Payroll Personnel DreadcOS Army Iraqui
Dr. Alice Fisher X X X
Ken Liu X
Maria Santos X X
Steve Price ? X X
Jim Svenson X
Aaron Halevi ? X X
V. Patil X
Mehmet Babaoglu X
It's not clear what supervisory authority confers, but it probably confers
limited access to personnel records for the employees being supervised,
but less access than the department head and administrative assistant have;
this is indicated by a question mark.
The nature of access rights to the actual technical projects is very
unclear, so I've just used X to indicate some kind of access.
Part b: The capability lists that the describe the matrix in part a.
Dr. Alice Fisher (X,Payroll) (X,Personnel) (X,DreadcOS) Ken Liu (X,Dreadcos) Maria Santos (X,Payroll) (X,Personnel) Steve Price (?,Personnel) (X,DreadcOS) (X,Army) Jim Svenson (X,Army) Aaron Halevi (?,Personnel) (X,DreadcOS) (X,Iraqui) V. Patil (X,Iraqui) Mehmet Babaoglu (X,Iraqui)
Part c: The access control lists that the describe the matrix in part a.
Payroll (X,Fisher) (X,Santos) Personnel (X,Fisher) (X,Santos) (?,Price) (?,Halevi) DreadcOS (X,Fisher) (X,Liu) (X,Price) (X,Halevi) Army (X,Price) (X,Svenson) Iraqui (X,Halevi) (X,Patil) (X,Babaoglu)
The user program will need to cause a trap to enter protected state, so it will use a priviliged instruction. The trap service routine will then inspect the instruction that caused the trap to determine which system function was intended. We might select at random among the privileged instructions, assigning each to a specific system service, with no regard to the "natural" meaning of the instruction. Thus, an instruction that sets the IF register in privileged state might be used to mean relinquish, and an instruction that outputs a character to the terminal in privileged state might be used to mean wait on a semaphore.
Part b: The user can pass a pointer in a register, for example, in AC. Passing the pointer is easy, but the system, on receipt of the pointer, has a more difficult time. The system must, temporarily, set its DF register to the saved DF register of the user, then follow the pointer to actually access the buffer, and then, perhaps, set its DF back to the field the system was using before it needed to follow the user's pointer.
We use one privileged instruction as the opcode for the system call far_jump();
the user passes a in MQ and F in AC. The user's process description must
include a 64-entry table of that user's fields; for each table entry, there
will be a 3-bit entry indicating where that field is in main memory; if this
3-bit entry is zero, it means that field is not in main memory. The far-jump
service service operates as follows:
far_jump(a,f)
if table(f).field = 0
-- field is not in main memory
find least recently used memory field,
copy it out to disk
copy field f from disk into that field,
update table(f).field
endif
set user's saved IF to table(f).field
set user's saved PC to a
return from trap
Part b: Is this system based on capability lists or access control lists.
It is an example of capability based addressing because the table of fields for each user is analogous to the page table of a process.