A state machine model is introduced for trusted processes. It makes explicit use of the notion of locking part of the state space in order to allow privileged actions to overlap. The model controls the interaction between overlapping actions by restricting the events that can change the locks, using the locks to restrict which events can change which parts of the state space, and preventing the initiation of actions that would interfere with currently executing ones.
展开▼
