IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0286613
(2002-11-01)
|
등록번호 |
US-7565509
(2009-07-29)
|
발명자
/ 주소 |
- Peinado, Marcus
- England, Paul
- Willman, Bryan Mark
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
3 |
초록
▼
A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying
A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
대표청구항
▼
What is claimed is: 1. A method of controlling access to one or more resources in accordance with a policy, the method comprising: defining an invariant condition constraining one or more resources that can be identified using a virtual address, the invariant condition being defined such that a set
What is claimed is: 1. A method of controlling access to one or more resources in accordance with a policy, the method comprising: defining an invariant condition constraining one or more resources that can be identified using a virtual address, the invariant condition being defined such that a set of physical addresses that a source can address through an address translation mechanism using a virtual address and a set of resources to which access by the source is unallowable by the policy are distinct and non-intersecting; receiving a request to allow a requesting source to access one of the resources; determining whether the request identifies a resource using a virtual address or using a physical address; if the request identifies the resource using a virtual address, then allowing the request without evaluating whether the request violates the policy; if the request identifies the resource using a physical address, then determining whether the physical address is a member of a set of physical addresses to which the policy blocks access; if the physical address is a member of the set of physical addresses to which the policy blocks access, then blocking the request; and if the physical address is not a member of the set of physical addresses to which the policy blocks access, then allowing the request. 2. The method of claim 1, further comprising: initializing the resources to a state in which none of the resources to which access is unallowable under the policy has a virtual address usable by the source. 3. The method of claim 1, wherein the resources comprise individually-addressable units of a random access memory. 4. The method of claim 1, wherein information that affects which of the resources corresponds to a given virtual address is stored in a set of the resources, the method further comprising denying the request if execution of the request would result in access to any of the resources in the set that is disallowed under the policy. 5. The method of claim 1, wherein information that affects which of the resources corresponds to a given virtual address is stored in a set of the resources, wherein each virtual address is associated with an attribute indicating whether a resource associated with the virtual address is not writeable, the method further comprising denying the request if execution of the request would result in the set including any resource having virtual addresses whose attributes are indicative of being writeable by the source. 6. The method of claim 5, further comprising denying the request if execution of the request would result in access to any of the resources in the set that is disallowed under the policy. 7. The method of claim 6, further comprising denying the request if execution of the request would result in a circumstance where the source can use a virtual address to address a resource that the source is not allowed to write under the policy, or if execution of the request would result in a circumstance where the set includes any resources that the source is not allowed to write under the policy. 8. The method of claim 1, wherein execution of the request will cause one or more of the resources to acquire virtual addresses, and wherein the method further comprises determining that the policy allows access to each of the resources that will acquire a virtual address as a result of executing the request. 9. The method of claim 1, wherein execution of the request will result in a change to the policy, and wherein the method further comprises determining that the policy, as affected by the change, allows the source to access all of the resources that the source can address using virtual addresses. 10. The method of claim 9, wherein the change to the policy comprises allowing access to at least a first of the resources to which access had been disallowed, and wherein the method further comprises obscuring a value that had been stored in said first resource prior to the change to the policy. 11. The method of claim 9, wherein the change in the policy comprises granting unrestricted access to all resources. 12. The method of claim 1, wherein the request comprises a request to write said one of the resources, and wherein the method further comprises: waiting a duration of time before said one of the resources is written in accordance with the request. 13. The method of claim 12, further comprising: subsequent to receiving the write request, receiving a request to read said one of the resources; and processing the read request by: if the write request is allowed, then executing the write request that is the object of said waiting act and retrieving a stored value from the resource; and if the write request is not allowed, then outputting the value that was the subject of the write request. 14. The method of claim 1, further comprising: if the request is allowable under the policy and if a condition is true, then allowing the request; and ensuring that the condition is never true unless execution of the request will not result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy. 15. The method of claim 1, wherein execution of the request will result in a first change to the policy and will also result in a second change affecting which resources have virtual addresses, and wherein the method further comprises determining that execution of the request will not result in an intersection between the resources to which the policy, as affected by the first change, disallows access and the resources, as affected by the second change, that have virtual addresses. 