Abstract

An integrating processor element containing a data processor that provides a computer with those functions normally associated with the Central Processor Unit (CPU) but which possesses architectural features to prevent compromise (i.e., unauthorized dissemination) of data in a multi-level secure environment. The data processor executes instructions from an internal instruction memory which cannot be altered by the data processor and cannot be accessed by the I/O processor (i.e., I/O controller). The instruction memory is segmented providing a separate segment for each discrete level of secure data to be processed. Each computer program is stored in the segment corresponding to the highest level of security of the data it will use. A second memory, called the hand-off memory, is a read/write memory accessible by the I/O processor as well as the data processor. The hand-off memory is also segmented by security level. A computer program may only write in the hand-off memory in the segment corresponding to the same security level as the segment in the instruction memory in which it is stored. A computer program may read, however, from any segment corresponding to the same or a lower security level. The data processor contains a security register which provides the hardware assurance that a computer program can access only permitted data. A memory address translator within the data processor is provided to permit relocation of segments within the hand-off memory without corresponding changes to any computer program. This feature enables generation of computer programs having lower classifications than the data upon which they operate.