Processing metadata, policies, and composite tags

US 10,725,778 B2
Filed: 06/07/2018
Issued: 07/28/2020
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method of processing instructions comprising:

receiving, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy;

processing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises;

determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions; and

providing a respective output;

generating a composite result tag by combining the respective outputs into a single metadata Lag for the composite policy including each respective policy; and

simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving, for metadata processing, a current instruction with a associated metadata tags. The metadata processing is performed in a metadata processing domain isolated from a code execution domain including the current instruction. Each respective associated metadata tag representing a respective policy of the composite policy. The associated metadata tags further including pointers to tags of a component policy of the composite policy. For each respective metadata tag, the method includes determining, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction. The rule cache including rules on metadata used by said metadata processing to define allowed instructions. The determination of whether a rule exists resulting in a respective output. The method further includes generating a composite result tag by combining the respective outputs into a single metadata tag representing the composite policy including each respective policy.

Citations

14 Claims

1. A method of processing instructions comprising:
- receiving, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy;
  
  processing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises;
  
  determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions; and
  
  providing a respective output;
  
  generating a composite result tag by combining the respective outputs into a single metadata Lag for the composite policy including each respective policy; and
  
  simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler.
- View Dependent Claims (2, 3, 4, 5, 6, 14)
- - 2. The method of claim 1, wherein determining whether a rule exists in a rule cache further includes:
    - for each metadata tag, determining whether a rule exists in a first level cache;
      
      when it is determined that no rule is present in the first level cache, determining whether a rule exists in a second level cache.
  - 3. The method of claim 1, wherein the rule cache is at least one of a Unified Component Policy (UCP) cache, composite set of tag (CTAG) cache, or data cache.
  - 4. The method of claim 1, wherein the respective rule cache miss handler determining whether the rule exists comprises a hardware rule cache handler from the plurality of hardware rule handlers.
  - 5. The method of claim 1, wherein the respective rule cache miss handler determining whether the rule exists comprises a hybrid of at least one hardware rule handler and at least one processor executed rule handler.
  - 6. The method of claim 1, wherein:
    - a composite set of tag (CTAG) cache stores composite results based on combinations of metadata tag values, andgenerating the composite result tag includes combining the respective outputs into a single metadata tag by looking up a combination of the respective outputs in the CTAG cache.
  - 14. The method of claim 1, wherein said plurality of associated metadata tags further includes a pointer to a tag of a component policy of the composite policy.

7. A system for processing instructions comprising:
- at least one hardware rule cache miss handler configured to;
  
  receive, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy, andprocessing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises;
  
  determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions, andproviding a respective output;
  
  a hardware concatenation module configured to generate a composite result tag by combining the respective outputs into a single metadata tag for the composite policy including each respective policy; and
  
  simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein determining whether a rule exists in a rule cache further includes:
    - for each metadata tag, determining whether a rule exists in a first level cache;
      
      when it is determined that no rule is present in the first level cache, determining whether a rule exists in a second level cache.
  - 9. The system of claim 7, wherein the rule cache is at least one of a Unified Component Policy (UCP) cache, composite set of tag (CTAG) cache, or data cache.
  - 10. The system of claim 7, wherein the respective rule cache miss handler determining whether the rule exists comprises a hardware rule cache handler from the plurality of hardware rule handlers.
  - 11. The system of claim 7, wherein the respective rule cache miss handler determining whether the rule exists comprises a hybrid of at least one hardware rule handler and at least one processor executed rule handler.
  - 12. The system of claim 7, wherein:
    - a composite set of tag (CTAG) cache stores composite results based on combinations of metadata tag values, andgenerating the composite result tag includes combining the respective outputs into a single metadata tag by looking up a combination of the respective outputs in the CTAG cache.
  - 13. The system of claim 7, wherein said plurality of associated metadata tags further includes a pointer to a tag of a component policy of the composite policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles Stark Draper Laboratory Incorporated
Original Assignee
Charles Stark Draper Laboratory Incorporated
Inventors
DeHon, Andre', Dhawan, Udit
Primary Examiner(s)
Lynch, Sharon S

Application Number

US16/002,642
Publication Number

US 20180336031A1
Time in Patent Office

782 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0875   with dedicated cache, e.g. ...

G06F 12/1408   by using cryptography for d...

G06F 12/1458   by checking the subject acc...

G06F 15/78   comprising a single central...

G06F 16/23   Updating

G06F 21/52   during program execution, e...

G06F 21/6218   to a system of files or obj...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 9/30072   to perform conditional oper...

G06F 9/30098   Register arrangements

G06F 9/30101   Special purpose registers

G06F 9/3867   using instruction pipelines

Processing metadata, policies, and composite tags

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Processing metadata, policies, and composite tags

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links