[특허]Using limits on address translation to control access to an addressable entity

Using limits on address translation to control access to an addressable entity 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-012/00
출원번호	UP-0299083 (2005-12-09)
등록번호	US-7650478 (2010-02-22)
발명자 / 주소	Peinado, Marcus England, Paul Willman, Bryan Mark
출원인 / 주소	Microsoft Corporation
대리인 / 주소	Woodcock Washburn LLP
인용정보	피인용 횟수 : 1 인용 특허 : 26

초록 ▼

A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

대표청구항 ▼

What is claimed is: 1. A method of controlling access to a plurality of resources in accordance with a policy, each of the resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, the method comprising: initializing the resources to a state that does not include any of the resources that a source is not allowed to access under the policy and are not addressable by the source with any of the second identifiers; receiving a request to access one of the resources, the request identifying said one of the resources by one of the second identifiers; determining whether said request is a read request for one of the resources identified by one of the second identifiers; and allowing the request without further evaluation of whether said request is allowable under said policy if, based on the determination, the read request references resources that are included in a list of addressable resources, wherein the request is denied when the request references a first identifier that is determined to be outside of the list of addressable resources. 2. The method of claim 1, wherein the first identifiers are physical addresses of the resources, wherein the second identifiers are virtual addresses, and wherein a modifiable mapping maps at least some of the virtual addresses to at least some of the physical addresses. 3. The method of claim 2, wherein said mapping is based at least in part on the identity of a source that issues said request. 4. The method of claim 3, wherein said mapping is further based on information other than the second identifiers and the identity of the source that issues said request. 5. The method of claim 1, wherein the act of initializing the resources comprises: initializing the resource to a state in which none of the resources that the source is not allowed to write under the policy is addressable by the source with any of the second identifiers. 6. The method of claim 1, wherein information that affects which of the resources corresponds to a given virtual address is stored in a first set of the resources, and wherein the act of initializing the resources comprises: initializing the resources to a state in which none of the resources that the source is not allowed to access under the policy are in the first set. 7. The method of claim 1, wherein information that affects which of the resources corresponds to a given virtual address is stored in a first set of the resources, and wherein the act of initializing the resources comprises: initializing the resources to a state in which none of the resources that a source is not allowed to write under the policy is addressable by the source with any of the second identifiers, and in which none of the resources that the source is not allowed to write under the policy are in the first set. 8. A computer-readable medium encoded with computer-executable instructions to perform a method of controlling access to a plurality of resources according to a policy in a system comprising a first set of resources, each of the set of resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, each of the second identifiers having an attribute associated therewith indicating whether a resource identified by a second identifier is read-only, information affecting which of the resources corresponds to a given virtual address being stored in a set of the resources, the method comprising: initializing the resources to a state that does not include any of the resources that a source is not allowed to access under the policy and are not addressable by the source with any of the second identifiers, and in which the set of resources does not include any resource whose second identifier is associated with an attribute indicative of being only readable by the source; receiving a request to access one of the resources, the request identifying said one of the resources by one of the second identifiers; determining whether said request is a write request for one of the resources identified by one of the second identifiers; and allowing the request without further evaluating whether said request is allowable under said policy if, based on the determination, the write request references resources that are included in a list of addressable resources, wherein the request is denied when the request references a first identifier that is determined to be outside of the list of addressable resources. 9. The computer-readable medium of claim 8, wherein the method further comprises: initializing the resources to a state in which none of the resources that a source is not allowed to write under the policy is addressable by the source with any of the second identifiers. 10. In a system that comprises a plurality of resources and a virtual memory manager, each of the resources being addressable by a physical address, the virtual memory manager enabling at least some of the resources to be addressable by virtual addresses, a process comprising: invoking a guard that evaluates a request to allow a source to access at least one of the resources; the guard determining whether said request is a read request that uses a virtual address to identify the resource, where if, based on the determination, the request is the read request, the guard allowing the request; and wherein, if based on the determination, the request comprises a write request component, the guard allowing access to said one of the resources if a group of one or more conditions is true, the guard otherwise denying the request, the conditions comprising: the request being allowable under a policy; and execution of the request will not result in the creation of a circumstance in which any of the resources that the source is not allowed to access under the policy become addressable by the source with a virtual address. 11. The improvement of claim 10, wherein the system has been initialized to a state in which none of the resources that the source is allowed to access under the policy are addressable by the source with virtual addresses. 12. The improvement of claim 10, wherein information affecting which of the resources are associated with virtual addresses is sorted in a set of the resources, and wherein the conditions further comprise: execution of the request not resulting in a circumstance in which the set includes resources that the source is not allowed to access under the policy. 13. The improvement of claim 10, wherein the conditions further comprise: execution of the request not resulting in a circumstance in which any of the resources that the source is not allowed to write under the policy are addressable by the source with a virtual address. 14. The improvement of claim 13, wherein information affecting which of the resources are associated with virtual addresses is stored in a set of the resources, and wherein the conditions further comprise: execution of the request not resulting in a circumstance in which the set includes resources that the source is not allowed to write under the policy. 15. The improvement of claim 10, wherein the system further comprises a processor, and wherein the guard comprises executable instructions that execute on the processor. 16. The improvement of claim 10, wherein the guard comprises at least one of: hardware logic and firmware. 17. The improvement of claim 10, wherein the virtual memory manager associates an attribute with a resource that has been requested by a virtual address, the attribute indicating whether the resource may be only written or read and written, the virtual memory manager being configured to invoke said guard when a request is received to write to a resource whose corresponding attribute indicates that the resource is only readable. 18. The improvement of claim 17, wherein the virtual memory manager raises an exception whenever a request is received to write to a resource whose corresponding attribute indicates that the resource is only readable, and wherein the guard comprises, or is invoked by, a handler for said exception. 19. The improvement of claim 17, wherein information affecting which of the resources are associated with virtual addresses is stored in a set of the resources, each of the resources in the set being associated with an attribute indicating that the resource is only readable when requested by said source. 20. The improvement of claim 10, wherein the virtual memory manager indicates, for each resource requestable by virtual address, whether the resource is present or not present, the virtual memory manager being configured to invoke said guard when a request is received to access a resource that is indicted as not present, and wherein the virtual memory manager is configured to invoke said guard when a request is received to access a resource whose corresponding attribute indicates that the resource is not present.

