Computer system with dual operating modes

US 7,849,311 B2
Filed: 03/15/2005
Issued: 12/07/2010
Est. Priority Date: 03/15/2005
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

an access device;

secure devices storing secure processes and secure data;

non-secure devices storing non-secure processes and non-secure data; and

a processor coupled to the secure devices, the non-secure devices and the access device, allowing access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode;

wherein said processor comprises a secure hash table having a secure hash table pointer, a non-secure hash table having a non-secure table pointer and a table pointer pointing to one of the secure and non-secure hash tables responsive to the mode and containing the secure hash table pointer when in the secure mode and containing the non-secure hash table pointer when in the non-secure mode.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a system that switches between non-secure and secure modes by making processes, applications and data for the non-active mode unavailable to the active mode. That is, non-secure processes, applications and data are not accessible when in the secure mode and visa versa. This is accomplished by creating dual hash tables where one table is used for secure processes and one for non-secure processes. A hash table pointer is changed to point to the table corresponding to the mode. The path-name look-up function that traverses the path name tree to obtain a device or file pointer is also restricted to allow traversal to only secure devices and file pointers when in the secure mode and only to non-secure devices and files in the non-secure mode. The process thread run queue is modified to include a state flag for each process that indicates whether the process is a secure or non-secure process. A process scheduler traverses the queue and only allocates time to processes that have a state flag that matches the current mode. Running processes are marked to be idled and are flagged as unrunnable, depending on the security mode, when the process reaches an intercept point. The switch operation validates the switch process and pauses the system for a period of time to allow all running processes to reach an intercept point and be marked as unrunnable. After all the processes are idled, the hash table pointer is changed, the look-up control is changed to allow traversal of the corresponding security mode branch of the file name path tree, and the scheduler is switched to allow only threads that have a flag that corresponds to the security mode to run. The switch process is then put to sleep and a master process, either secure or non-secure, depending on the mode, is then awakened.

Citations

21 Claims

1. A computer system, comprising:
- an access device;
  
  secure devices storing secure processes and secure data;
  
  non-secure devices storing non-secure processes and non-secure data; and
  
  a processor coupled to the secure devices, the non-secure devices and the access device, allowing access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode;
  
  wherein said processor comprises a secure hash table having a secure hash table pointer, a non-secure hash table having a non-secure table pointer and a table pointer pointing to one of the secure and non-secure hash tables responsive to the mode and containing the secure hash table pointer when in the secure mode and containing the non-secure hash table pointer when in the non-secure mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A system as recited in claim 1, wherein said processor allows access to the secure processes and secure data by the user using the access device and does not allow access by the user using the access device to the non-secure processes and non-secure data when in a secure mode.
  - 3. A system as recited in claim 1,wherein said processor switches between secure and non-secure modes as requested by the user.
  - 4. A system as recited in claim 3, wherein said processor comprises:
    - a process thread run queue storing process thread entries, where the process thread entries each comprises a flag indicating whether the thread comprises a secure process; and
      
      a scheduler allocating process time to only secure threads when in the secure mode and allocating process time to only non-secure threads when in the non-secure mode.
  - 5. A system as recited in claim 4, wherein said queue stores non-secure and secure process thread entries.
  - 6. A system as recited in claim 3, wherein said processor comprises a path name look-up function returning a secure device/file pointer only when in the secure mode.
  - 7. A system as recited in claim 6, further comprising a secure file system directory stored on one of the secure devices and accessible only in the secure mode.
  - 8. A system as recited in claim 1, wherein said processor performs page swaps with devices having a same security mode as the process.
  - 9. A system as recited in claim 2, wherein the security mode comprises security levels, the secure processes and data have security levels and said processor allows access to the secure processes and secure data by the user using the access device responsive to a corresponding current security level.
  - 10. A system as recited in claim 1,wherein said processor checks a security level of processes being awakened.

11. A computer system, comprising:
- an access device;
  
  secure devices storing secure processes and secure data;
  
  non-secure devices storing non-secure processes and non-secure data; and
  
  a processor coupled to the secure devices, the non-secure devices and the access device, allowing access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode,wherein said processor comprises a secure hash table having a secure hash table pointer, a non-secure hash table having a non-secure table pointer and a table pointer pointing to one of the secure and non-secure hash tables responsive to the mode and containing the secure hash table pointer when in the secure mode and containing the non-secure hash table pointer when in the non-secure mode, andwherein said processor switches the contents of the table pointer responding to a switch between the modes.

