JPH04123146A - How to write protect partitioned files - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

DETAILED DESCRIPTION OF THE INVENTION [Industrial Application Field] The present invention provides a partitioned file (Partitione file).
Regarding the write protection method for the dOrganization File system, in particular, it is a classification suitable for efficiently protecting files by setting writeable and prohibited time periods and allowing file updates only during specific periods. The present invention relates to a write protection method for organizational files.

[Conventional technology]

Currently, computer systems are widely used for memory protection, that is, file protection.

It is becoming more and more important.

The main purpose of memory protection is to improve the reliability of computer systems,
and the protection of confidential information by restricting the free use of storage space, implementing write restrictions to prevent the destruction or modification of stored contents, and executing stored contents as instructions to prevent programs from running out of control. There are also restrictions on data access, and read restrictions to protect confidential information.

Such memory protection methods include, for example, "Electronic Information and Communication Handbook" edited by the Institute of Electronics, Information and Communication Engineers (1988),
There are those described in pP, 1601-16o2, published by Ohmsha.

In other words, there is a protection key system in which the storage area is divided into blocks, a key is specified for each block, and access is permitted or prohibited depending on the match or mismatch with the key value in the processing device, and there is also a system in which the supervisor and the user There are two execution modes, and in user mode, there is an execution mode method that restricts the use of privileged instructions. Furthermore, in virtual memory systems, there is a multiple virtual address space method that creates an address translation table for each user program and isolates programs by prohibiting the generation of addresses that refer to other user program areas. Further, as an application of the multiple virtual address space method, there is a virtual computer method in which the control program is not shared among users, but a dedicated control program is used for each user.

Furthermore, among file protection methods, there are methods that allow data to be updated only in a specific location of a partitioned file, such as a file on a magnetic disk.

Note that a partitioned file is a file with multiple members (Member).
r) and a register for managing them (Direct
ory), and its members are:
Sequential organization (processing of records in a file.

It is a file organization in which files are accessed sequentially from the beginning of the file to the end; usually, multiple records are grouped together and treated as a block), and is also called a split sequential organization file, and is a library format. Most files use this organization method.

For example, Hitachi, Ltd. [Program Product VO33 Library Management System LIME] is a method for managing members in partitioned files.
E2 Manual (8090-3-188) J (1
As described in PP, 8-10 of 1998 (published in 1988), this is done by freezing members of partitioned files and managing generations.

In other words, programs in a library (a collection of programs) are stored as members, and are then frozen, added, and updated through a series of processes corresponding to the program version or each stage of program development and maintenance. Create and save generations of members.

Freezing a generation is a state in which updates are prohibited5.
The frozen generations are managed by the system according to the frozen chronological order.

Adding a generation is to create an updateable generation for a member whose all generations are frozen, and only the added generation (generation without a generation name) is allowed to update the contents of the member. It will be done.

Through such processing, it is possible to efficiently perform processing such as direct access to a specific record, rewrite, and record addition, which are difficult points in sequential organization, and to protect the file.

[Problem to be solved by the invention]

This write-protection method for partitioned files allows the user program to freeze members of partitioned files,
Although this is done through generation management, no consideration has been given to a method of protecting writing by allowing data updates of partitioned files to be limited to a specific period/time.

As described above, in the conventional technology, protection for the entire file is performed by password protection and protection by access authority, and protection for members in a partitioned file is handled individually for each user.

Therefore, there is no established method for boat fishing as to the protection of each member within the compartmentalization file.
There were problems such as an increase in the user's burden on system design and program development.

The purpose of the present invention is to solve these problems of the prior art, and to control writing to each member in a partitioned file by a command, using member-based generation management and member freezing, rather than by a user program. Another object of the present invention is to provide a write protection method for partitioned files that enables efficient write protection by allowing write protection only at a specific time.

[Means to solve the problem]

In order to achieve the above object, the write protection method for partitioned files of the present invention protects members with multiple generations that are accumulated through a series of processes consisting of freezing, addition, and updating, and the register that manages these members. a step of monitoring an arbitrary predetermined time period in the partitioned organization file;
A step of prohibiting updating of member contents based on the addition of a generation outside of this predetermined time period, and allowing updating of member contents based on generation addition within the predetermined time period. and a step of freezing the member whose contents have been updated by freezing the generation at the end of an arbitrary predetermined time period.

[Effect]

In the present invention, a predetermined time period is monitored, and outside this time period, updating of member contents based on generation addition is prohibited, and within the time period, updating of member contents is prohibited. Allow.

That is, within the time period, the generation addition command copies the already frozen generation and adds an updatable generation. Then, the contents of the members are updated using this added generation. Furthermore, the copy source generation is deleted and the members are updated.

Further, at the end of the time period, a generation name is given to the member whose contents have been updated using a generation freeze command, and the updated member is frozen.

