Apparatus, method and system to control accessibility of platform resources based on an integrity level
First Claim
1. An apparatus comprising:
- first logic including circuitry configured to execute one or more software processes of a functional domain to access resources of the apparatus;
second logic including circuitry configured to provide an enforcement domain to enforce a first rule set against access by the functional domain to the resources;
third logic including circuitry configured to provide a report domain to detect, during enforcement of the first rule set, a transition from the functional domain from a first state to a second state, wherein the first state is assigned a first integrity level and the second state is assigned a second integrity level, wherein the second integrity level is an integrity level less than the first integrity level;
fourth logic including circuitry configured to provide a policy domain, responsive to the transition from the first state to the second state, the fourth logic further configured to;
identify a second rule set based on a policy corresponding to the second integrity level;
configure the enforcement domain to enforce the second rule set against access by the functional domain to the resources;
identify, based on the second integrity level, a condition of a state assigned an integrity level greater than the second integrity level; and
automatically initiate an operation to cause the condition to be satisfied.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level.
13 Citations
23 Claims
-
1. An apparatus comprising:
-
first logic including circuitry configured to execute one or more software processes of a functional domain to access resources of the apparatus; second logic including circuitry configured to provide an enforcement domain to enforce a first rule set against access by the functional domain to the resources; third logic including circuitry configured to provide a report domain to detect, during enforcement of the first rule set, a transition from the functional domain from a first state to a second state, wherein the first state is assigned a first integrity level and the second state is assigned a second integrity level, wherein the second integrity level is an integrity level less than the first integrity level; fourth logic including circuitry configured to provide a policy domain, responsive to the transition from the first state to the second state, the fourth logic further configured to; identify a second rule set based on a policy corresponding to the second integrity level; configure the enforcement domain to enforce the second rule set against access by the functional domain to the resources; identify, based on the second integrity level, a condition of a state assigned an integrity level greater than the second integrity level; and automatically initiate an operation to cause the condition to be satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method executed at a platform, the method comprising:
-
with an enforcement domain of the platform, enforcing a first rule set against access by a functional domain of the platform to resources of the platform; during enforcement of the first rule set, detecting a transition from the functional domain from a first state to a second state, wherein the first state is assigned a first integrity level and the second state is assigned a second integrity level, wherein the second integrity level is an integrity level less than the first integrity level; in response to detecting the transition from the first state to the second state; identifying a second rule set based on a policy corresponding to the second integrity level; configuring the enforcement domain to enforce the second rule set against access by the functional domain to the resources based on the second integrity level; identifying a condition of a state assigned an integrity level greater than the second integrity level; and automatically initiating an operation to cause the condition to be satisfied. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-volatile computer-readable storage medium having stored thereon instructions which, when executed by one or more processing units, cause the one or more processing units to perform a method comprising:
-
with an enforcement domain of the platform, enforcing a first rule set against access by a functional domain of the platform to resources of the platform; during enforcement of the first rule set, detecting a transition from the functional domain from a first state to a second state, wherein the first state is assigned a first integrity level and the second state is assigned a second integrity level, wherein the second integrity level is an integrity level less than the first integrity level; in response to detecting the transition from the first state to the second state; identifying a second rule set based on a policy corresponding to the second integrity level; configuring the enforcement domain to enforce the second rule set against access by the functional domain to the resources based on the second integrity level; identifying a condition of a state assigned an integrity level greater than the second integrity level; and automatically initiating an operation to cause the condition to be satisfied. - View Dependent Claims (20, 21, 22, 23)
-
Specification