Using limits on address translation to control access to an addressable entity
First Claim
1. A method of controlling access to one or more resources in accordance with a policy, the method comprising:
- receiving a request to allow a source to access one of the resources; and
if the request is allowable under the policy, and if execution of the request will not result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy, then allowing the request.
3 Assignments
0 Petitions
Accused Products
Abstract
A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
-
Citations
79 Claims
-
1. A method of controlling access to one or more resources in accordance with a policy, the method comprising:
-
receiving a request to allow a source to access one of the resources; and
if the request is allowable under the policy, and if execution of the request will not result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy, then allowing the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable medium encoded with computer-executable instructions to perform a method of controlling access to one or more resources in accordance with a policy, the method comprising:
-
receiving a request to allow a source to access one of the resources; and
if the request is allowable under the policy, and if execution of the request will not result in a circumstance under which the source can use a virtual address to address a resource to which access is unallowable under the policy, then allowing the request. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of controlling access to a plurality of resources in accordance with a policy, each of the resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, the method comprising:
-
initializing the resources to a state in which none of the resources that a source is not allowed to access under the policy is addressable by the source with any of the second identifiers;
receiving a request to read one of the resources, the request identifying said one of the resources by one of the second identifiers; and
allowing the request. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable medium encoded with computer-executable instructions to perform a method of controlling access to a plurality of resources in accordance with a policy, each of the resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, the method comprising:
-
initializing the resources to a state in which none of the resources that a source is not allowed to access under the policy is addressable by the source with any of the second identifiers;
receiving a request to read one of the resources, the request identifying said one of the resources by one of the second identifiers; and
allowing the request. - View Dependent Claims (36, 37, 38)
-
-
39. A method of controlling access to a plurality of resources according to a policy in a system comprising a first set of resources, each of the set of resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, each of the second identifiers having an attribute associated therewith indicating whether a resource identified by a second identifier is read-only, information affecting which of the resources corresponds to a given virtual address being stored in a set of the resources, the method comprising:
-
initializing the resources to a state in which none of the resources that a source is not allowed to access under the policy is addressable by the source with any of the second identifiers, and in which the set of resources does not include any resource whose second identifier is associated with an attribute indicative of being only readable by the source;
receiving a request to write one of the resources, the request identifying said one of the resources by one of the second identifiers; and
allowing the request. - View Dependent Claims (40, 41, 42, 43)
-
-
44. A computer-readable medium encoded with computer-executable instructions to perform a method of controlling access to a plurality of resources according to a policy in a system comprising a first set of resources, each of the set of resources being addressable by a set of first identifiers, at least some of the resources being addressable by a set of second identifiers, each of the second identifiers having an attribute associated therewith indicating whether a resource identified by a second identifier is read-only, information affecting which of the resources corresponds to a given virtual address being stored in a set of the resources, the method comprising:
-
initializing the resources to a state in which none of the resources that a source is not allowed to access under the policy is addressable by the source with any of the second identifiers, and in which the set of resources does not include any resource whose second identifier is associated with an attribute indicative of being only readable by the source;
receiving a request to write one of the resources, the request identifying said one of the resources by one of the second identifiers; and
allowing the request. - View Dependent Claims (45)
-
-
46. In a system that comprises a plurality of resources and a virtual memory manager, each of the resources being addressable by a physical address, the virtual memory manager enabling at least some of the resources to be addressable by virtual addresses, the improvement comprising:
a guard that evaluates a request to allow a source to access at least one of the resources, the guard allowing access to said one of the resources if a group of one or more conditions is true, the guard otherwise denying the request, the conditions comprising;
the request being allowable under a policy; and
execution of the request will not result in a circumstance in which any of the resources that the source is not allowed to access under the policy are addressable by the source with a virtual address. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
58. A method of controlling access to one or more resources in accordance with a first policy, the method comprising:
-
receiving a request to access a resource;
determining whether the request is allowable or deniable based on a first criterion under which no request that is unallowable under the first policy is deemed allowable, and under which at least one request that is allowable under the first policy is not deemed allowable;
if the request is deemed allowable or deniable as a result of the determining step, then allowing or denying the request according to the result of the determining step. - View Dependent Claims (59, 60, 61, 62, 63)
-
-
64. A computer-readable medium encoded with computer-executable instructions to perform a method of controlling access to one or more resources in accordance with a first policy, the method comprising:
-
receiving a request to access a resource;
determining whether the request is allowable or deniable based on a first criterion under which no request that is unallowable under the first policy is deemed allowable, and under which at least one request that is allowable under the first policy is not deemed allowable;
if the request is deemed allowable or deniable as a result of the determining step, then allowing or denying the request according to the result of the determining step. - View Dependent Claims (65, 66)
-
-
67. A system for controlling access to an addressable entity in accordance with a policy, P, the addressable entity defining a first mapping from a first set, A, to a second set, M, there being a second mapping from a third set, V, to the first set, the function f:
- A→
M denoting the first mapping, the function g;
S×
V→
A denoting the second mapping, wherein S is a set of sources that can request access to the addressable entity, the system comprising;
a guard that evaluates a request from a source, s, to evaluate or modify the first mapping, where sε
S, the guard conditionally allowing the request based on the constraints that the request is allowable under the policy, P, and that carrying out the request will not cause a statement concerning MP(s) to be false, wherein MP(s) consists of all members of the first set, A, that will be solutions to g(s,v) for any vε
V. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79)
- A→
Specification