Storage volume protection using restricted resource classes
First Claim
1. A method of protecting a storage volume using a restricted resource class, the method comprising:
- receiving a message indicating attachment of a storage volume;
creating an association between a restricted resource class (RRC) and the storage volume to limit programmatic access to the storage volume to one or more programs having an RRC entitlement to access resources in the RRC;
requesting an evaluation of the storage volume;
receiving a result of the evaluation of the storage volume;
removing or maintaining the association based on the result;
in response to the result of the evaluation indicating that the storage volume is a protected storage volume;
receiving one or more RRC entitlements from a program that requests programmatic access to the storage volume, wherein an RRC entitlement indicates that the program is entitled to access a resource in the restricted resource class;
allowing the program to access data on the storage volume in response to an RRC entitlement of the program matching the RRC associated with the storage volume.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for restricting access to a storage volume attached to a data processing system are described. In one embodiment, a storage management and access control logic in the data processing system can receive a message indicating the attachment of a storage volume. The logic can apply access restrictions to the storage volume by creating an association between a restricted resource class and the storage volume to limit programmatic access to the storage volume. An evaluation of the storage volume can be requested and based on the result of the evaluation the access restrictions can be removed or retained on the storage volume.
35 Citations
32 Claims
-
1. A method of protecting a storage volume using a restricted resource class, the method comprising:
-
receiving a message indicating attachment of a storage volume; creating an association between a restricted resource class (RRC) and the storage volume to limit programmatic access to the storage volume to one or more programs having an RRC entitlement to access resources in the RRC; requesting an evaluation of the storage volume; receiving a result of the evaluation of the storage volume; removing or maintaining the association based on the result; in response to the result of the evaluation indicating that the storage volume is a protected storage volume; receiving one or more RRC entitlements from a program that requests programmatic access to the storage volume, wherein an RRC entitlement indicates that the program is entitled to access a resource in the restricted resource class; allowing the program to access data on the storage volume in response to an RRC entitlement of the program matching the RRC associated with the storage volume. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving a message indicating attachment of a storage volume; creating an association between a restricted resource class (RRC) and the storage volume to limit programmatic access to the storage volume to one or more programs having an RRC entitlement to access resources in the RRC; requesting an evaluation of the of the storage volume; receiving a result of the evaluation of the storage volume; removing or maintaining the association based on the result; in response to the result of the evaluation indicating that the storage volume is a protected storage volume; receiving one or more RRC entitlements from a program that requests programmatic access to the storage volume, wherein the RRC entitlement indicates that the program is entitled to access a resource in the restricted resource class; allowing the program to access data on the storage volume in response to determining that an RRC entitlement of the program matches the RRC associated with the storage volume. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A data processing system comprising one or more processors,
including at least one hardware processor, coupled to memory, the one or more processors to execute a plurality of processes comprising: -
a kernel mode process to receive a message indicating attachment of a storage volume and create an association between a restricted resource class (RRC) and the storage volume to limit programmatic access to the storage volume to one or more programs having an RRC entitlement to access resources in the RRC; and a user mode process to perform an evaluation of the storage volume upon request from the kernel mode process, the evaluation based on one or more characteristics of the storage volume, wherein the kernel mode process is to maintain the association between the restricted resource class and the storage volume, in response a result of the evaluation indicating that the storage volume is a protected volume; the kernel mode process further configured to receive one or more RRC entitlements from a program that requests programmatic access to the storage volume, wherein an RRC entitlement indicates that the program is entitled to access a resource in the restricted resource class, and configured to allow access to data on the storage volume in response to the kernel mode process determining that an RRC entitlement of the program matches the RRC associated with the storage volume. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of protecting a storage volume using a restricted resource class, the method comprising:
-
receiving a message indicating attachment of a storage volume; requesting an evaluation of the of the storage volume; receiving a result of the evaluation of the storage volume; and based on the result of the evaluation, creating an association between a restricted resource class (RRC) and the storage volume to limit programmatic access to the storage volume to one or more programs having an RRC entitlement to access resources in the RRC, wherein the storage volume is browsable via a file manager during the evaluation of the storage volume; in response to the result of the evaluation indicating that the storage volume is a protected volume; receiving one or more RRC entitlements from a program that requests programmatic access to the storage volume, wherein an RRC entitlement indicates that the program is entitled to access a resource in the restricted resource class; allowing the program to access data on the storage volume in response to an RRC entitlement of the program matching the RRC associated with the storage volume. - View Dependent Claims (31, 32)
-
Specification