Restricted access devices
First Claim
1. A method for restricting access to a device comprising:
- receiving a data operation in connection with the device;
determining a type of said device as one of restricted access and standard access;
determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
determining a target location associated with said data operation; and
in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode.
9 Assignments
0 Petitions
Accused Products
Abstract
Described are techniques in connection with restricting access to devices within a computer system. Access to a device may be restricted to one or more particular hosts within the computer system, and also further restricted to a particular software program executing within the particular hosts. The restricted access device (RAD) may be recognized by one or more hosts only having access to specific portions of the RAD unless special RAD I/O opcodes are used in connection with performing I/O operations. Access to a device may be obtained by enabling a particular use of the special RAD I/O opcodes. Subsequently, access to the same device may be disabled by stopping use of the special RAD I/O opcodes by a particular host and/or software executing in the host. RADs may be used in a variety of applications including, for example, restricting access to shared logs or journals and protecting a database.
-
Citations
42 Claims
-
1. A method for restricting access to a device comprising:
-
receiving a data operation in connection with the device;
determining a type of said device as one of restricted access and standard access;
determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
determining a target location associated with said data operation; and
in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for restricting access to a device comprising:
-
receiving a data operation in connection with the device;
determining a type of said device as one of restricted access and standard access;
determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
determining a target location associated with said data operation;
in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid; and
determining that said data operation is valid if said opcode is included in said second set and said type is restricted. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product stored on a computer-readable medium for restricting access to a device comprising:
-
machine executable code that receives a data operation in connection with the device;
machine executable code that determines a type of said device as one of restricted access and standard access;
machine executable code that determines if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
machine executable code that determines a target location associated with said data operation; and
machine executable code that, in response to determining one of said first and said second sets of opcodes, said type, and said target location, determines if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. An apparatus for restricting access to a device in a computer system comprising:
-
means for receiving a data operation in connection with the device;
means for determining a type of said device as one of restricted access and standard access;
means for determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
means for determining a target location associated with said data operation; and
means for determining, in response to said means for determining one of said first and said second sets of opcodes, said type, and said target location, if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. An apparatus for restricting access to a device in a computer system comprising:
-
means for receiving a data operation in connection with the device;
means for determining a type of said device as one of restricted access and standard access;
means for determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
means for determining a target location associated with said data operation;
means for determining, in response to said means for determining one of said first and said second sets of opcodes, said type, and said target location, if said data operation is valid; and
means for determining that said data operation is valid if said opcode is included in said second set and said type is restricted. - View Dependent Claims (39, 40, 41, 42)
-
Specification