if Activated
Referenced
::~t.
,~~I
Biill~
Passivation
Explicit
- Transaction-based for synchronization
and recovery
- Controlled by type manager to assure
consistency
Current Directory
A-.AD "Foo"
\,
~-
Default
m
f~
i~
Start_Transaction;
Store("Foo", A_AD);
Update(A_AD );
Update(B_AD );
Update(C_AD );
Commit_Transaction;
Rev. 1.0
FJP
Foil 45
Authority
List
Transaction Concepts
Properties
- Atomicity
- Synchronization
- Integrity
- Recoverability
Obj.ects Participate
In a Transaction
START
Other
Access
Attempts
Undo
Updates in
Transition
COMMIT
ABORT
t~,
m
Rev. 1.0
FJP
Foil 46
Transaction Service
Embedded in BiiN/OS
Transaction Service Acts as Coordinator
Multiple Services Can Participate in Same Transaction
- Files
- Directories
- Libraries
Extendable to New Services
Distributed
- using 2-phase commit protocol
Rev. 1.0
FJP
Foil 47
BiiN~
Active
Passive
CD
Access A
A is activated
Change. A
CD
Agent Y
Agent X
Update(A_AD)
CD
CD
Access A
A is activated
Change A
Update (A_AD)
Fails, Exception Raised
Outdated object version
CD
Rev. 1.0
FJP
Foil 48
CD
Change A
Update (A_AD)
CD
Start_Transaction;
Reserve(A_AD);
Synchronizes. Does Reset, if necessary.
Change A
Update(A_AD) ;
Commit Transaction;
Rev. 1.0
FJP
Foil 49
BiitilM
Rev. 1.0
FJP
Foil SO
Summary
Security
Rev. 1.0
FJP
Foil 51