Hardware Based Mandatory Access Control
First Claim
1. A method, in a data processing system, for performing hardware based access control, comprising:
- associating, in hardware of the data processing system, an instruction access policy label with an instruction to be processed by a processor of the data processing system;
associating, in hardware of the data processing system, an operand access policy label with data in the data processing system;
passing the instruction access policy label along with the instruction through one or more hardware functional units of the processor;
passing the operand access policy label along with the data through the one or more hardware functional units of the processor; and
utilizing one or more hardware implemented policy engines associated with the one or more hardware functional units of the processor to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.
2 Assignments
0 Petitions
Accused Products
Abstract
Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.
-
Citations
22 Claims
-
1. A method, in a data processing system, for performing hardware based access control, comprising:
-
associating, in hardware of the data processing system, an instruction access policy label with an instruction to be processed by a processor of the data processing system; associating, in hardware of the data processing system, an operand access policy label with data in the data processing system; passing the instruction access policy label along with the instruction through one or more hardware functional units of the processor; passing the operand access policy label along with the data through the one or more hardware functional units of the processor; and utilizing one or more hardware implemented policy engines associated with the one or more hardware functional units of the processor to control access by the instruction to the data based on the instruction access policy label and the operand access policy label. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A processor, comprising:
-
one or more hardware functional units; and one or more hardware implemented policy engines associated with the one or more hardware functional units, wherein; an instruction access policy label is associated, in hardware of the processor, with an instruction to be processed by the processor, an operand access policy label is associated, in hardware of the processor, with data processed by the processor, the instruction access policy label is passed along with the instruction through the one or more hardware functional units of the processor, the operand access policy label is passed along with the data through the one or more hardware functional units of the processor, and the one or more hardware implemented policy engines operate to control access by the instruction to the data based on the instruction access policy label and the operand access policy label. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification