Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Cooperation of Mutually Suspicious Subsystems in a Computer Utility

Michael D. Schroeder


This thesis describes practical protection mechanisms that allow mutually suspicious subsystems to cooperate in a single computation and still be protected from one another. The mechanisms are based on the division of a computation into independent domains of access privilege, each of which may encapsulate a protected subsystem. The central component of the mechanisms is a hardware processor that automatically enforces the access constraints associated with a multidomain computation implemented as a single execution point in a segmented virtual memory. This processor allows a standard interprocedure call with arguments to change the domain of execution of the computation. Arguments are automatically communicated on cross-domain calls – even between domains that normally have no access capabilities in common. The processor, when supported by a suitable software system which is also discussed, provides the protection basis for a computer utility in which users may encapsulate independently compiled programs an


Publication typePhdThesis
> Publications > Cooperation of Mutually Suspicious Subsystems in a Computer Utility