Isolation of communication contexts to facilitate communication of data
First Claim
Patent Images
1. A system to facilitate secure communication of data from a user-level process, comprising:
- at least a first queue associated with a first process, such that the process is operative to directly communicate a message relative to the first queue; and
a first communication context operative to communicate the message between the first queue and a second communication context;
wherein communication between the first queue and the first communications context is controlled based on whether an appropriate association exists between the first queue and the first communications context, the association between the first queue and the first communications context being provided through a privileged operation not adjustable by the first process, the association between the first queue and the first communication context requires membership to a common domain.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method facilitate communication of data depending on whether communicating elements are properly associated with each other. An endpoint communication context is associated with a queue component, which queue component may communicate directly with a process. Each of the queue component and the endpoint communication context is associated with a domain in a privileged operation (e.g., by the operating system). The queue component may communicate with the endpoint communication context provided that the queue component and communication context have a valid association, such that their respective domains match.
-
Citations
34 Claims
-
1. A system to facilitate secure communication of data from a user-level process, comprising:
-
at least a first queue associated with a first process, such that the process is operative to directly communicate a message relative to the first queue; and a first communication context operative to communicate the message between the first queue and a second communication context; wherein communication between the first queue and the first communications context is controlled based on whether an appropriate association exists between the first queue and the first communications context, the association between the first queue and the first communications context being provided through a privileged operation not adjustable by the first process, the association between the first queue and the first communication context requires membership to a common domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system to facilitate communication of data, comprising:
-
a virtual hardware component at a first node operable to communicate a message received directly from an associated process; and a first channel endpoint established at the first node, the first channel endpoint being operative to communicate messages to a second channel endpoint residing at a second node; wherein each of the hardware component and the first channel endpoint is associated with a respective domain through a privileged operation at the first node, communication of messages between the virtual hardware component and the first channel endpoint being controlled based on validation of the respective domains for the virtual hardware component and the first channel endpoint being a common domain. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A system to facilitate communication of data, comprising:
-
storage means for receiving a message provided directly from a user-level process; communication means associated with the storage means for, upon validation of a common domain association between the storage means and the communication means, sending the stored request to a corresponding communication means at another node in the system; and validation means for validating the association between the storage means and the communication means, the storage means and the communication means being associated in a privileged operation not adjustable by user-level processes.
-
-
22. A system to facilitate communication of data, comprising:
-
virtual storage means at a first node for storing a message for direct communication relative to a user-level process; endpoint communication means at the first node for means for, upon determining a common domain membership for the storage means and the endpoint communication means, enabling communication between the virtual storage means and the endpoint communication means; and control means for independently controlling domain membership for each of the virtual storage means and the endpoint communication means. - View Dependent Claims (23, 24)
-
-
25. A computer-readable medium having computer-executable instructions for:
-
in a privileged mode, setting domain membership for a queue of a first node and setting domain membership for a communication component of the first node, the communication component of the first node being operable to communicate messages with a corresponding communication component at a second node, the domain membership being inaccessible by user-level processes, the queue being mapped into memory of an associated user-level process at the first node, such that the user-level process can communicate directly with the queue; and controlling communication of message between the queue and the communication component based on the domain membership set for each of the queue and the communication component being the same. - View Dependent Claims (26, 27)
-
-
28. A method to facilitate communication in a system architecture in which a process is operative to communicate a message directly with a storage component coupled to at least one local communications component in a node for communicating the message for receipt by a second communications component, the method comprising:
-
associating the storage component with a domain for temporarily storing the message; associating the local communications component with a domain; and controlling communication of a message between the storage component and the local communications component based on the domain of the storage component and the domain of the local communications component being identical. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
Specification