Security system for computer systems

Assignee

• Data General Corporation · US

Inventors

• Kenneth John Hayman · Durham, US
• Michael Donovan Keene · Coral Springs, US
• Eric S. Lewine · Apex, US
• William J. Meyers · Durham, US
• Jon F. Spencer · Raleigh, US
• Millard C. Taylor, II · Chapel Hill, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99931
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A security system for a computer system imposes specific limitations on who has access to the computer system and to exactly what operations and data. Viruses are securely contained and prevented from expanding into areas where they can destroy stored programs or data. Viruses are also prevented from being introduced or executed in a large number of instances. The totality of computer functions is broken up into a set of events with an associated set of capabilities and different capabilities are assigned to each user depending on the particular job which that user is to do on the computer system. Also, security labels are placed on each data file and other system resources, and on each process. Further, a range of hierarchy/category labels (MAC labels) is assigned to each process to define a sub-lattice in which special capabilities can apply. Further, the hierarchy of labels is divided into a small number (for example 3) of regions, and a process operating in one region is generally not allowed to cross over into another region. Further, an owner of a data file is allowed to place restrictions on the file so that only users who posses certain privileges can gain access to the fil…