136 results about "Protection domain" patented technology

The Virtual Machine is viewed by many as inherently insecure despite all the efforts to improve its security. This invention provides methods, apparatus, and computer products to implement a system that provides operating system style protection for code. Although applicable to many language systems, the invention is described for a system employing the Java language. Hardware protection domains are used to separate Java classes, provide access control on cross domain method invocations, efficient data sharing between protection domains, and memory and CPU resource control. Apart from the performance impact, these security measures are all transparent to the Java programs, even when a subclass is in one domain and its superclass is in another, when they do not violate the policy. To reduce the performance impact, classes are grouped and shared between protection domains and map data lazily as it is being shared. The system has been implemented on top of the Paramecium operating system used as an example of an extensible operating system application.

This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.

This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.

A protection domain system is implemented to provide protection for applications executing in a computing environment. Protection domains are allocated system resources and may contain executing tasks. The protection domain system may allow tasks to access resources in other protection domains to which attachments have been made. Attachment is transparent to the software developer. The protection domain system provides flexibility in implementing operating system services and defining protection hierarchies.

A system and method whereby a client can transfer data to a service on the same or another protection domain and obtain a handle to it, the handle being defined as any mutually agreed-upon token that refers to the data, and which is usually much shorter than the data. The handle may then be passed to a service in lieu of again transferring the data. For example, in the case of a client sending the same data to multiple destinations, the invention allows the data to be transferred from the client protection domain to the service protection domain once using the data transfer operation. The client can then call the communication service any number of times by passing a handle to the instance of the data in the service protection domain, thus obviating the need to repeatedly transfer the data between the client and the service. An alternative embodiment allows the client to aggregate service invocations which are to operate on common data and to transfer a composite service invocation to a service domain using the data handle. The invention can be applied among local entities within one protection domain, between two protection domains at one location, between remote protection domains, across networks, between clients and routers, etc.

A system for conducting performance analysis for executing tasks. The analysis involves generating a variety of trace information related to performance measures, including parallelism-related information, during execution of the task. In order to generate the trace information, target source code of interest is compiled in such a manner that executing the resulting executable code will generate execution trace information composed of a series of events. Each event stores trace information related to a variety of performance measures for the one or more processors and protection domains used. After the execution trace information has been generated, the system can use that trace information and a trace information description file to produce useful performance measure information. The trace information description file contains information that describes the types of execution events as well as the structure of the stored information. The system uses the trace information description file to organize the information in the trace information file, extracts a variety of types of performance measure information from the organized trace information, and formats the extracted information for display. The system can use default or user-defined functions to extract and format trace information for display. After the system displays one or more types of performance measure information, a user of the system can then interact with the system in a variety of ways to obtain other useful performance analysis information.

Hardware virtualization support is used to isolate kernel extensions. A kernel and various kernel extensions are executed in a plurality of hardware protection domains. Each hardware protection domain defines computer resource privileges allowed to code executing in that hardware protection domain. Kernel extensions execute with appropriate computer resource privileges to complete tasks without comprising the stability of the computer system.

An apparatus and method for information recovery quality assessment in a computing environment is disclosed. This includes a group of inter-related software modules and associated data structures that analyze and assess the recoverability of the network data through the data protection configuration setup and a previously performed data protection process. It examines in a comprehensive manner the recoverability perspective across a pre-defined data protection domain, such as a computer network with an organization. The results of the examination provide for the display of inconsistencies of data protection configuration and previously performed data protection processes that consequently result in problems of recovering the network objects in an appropriate manner.

The invention discloses a new-typed heavy metal ion adsorbent of silica loading crosslinking chitosan in the environment-protection domain, which is characterized by the following: the metal ion adsorbent adapts gamma-epoxy propyl-trimethyl silane with epoxy group and soluble inorganic silane agent as chitosan crosslinking agent; the chitosan crosslinking action is accomplished by the reaction of chitosan and epoxy group and the silane agent hydrolysis and condensation course. The invention displays simple course without organic solvent and environmental pollution, which can dispose the waste water with heavy metal ion.

