Key-lock mechanisms for object protection in single-address-space systems

This paper focuses on memory addressing environments that support the notion of a single address space. We consider the problem of hampering access attempts to the private objects of a given thread, when these attempts are generated by unauthorized threads of different processes. We introduce two different forms of access privilege representation - handles and gates - which are designed to coexist within the boundaries of the same protection system. The handle concept is a generalization of the classical protected pointer concept. A handle associates several keys (passwords) with an object name. Each key grants a specific access right to the named object. A gate is a compact representation of access privileges, which uses a single bit to encode an access right. Handles are protected from forgery by key sparseness. They can be freely mixed in memory with ordinary data. On the other hand, gates are sensitive data that must be kept segregated in private memory regions of the protection system. The dualism of handles and gates makes it possible to take advantage of the simplicity of access right distribution and object sharing between threads, which is characteristic of key-based protection systems, and to avoid the negative impact on overall system performance, which results from the large key size and the high costs of lengthy processing that are connected with key validation.