16. A computer-readable storage medium encoded with computer-executable instructions to perform a method of controlling access to one or more resources in accordance with a policy, the method comprising: defining an invariant condition constraining one or more resources that can be identified using a virtual address, the invariant condition being defined such that a set of physical addresses that a source can address through an address translation mechanism using a virtual address and a set of resources to which access by the source is unallowable by the policy are distinct and non-intersecting and such that any request that is unallowable under the policy is deemed deniable under the invariant condition, and at least one request that is allowable under the policy is also deemed deniable under the invariant condition; receiving a write request to allow a requesting source to write a value to one of the resources; determining whether the write request identifies a resource using a virtual address or using a physical address; if the write request identifies the resource using a virtual address, then allowing the write request without evaluating whether the request violates the policy; if the request identifies the resource using a physical address, then determining whether the physical address is a member of a set of physical addresses to which the policy forbids writing; if the physical address is a member of the set of physical addresses to which the policy forbids writing, then denying the write request; if the physical address is not a member of the set of physical addresses to which the policy forbids writing, then allowing the write request exposing the virtual address to the source only if the request is allowable under the invariant condition, thereby preventing access by the source to the resource if execution of the write request would result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy; if the write request is not denied, then storing the value in the one of the resources; receiving a subsequent read request to read the one of the resources; if the write request is not denied, processing the subsequent read request by retrieving the stored value from the one of the resources; and if the write request is denied, processing the subsequent read request by outputting the value that was the subject of the write request. 17. The computer-readable storage medium of claim 16, the method further comprising: initializing the resources to a state in which none of the resources to which access is unallowable under the policy has a virtual address usable by the source. 18. The computer-readable storage medium of claim 16, wherein the resources comprise individually-addressable units of a random access memory. 19. The computer-readable storage medium of claim 16, wherein information that affects which of the resources corresponds to a given virtual address is stored in a set of the resources, and wherein the method further comprises denying the request if execution of the request would result in access to any of the resources in the set that is disallowed under the policy. 20. The computer-readable storage medium of claim 16, wherein information that affects which of the resources corresponds to a given virtual address is stored in a set of the resources, wherein each virtual address is associated with an attribute indicating whether a resource associated with the virtual address is not writeable, and wherein the method further comprises denying the request if execution of the request would result in the set including any resource having virtual addresses whose attributes are indicative of being writeable by the source. 21. The computer-readable storage medium of claim 20, wherein the method further comprises denying the request if execution of the request would result access to any of the resources in the set that is disallowed under the policy. 22. The computer-readable storage medium of claim 21, wherein the method further comprises denying the request if execution of the request would result in a circumstance where the source can use a virtual address to address a resource that the source is not allowed to write under the policy, or if execution of the request would result in a circumstance where the set includes any resources that the source is not allowed to write under the policy. 23. The computer-readable storage medium of claim 16, wherein the method further comprises: if the request is allowable under the policy and if a condition is true, then allowing the request; and ensuring that the condition is never true unless execution of the request will not result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy. 24. A method of controlling access to one or more resources in accordance with a first policy, the method comprising: defining an invariant condition constraining one or more resources that can be identified using a virtual address, the invariant condition being defined at least as restrictively as the policy, such that a set of physical addresses that a source can address through an address translation mechanism using a virtual address and a set of resources to which access by the source is unallowable by the first policy are distinct and non-intersecting and such that any request that is unallowable under the first policy is deemed deniable under the invariant condition, and at least one request that is allowable under the first policy is also deemed deniable under the invariant condition; receiving a request from a requesting source to access a resource; determining whether the request identifies the resource using a virtual address or using a physical address; determining whether the request is allowable, deniable, or neither allowable nor deniable based on the invariant condition, wherein the determining step comprises deeming the request allowable, without evaluating the request under the first policy, if the request identifies the resource using a virtual address; if the request is deemed allowable or deniable as a result of the determining step, then allowing or denying the request according to the result of the determining step; if the request would be allowable under the first policy but deniable under the invariant condition, then omitting the virtual address from a list of resources that the requesting source is permitted to access; if the request identifies the resource using a physical address, then determining whether the physical address is a member of a set of physical addresses to which the first policy blocks access; if the physical address is a member of the set of physical addresses to which the first policy blocks access, then denying the request; and if the physical address is not a member of the set of physical addresses to which the first policy blocks access, then allowing the request. 