Hardware Based Mandatory Access Control

US 20100088739A1
Filed: 10/06/2008
Published: 04/08/2010
Est. Priority Date: 10/06/2008
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system, for performing hardware based access control, comprising:

associating, in hardware of the data processing system, an instruction access policy label with an instruction to be processed by a processor of the data processing system;

associating, in hardware of the data processing system, an operand access policy label with data in the data processing system;

passing the instruction access policy label along with the instruction through one or more hardware functional units of the processor;

passing the operand access policy label along with the data through the one or more hardware functional units of the processor; and

utilizing one or more hardware implemented policy engines associated with the one or more hardware functional units of the processor to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.

Citations

22 Claims

1. A method, in a data processing system, for performing hardware based access control, comprising:
- associating, in hardware of the data processing system, an instruction access policy label with an instruction to be processed by a processor of the data processing system;
  
  associating, in hardware of the data processing system, an operand access policy label with data in the data processing system;
  
  passing the instruction access policy label along with the instruction through one or more hardware functional units of the processor;
  
  passing the operand access policy label along with the data through the one or more hardware functional units of the processor; and
  
  utilizing one or more hardware implemented policy engines associated with the one or more hardware functional units of the processor to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the one or more hardware functional units comprises an execute unit, a load/store unit, and a branch unit, and wherein each of the execute unit, the load/store unit, and the branch unit has a corresponding hardware implemented policy engine.
  - 3. The method of claim 1, wherein the data processing system comprises a hardware implemented access policy label cache that stores an extended access control matrix specifying access controls for a plurality of access policy labels.
  - 4. The method of claim 3, wherein the extended access control matrix comprises one or more lookup tables for each instruction type, the instruction type being decoded by the processor from the instruction as an instruction identifier.
  - 5. The method of claim 4, wherein each of the lookup tables specifies, based on an input operand label for data, an input instruction label for an instruction, and a context label for a process associated with the instruction, the access rights and transition rules which govern the execution of the instruction.
  - 6. The method of claim 5, wherein the transition rules specify additional operations to be performed when executing the instruction.
  - 7. The method of claim 6, wherein the additional operations comprise at least one of a trap operation for trapping the instruction and causing a software trap handler to execute on the instruction or a transition operation for transitioning the context label from a current value to a context label value associated with an output of a policy label lookup operation in the extended access control matrix.
  - 8. The method of claim 3, wherein the one or more hardware implemented policy engines access the extended access control matrix stored in the hardware implemented access policy label cache to enforce an access control policy to control access to data by instructions processed by the data processing system.
  - 9. The method of claim 3, wherein passing the first access policy and passing the second access policy comprises:
    - receiving the instruction and the instruction access policy label in a first hardware implemented policy engine associated with a first hardware functional unit of the processor;
      
      receiving, in the first hardware implemented policy engine, a current process context label associated with the instruction; and
      
      receiving, in the first hardware implemented policy engine, one or more operand labels corresponding to one or more operands of the instruction, and wherein utilizing the one or more hardware implemented policy engines to control access by the instruction to the data based on the instruction access policy label and the operand access policy label comprises performing a policy lookup operation on the extended access control matrix based on the instruction label, current process context label, and the one or more operand labels to identify an output label for a result of the execution of the instruction.
  - 10. The method of claim 9, wherein utilizing the one or more hardware implemented policy engines to control access by the instruction to the data based on the instruction access policy label and the operand access policy label further comprises:
    - determining if the output label is a trap label; and
      
      executing a trap by executing a software interrupt to transfer control to a privileged software handler in response to a determination that the output label is a trap label; and
      
      executing the instruction and setting a label associated with result data of the execution of the instruction to the output label, if the output label is determined to not be a trap label.
  - 11. The method of claim 10, wherein utilizing the one or more hardware implemented policy engines to control access by the instruction to the data based on the instruction access policy label and the operand access policy label further comprises:
    - determining if the output label indicates a context transition; and
      
      setting the current process context label to the output label value if the output label indicates a context transition.

12. A processor, comprising:
- one or more hardware functional units; and
  
  one or more hardware implemented policy engines associated with the one or more hardware functional units, wherein;
  
  an instruction access policy label is associated, in hardware of the processor, with an instruction to be processed by the processor,an operand access policy label is associated, in hardware of the processor, with data processed by the processor,the instruction access policy label is passed along with the instruction through the one or more hardware functional units of the processor,the operand access policy label is passed along with the data through the one or more hardware functional units of the processor, andthe one or more hardware implemented policy engines operate to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The processor of claim 12, wherein the one or more hardware functional units comprises an execute unit, a load/store unit, and a branch unit, and wherein each of the execute unit, the load/store unit, and the branch unit has a corresponding hardware implemented policy engine.
  - 14. The processor of claim 12, wherein the processor comprises a hardware implemented access policy label cache that stores an extended access control matrix specifying access controls for a plurality of access policy labels.
  - 15. The processor of claim 14, wherein the extended access control matrix comprises one or more lookup tables for each instruction type, the instruction type being decoded by the processor from the instruction as an instruction identifier.
  - 16. The processor of claim 15, wherein each of the lookup tables specifies, based on an input operand label for data, an input instruction label for an instruction, and a context label for a process associated with the instruction, the access rights and transition rules which govern the execution of the instruction.
  - 17. The processor of claim 16, wherein the transition rules specify additional operations to be performed when executing the instruction.
  - 18. The processor of claim 17, wherein the additional operations comprise at least one of a trap operation for trapping the instruction and causing a software trap handler to execute on the instruction or a transition operation for transitioning the context label from a current value to a context label value associated with an output of a policy label lookup operation in the extended access control matrix.
  - 19. The processor of claim 14, wherein the one or more hardware implemented policy engines access the extended access control matrix stored in the hardware implemented access policy label cache to enforce an access control policy to control access to data by instructions processed by the processor.
  - 20. The processor of claim 14, wherein the first access policy and the second access policy are passed through the one or more hardware functional units by:
    - receiving the instruction and the instruction access policy label in a first hardware implemented policy engine associated with a first hardware functional unit of the processor;
      
      receiving, in the first hardware implemented policy engine, a current process context label associated with the instruction; and
      
      receiving, in the first hardware implemented policy engine, one or more operand labels corresponding to one or more operands of the instruction, and wherein the one or more hardware implemented policy engines operate to control access by the instruction to the data based on the instruction access policy label and the operand access policy label by performing a policy lookup operation on the extended access control matrix based on the instruction label, current process context label, and the one or more operand labels to identify an output label for a result of the execution of the instruction.
  - 21. The processor of claim 20, wherein the one or more hardware implemented policy engines operate to control access by the instruction to the data based on the instruction access policy label and the operand access policy label further by:
    - determining if the output label is a trap label; and
      
      executing a trap by executing a software interrupt to transfer control to a privileged software handler in response to a determination that the output label is a trap label; and
      
      executing the instruction and setting a label associated with result data of the execution of the instruction to the output label, if the output label is determined to not be a trap label.
  - 22. The processor of claim 21, wherein the one or more hardware implemented policy engines operate to control access by the instruction to the data based on the instruction access policy label and the operand access policy label further by:
    - determining if the output label indicates a context transition; and
      
      setting the current process context label to the output label value if the output label indicates a context transition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
H. Hunt, Guerney D., Toll, David C, Safford, David R., Mergen, Mark F., Hall, William E., Karger, Paul A.

Granted Patent

US 10,802,990 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/629   to features or functions of...

G06F 21/71   to assure secure computing ...

Hardware Based Mandatory Access Control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware Based Mandatory Access Control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links