In this way, for partitioned files that undergo generation management, update-enabled and prohibited time periods are set, and file updates are permitted only during specific periods.

Protect files efficiently 〔Example〕 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a block diagram showing an embodiment of the configuration of a computer system according to the present invention.

An auxiliary storage device 2 consisting of a magnetic disk or the like and having a partitioned file 20. It is comprised of an input device 3 for inputting instructions from an operator, a display device 4 for displaying processing results, and a processing device 1 implementing the present invention.

The segmented organization file 20 is called a member, and consists of an area where records are actually recorded, and a directory (register) where the name of each member and various information regarding each member are recorded. In this example, members (A) 23, (B)
24, (C) Member area 22 consisting of 25. and a register 21 that records information regarding each member.

Furthermore, the processing device 1 has a CPU (Central Processing Unit) that controls the entire processing operation of the processing device 1.
ngUnit (central processing unit) 5, and a partitioned file management section 6 according to the present invention.

Conventionally, the processing device 1 manages files in the auxiliary storage device 2 on a member-by-member basis using the partitioned file management section 6. For example, members with multiple generations, that is, members whose generations are managed are stored and managed. Generations of members are created and saved in correspondence with program versions or each stage of program development and maintenance.

The partitioned file management unit 6 has a member freezing processing unit 7, a member addition processing unit 8, and a member deletion processing unit 9. These processing units process each generation of members through a series of freezing, addition, and updating. It is accumulated through the process of Note that the member freezing processing unit 7, member addition processing unit 8, and member deletion processing unit 9 are each executed by commands provided by the system.

Freezing a generation means to put it in a state where updates are prohibited, and the member freezing processing unit 7 gives a generation name to a member that has not been generation-managed, and makes it a generation-managed member. Alternatively, a generation name is assigned to an updatable generation of a member whose generation is managed, and the generation is frozen. The frozen generations are managed by the system according to the frozen chronological order.

Adding a generation means that the member addition processing unit 8 creates an updatable generation for a member whose all generations are frozen. One way to create an updatable generation is to copy one of the frozen generations, usually the latest generation. Note that updating of member contents is allowed only for added generations, that is, generations that do not have a generation base.

Deletion of a generation means that the member deletion unit 9 deletes generations that are no longer needed among members whose generations have been managed, or all generations.

In this way, the processing device 1 has the partitioned file management section 6.
Accordingly, the partitioned file 20 in the auxiliary storage device 2 is managed on a member-by-member basis.

Furthermore, in this embodiment, the partitioned file management section 6 has a time monitoring section 10, and based on the flag 11 in this time monitoring section 10, the member freezing processing section 7. It controls the operations of the member addition processing section 8 and the member deletion processing section 9.

The time monitoring unit 1o is based on the built-in clock function of the system.
Recognizes the time, and when the predetermined time arrives, flag 1 is activated.
Change 1 from "0" to "1" or from "1" to "0".

In this embodiment, flag 11 is normally 5.

It is "0", becomes "1" at a certain time, and then returns to rOJ after a certain time.And only when the flag 11 is "1".

The partitioned file management unit 6 executes processing by the member addition processing unit 8 and member deletion processing unit 9, and also executes processing by the member addition processing unit 8 and member deletion processing unit 9, and also
At the point when 1 returns to rOJ from "1".

This executes the processing by the member freezing processing section 7.

With this configuration, the computer system of the second embodiment normally freezes all members.

Update is not possible. Then, processes such as adding generations are allowed only during a certain time period, and members,
In other words, the file can be updated. Then, the updated members are frozen at the end of this time period.

The processing operation of the partitioned file management section 6 based on the time monitoring section 10 will be explained below.

FIG. 2 is a flowchart showing one embodiment of the processing operation of the partitioned file management section in FIG. 1 according to the present invention.

When a generation addition processing request is input to update the contents of a member (step 201), the time monitoring unit 1 in FIG.
The flag 11 of 0 is confirmed (step 202).

Here, if the flag 11 is "0" (step 203
), the update is prohibited, so the update process is not performed and the process ends.

On the other hand, if the flag 11 is "1", it is the time period during which updates are permitted, and the member contents are updated (step 20
4).

When the update process is completed, wait for flag 11 to return to rOJ (step 205). When flag 11 becomes "0", the member updated in step 204 is frozen (step 206), and the process ends. .

In this way, files are protected by allowing members to update their contents only during a certain time period.

In addition, in FIG. 1 and FIG. 2, the time monitoring section 1
0 has a flag 11 and the update process is controlled based on this flag 11, but a method that does not use the flag 11 may also be used. In short, there is a device such as the time monitoring unit 10 that can recognize a preset time period, and based on the recognition of the time period, it is sufficient to control permission or prohibition of execution in response to a member's content update request. .

FIG. 3 is an explanatory diagram showing a first embodiment of specific processing according to the present invention of the computer system shown in FIG.