25. The method of claim 24, further comprising: when the determining step results in a determination that the request is neither allowable nor deniable based on the invariant condition, determining whether the request is allowable or deniable based on either the first policy or a criterion different from the invariant condition. 26. The method of claim 24, further comprising: if the request is not deemed allowable or deniable as a result of the determining step, evaluating the request under one or more criteria, each of the criteria being different from the invariant condition and being different from each other, any request that is unallowable under the first policy being deemed deniable under any of the criteria, each of the criteria being adapted to deem deniable at least one request that is allowable under the first policy; and if the request is deemed allowable or deniable under any of the criteria, then allowing or denying the request accordingly. 27. The method of claim 24, further comprising: if the request is not deemed allowable as a result of the determining step, evaluating the request under the first policy; and allowing or blocking the request depending on whether the request is allowable or unallowable under the first policy. 28. The method of claim 24, wherein the method is performed in a system that is adapted to assign virtual addresses to at least some of the resources, wherein the invariant condition defines as unallowable all access requests that are unallowable under a second policy and also defines as unallowable all access requests that, if executed, would result in a virtual address being assigned to a resource to which access is unallowable under the second policy. 29. The method of claim 24, wherein the method is performed in a system that comprises a virtual memory manager that associates a virtual address and an attribute with each of the resources, the particular resource and attribute associated with a virtual address being based on at least one factor other than the virtual address, the attribute indicating whether the resource is a read-only or read/write resource, and wherein the invariant condition comprises whether the request is consistent with the attribute, the request being deemed allowable as a result of the determining step if the request is consistent with the attribute, the request not being deemed either allowable or deniable as a result of the determining step if the request is not consistent with the attribute. 30. A computer-readable storage medium encoded with computer-executable instructions to perform a method of controlling access to one or more resources in accordance with a first policy, the method comprising: defining an invariant condition constraining one or more resources that can be identified using a virtual address, the invariant condition being defined at least as restrictively as the policy, such that a set of physical addresses that a source can address through an address translation mechanism using a virtual address and a set of resources to which access by the source is unallowable by the first policy are distinct and non-intersecting and such that any request that is unallowable under the first policy is deemed deniable under the invariant condition, and at least one request that is allowable under the first policy is also deemed deniable under the invariant condition; receiving a request from a requesting source to access a resource; determining whether the request identifies the resource using a virtual address or using a physical address; determining whether the request is allowable, deniable, or neither allowable nor deniable based on the invariant condition, wherein the determining step comprises deeming the request allowable, without evaluating the request under the first policy, if the request identifies the resource using a virtual address; if the request is deemed allowable or deniable as a result of the determining step, then allowing or denying the request according to the result of the determining step; if the request would be allowable under the first policy but deniable under the invariant condition, then omitting the virtual address from a list of resources that the requesting source is permitted to access; if the request identifies the resource using a physical address, then determining whether the physical address is a member of a set of physical addresses to which the first policy blocks access; if the physical address is a member of the set of physical addresses to which the first policy blocks access, then denying the request; and if the physical address is not a member of the set of physical addresses to which the first policy blocks access, then allowing the request. 31. The computer-readable storage medium of claim 30, the method further comprising: if the request is not deemed allowable or deniable as a result of the determining step, evaluating the request under one or more criteria, each of the second criteria being different from the invariant condition and being different from each other, any request that is unallowable under the first policy being deemed deniable under any of the criteria, each of the criteria being adapted to deem deniable at least one request that is allowable under the first policy; and if the request is deemed allowable or deniable under any of the criteria, then allowing or denying the request accordingly. 32. The computer-readable storage medium of claim 30, wherein the method is performed in a system that comprises a virtual memory manager that associates a virtual address and an attribute with each of the resources, the particular resource and attribute associated with a virtual address being based on at least one factor other than the virtual address, the attribute indicating whether the resource is a read-only or read/write resource, and wherein the invariant condition comprises whether the request is consistent with the attribute, the request being deemed allowable as a result of the determining step if the request is consistent with the attribute, the request not being deemed either allowable or deniable as a result of the determining step if the request is not consistent with the attribute.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.