이 특허에 인용된 특허 (26)

William R. Bryg ; Stephen G. Burger ; James O. Hays ; John M. Kessenich ; Jonathan K. Ross ; Gary N. Hammond ; Sunil Saxena ; Koichi Yamada, Apparatus and method for a virtual hashed page table.
상세보기
Hardy Norman (Portola Valley CA), Computer security system.
상세보기
Waldspurger, Carl A., Content-based, transparent sharing of memory units.
상세보기
Stamm Rebecca L. (Boston MA) Uhler G. Michael (Marlborough MA), Conversion of internal processor register commands to I/O space addresses.
상세보기
Liu, Wei; Kahle, Steven H., Data-aware data flow manager.
상세보기
Lim, Beng-Hong; Le, Bich C.; Bugnion, Edouard, Deferred shadowing of segment descriptors in a virtual machine monitor for a segmented computer architecture.
상세보기
Per Anders Holmberg SE, Maintenance of speculative state of parallel executed jobs in an information processing system.
상세보기
Garney John I., Mechanism supporting execute in place read only memory applications located on removable computer cards.
상세보기
Stiffler, Jack Justin; Burn, Donald, Method and apparatus for achieving system-directed checkpointing without specialized hardware assistance.
상세보기
Kane James A. (Newport Beach CA) Chang Hsiao-Shih (Orange CA) Whitted ; III Graham B. (Irvine CA), Method and apparatus for detecting memory segment violations in a microprocessor-based system.
상세보기
Ang, Boon Seong, Method and apparatus for direct conveyance of physical addresses from user level code to peripheral devices in virtual memory systems.
상세보기
Landau Charles R., Method and apparatus for managing invalidation of virtual memory mapping table entries.
상세보기
Arimilli, Ravi Kumar; Williams, Derek Edward, Method, apparatus and system for acquiring a global promotion facility utilizing a data-less transaction.
상세보기
Marc Alan Auslander ; Larry Wayne Loen, Mixed-endian computer system that provides cross-endian data sharing.
상세보기
Willman,Bryan Mark; England,Paul, Page granular curtained memory via mapping control.
상세보기
Harlan Sexton ; David Unietis ; Mark Jungerman ; Scott Meyer, Paged memory management system within a run-time environment.
상세보기
Franaszek, Peter A.; Poff, Dan E., Reclaim space reserve for a compressed memory system.
상세보기
Anastas Mark S. (Auburn WA) Vaughan Russell F. (Enumclaw WA), Secure implementation of transition machine computer.
상세보기
Manabe Toshihiko (Kanagawa-ken JPX), Shared data management scheme using shared data locks for multi-threading.
상세보기
Richard P. Draves ; Scott Cutshall ; Gilad Odinak, Sharing executable modules between user and kernel threads.
상세보기
Stimac Gary A. (Houston TX) Crosswy William C. (Houston TX) Preston Stephen B. (Spring TX) Flannigan James S. (Cypress TX), Software emulation of bank-switched memory using a virtual DOS monitor and paged memory management.
상세보기
Mahlon David Fields, Jr. ; Stuart Sechrest, System, method, and software for memory management with intelligent trimming of pages of working sets.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Noel Karen Lee ; Harvey Michael Seward, Virtual memory allocation in a virtual address space having an inaccessible gap.
상세보기
Noel Karen Lee ; Harvey Michael Seward, Virtual memory allocation in a virtual address space having an inaccessible gap.
상세보기
Harvey Michael Seward ; Noel Karen Lee, Virtual memory system with page table space separating a private space and a shared space in a virtual memory.
상세보기

이 특허를 인용한 특허 (1)

Frey, Bradly G.; Gschwind, Michael K.; Herrenschmidt, Benjamin, Mechanisms for eliminating a race condition between a hypervisor-performed emulation process requiring a translation operation and a concurrent translation table entry invalidation.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Using limits on address translation to control access to an addressable entity 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (26)

이 특허를 인용한 특허 (1)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Using limits on address translation to control access to an addressable entity 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (26)

이 특허를 인용한 특허 (1)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트