This embodiment shows an example of write protection by specifying a member name, and the member 31 in the partitioned file of the auxiliary storage device 2 is updated by the partitioned file management unit 6 based on 1'EIff30 at the start of update permission. and updated member 3
2 is frozen at update prohibition start time 33.

First, all members in the partitioned file in the auxiliary storage device 2 are frozen.

Reference is possible, but updating is not possible.

Therefore, it will not be updated erroneously.

Next, when the update permission start time reaches 3o, the command rGE
N Member name M(2)J At 34, the number of generations of the corresponding member 31 is changed (from "1" to "2").

Then, command rGEN member name ADDJ35
Add a new generation and copy data from the old generation to the new generation.

When the copy is finished, the command rGEN member name
DEL (generation name) With J36, the old generation will be abolished,
Use the command rGEN member name M(1)J37 to change the number of generations again (from ``2J'' to ``1'').

In this state, the data in the member 31 is updated and updated to the update member 32.

When the write update prohibition start time reaches 33, the command rG
EN Member name F (generation name) 138 freezes the update member 32.

In this way, updates and write protection are performed by specifying member names.

FIG. 4 is an explanatory diagram showing a second embodiment of specific processing according to the present invention of the computer system shown in FIG.

This example shows an example of updating all members in a partitioned file.

First, the generations of all members 47 in the auxiliary storage device 2 are frozen.

When the write permission start time reaches 40, the command rGRP
UPDATEJ 41, to all members 47,
Specify a group.

Next, the command rGEN UPDATE M (2)
In J42, change the number of generations for the entire group ("1"
→ "2") After changing the number of generations, use the command rGE
N UPDATE ADDJ43 adds a new generation and copies data from the old generation to the new generation.

When the copying is complete, issue the command [GENUPDAT
E DEL (generation name)" 44 to discontinue the old generation, and then issue the command rGEN UPDATE M
(1) At J45, change the number of generations again (“2” → “1”
”).

In this state, the data of all members 47 is changed and all updated members 48 are created.

When the write update prohibition start time 49 is reached, the group is specified again with the command rGRP UPDATEJ 41, and the command rGEN UPDATE F (
Generation name) j46 freezes the generation of all updated members 48.

As described above using FIGS. 1 to 4.

In this embodiment, write protection is not performed by a user program, but by a command. Additionally, by allowing writing only at specific times, files are protected from unauthorized writing.

[Effects of the Invention] According to the present invention, by allowing writing to each member in a partitioned file only at a specific time, it is possible to efficiently protect a file from writing.

[Brief explanation of drawings]

FIG. 1 is a block diagram showing an embodiment of the configuration of a computer system according to the present invention, and FIG.
FIG. 3 is a flowchart showing one embodiment of the processing operation of the partitioned file management unit according to the present invention, and FIG. 3 is an explanation showing a first embodiment of the specific processing according to the present invention of the computer system shown in FIG. 4 are explanatory diagrams showing a second embodiment of specific processing according to the present invention of the computer system shown in FIG. 1. 1: Processing device, 2: Auxiliary storage device, 3: Input device, 4:
Display device, 5: CPU, 6: Partitioned file management section,
7: Member freezing processing unit, 8: Member addition processing unit, 9: Member deletion processing unit, 10: Time monitoring unit, 11: Flag, 2
0: Sectional organization file, 21: Registration ljJ, 22: Member area, 23-25: Members (A), (B), (C),
30: Update permission start time, 31: Member, 32: Update member, 33: Update prohibition start time, 34: Generation number change command rGEN Member name M(2)J, 3
5: New generation addition command rGEN member name
ADDJ. 36: Old generation obsolete command rGEN member name DE
L (generation name) J, 37: Generation number change command rGEN
Member name M(1)J, 38: Freeze generation command rGEN Member name F (generation name). 40: Permission start time, 41: Group specification command for all members rGRP UPDATEJ, 42: Command for changing the number of generations for all members rGEN UPDATE
M(2)J, 43: Command for adding new generation for all members rGEN UPDATE ADDJ. 44: Old generation abolition command for all members rGENUPD
ATE DEL (generation name) J, 45: Command to change the number of generations for all members rGEN UPDATE M (1
)J, 46: Freeze generation command raE for all members
N UPDATE F (generation name) J. 47: All members, 48: All update members, 49: Update prohibition start time. Diagram

Claims (1)

[Claims] 1. In the write protection method for partitioned files that consist of members with multiple generations accumulated through a series of processes consisting of freezing, addition, and updating, and a register that manages these members, a predetermined time period can be set arbitrarily. a step of monitoring the
prohibiting updating of the contents of the member based on the addition of the generation outside the predetermined time period;
a step of permitting updating of the contents of the member based on the addition of the generation within the predetermined time period;
A write protection method for a partitioned file, comprising the step of freezing the member whose contents have been updated by freezing the generation at the end of the predetermined time period.