12. A computer system, comprising:
- an access device;
  
  secure devices storing secure processes and secure data;
  
  non-secure devices storing non-secure processes and non-secure data; and
  
  a processor coupled to the secure devices, the non-secure devices and the access device, allowing access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode;
  
  wherein said processor switches between secure and non-secure modes as requested by the user;
  
  wherein said processor, when a switch between the non-secure mode to the secure mode is requested, idles all processes, pauses for a predetermined period of time, changes a hash table pointer to point to a secure hash table, sets a path name look-up function to only return secure pointers, sets a process scheduler to allocate time to only secure threads, and awakens a secure master process.
- View Dependent Claims (13, 14)
- - 13. A system as recited in claim 12, wherein said predetermined time comprises a time that will allow all processes to reach an intercept point.
  - 14. A system as recited in claim 12, wherein said processor runs a secure master process during secure processing and the secure master process can be started at any time after system start-up.

15. A computer system, comprising:
- an access device;
  
  secure devices storing secure processes and secure data;
  
  non-secure devices storing non-secure processes and non-secure data; and
  
  a processor coupled to the secure devices, the non-secure devices and the access device, switching between secure and non-secure modes as requested by a user, allowing access to the non-secure processes and non-secure data by the user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode and allowing access to the secure processes and secure data by the user using the access device and does not allow access by the user using the access device to the non-secure processes and non-secure data when in a secure mode;
  
  said processor comprising;
  
  a secure hash table having a secure hash table pointer, a non-secure hash table having a non-secure table pointer and a table pointer pointing to one of the secure and non-secure hash tables responsive to the mode and containing the secure hash table pointer when in the secure mode and containing the non-secure hash table pointer when in the non-secure mode and said processor switching the contents of the table pointer responsive to the switching between secure and non-secure modes;
  
  a process thread run queue storing non-secure and secure process thread entries, where the process thread entries each comprises a flag indicating whether the thread comprises a secure process;
  
  a scheduler allocating process time to only secure threads when in the secure mode and allocating process time to only non-secure threads when in the non-secure mode responsive to a process switch count;
  
  a path name look-up function returning a secure device/file pointer only when in the secure mode;
  
  a secure file system directory stored on one of the secure devices and accessible only in the secure mode,wherein said processor, when a switch between the non-secure mode to the secure mode is requested, idles all processes, pauses for a predetermined period of time that will allow all processes to reach an intercept point where the process switch count can be updated, changes the table pointer to point to the secure hash table, sets a path name look-up function to only return secure pointers, sets a process scheduler to allocate time to only secure threads, and awakens a secure master process,wherein said processor runs a secure master process during secure processing and the secure master process can be started at any time after system start-up, andwherein said processor performs page swaps with devices having a same security mode as the process.

16. A method of controlling a single computer system including a processor, an access device, secure devices storing secure processes and secure data with a security level, and non-secure devices storing non-secure processes and non-secure data, said method comprising:
- allowing, by the processor, access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode; and
  
  allowing, by the processor, access to the secure processes and secure data by the user using the access device corresponding to a current security level and not allowing access by the user using the access device to the non-secure processes and non-secure data when in a secure mode;
  
  pointing to a secure hash table when in the secure mode and pointing to a non-secure hash table when in the non-secure mode.
- View Dependent Claims (17, 18)
- - 17. A method as recited in claim 16, further comprising:
    - running only processes on a run queue that have a process security level corresponding to the current security level.
  - 18. A method as recited in claim 16, further comprising:
    - checking a security level of processes being awakened.

19. A non-transitory computer readable storage medium controlling a computer with a process stored thereon allowing, by the processor, access to the non-secure processes and non-secure data by a user using the access device and not allowing access by the user using the access device to the secure processes and secure data when in a non-secure mode;
- and allowing, by the processor, access to the secure processes and secure data by the user using the access device corresponding to a current security level and not allowing access by the user using the access device to the non-secure processes and non-secure data when in a secure mode, and providing a table pointer pointing to one of the secure and non-secure hash tables responsive to a mode, the table pointer containing the secure hash table pointer for a secure mode and containing the non-secure hash table pointer for a non-secure mode.

20. A non-transitory computer readable storage medium controlling a computer with a data structure, comprising:
- a secure hash table having a secure hash table pointer;
  
  a non-secure hash table having a non-secure hash table pointer; and
  
  a table pointer pointing to one of the secure and non-secure hash tables responsive to a mode, the table pointer containing the secure hash table pointer for a secure mode and containing the non-secure hash table pointer for a non-secure mode.
- View Dependent Claims (21)
- - 21. A non-transitory computer readable storage medium as recited in claim 20, further comprising a process security level mode for each process and a system security mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Silicon Graphics International Corporation (Hewlett-Packard Enterprise Company)
Inventors
Donlin, Patrick J., Raymond, Michael
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US11/079,409
Publication Number

US 20060212945A1
Time in Patent Office

2,093 Days
Field of Search

713/164, 713/165, 713/166, 713/167
US Class Current

713/164
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/606   by securing the transmissio...

G06F 2221/2105   Dual mode as a secondary as...

Computer system with dual operating modes

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system with dual operating modes

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links