A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

Methods and systems for providing a flexible protection model in a computer system by decoupling protection from privilege are described. Information describing a relationship between the two or more domains that define types of protection and portions of code is received. The portions of code with the multiple domains that provide fine granularities of protection can be executed in the same privilege level. The relationship is not required to be linear. In addition, the overhead associated with crossing protection domains is relatively low with respect to traditional operating system context switching overhead.

A computer system and method for operating a computer system is provided which comprises a core operating system and a system space having a number of memory locations. The core operating system is arranged to create a number of protection domains to partition the system space into a core operating system space and a plurality of partitions. A partition operating system, a partition user application, and a partition alarm handler is provided in each partition. Each partition operating system provides resource allocation services to the respective partition user application within the partition. An alarm dispatcher and a system alarm handler is provided in the core operating system space. The alarm dispatcher is configured to receive alarms and to dispatch the alarms to one of the alarm handlers.

A computer system is provided comprising a core operating system and a system space having a number of memory locations. The core operating system creates a number of protection domains to partition the system space. Each of the partitions includes a partition operating system and a partition user application. Each partition operating system provides resource allocation services to the respective partition user application within the partition.

A computer processor includes an instruction processing pipeline that interfaces to a hierarchical memory system employing an address space. The instruction processing pipeline includes execution logic that executes at least one thread in different protection domains over time, wherein the different protection domains are defined by descriptors each including first data specifying a memory region of the address space employed by the hierarchical memory system and second data specifying permissions for accessing the associated memory region. The address space can be a virtual address space or a physical address space. The protection domains can be associated with different turfs each representing a collection of descriptors. A given thread can execute in a particular protection domain(turf), one protection domain (turf) at a time with the particular protection domain (turf) selectively configured to change over time.

A first application instance is associated with a protection domain based on credentials (e.g.: a signed certificate) associated with a set of application code that, when executed, gives rise to the application instance. The first application instance executes in a first execution context. An indication is received that the first application instance seeks access to protected functionality associated with a second execution context. In response to receiving the indication, a determination is made as to whether the first application instance has permission to access the protected functionality. The determination is made by determining the protection domain with which the first application instance is associated, and determining if the protection domain with which the first application instance is associated is in the set of one or more protection domains.

Methods and apparatus for automatically routing paths in a network with a mixed protection domain. According to one aspect, a method for computing a primary path within a network includes identifying a plurality of potential paths which are characteristically similar and are arranged between the source node and the destination node and selecting a first potential path from the plurality of potential paths which are characteristically similar. The first potential path is considered for use as an actual path between the source node and the destination node, while the other potential paths included in the plurality of potential paths which are characteristically similar are not considered for use as the actual path between the source node and the destination node.

A method for protection switching in a shared node where protection resources of a plurality of end-to-end linear protection domain are shared is provided. The shared node receives a first protection switching event message notifying that a protection switching event occurs from a first node of a first end-to-end linear protection domain, and determines whether to prohibit protection switching on a second end-to-end linear protection domain by comparing a priority of the first end-to-end linear protection domain with a priority of the second end-to-end linear protection domain.

The present invention provides a system, method, and computer program product that enables user space middleware or applications to pass block mode storage requests directly to a physical I/O Adapter without run-time involvement from the local Operating System (OS), or, in a virtual system, the local Hypervisor. Specifically, the present invention is directed to a mechanism for providing and using a linear block address (LBA) translation protection table (TPT) to control user space and out of user space Input/Output (I/O) operations. In one aspect of the present invention, the LBATPT includes an adapter protection table that has entries for each portion of a storage device. Each entry may include a key instance and protection domain, along with other protection table context information, against which I/O requests may be checked to determine if an application instance that submitted the I/O requests may access the LBAs identified in the I/O requests.

A method of protecting ATM connections in a telecommunications network including at least one protection domain which covers only a portion of a connection, each protection domain comprising a source node and a peer sink node. Each source node and its peer sink node can be interconnected by at least two alternative connection segments and can switch over from one connection segment to the other. Any node of the network can send an alarm message downstream over a current path and each node can store a connection fault status when it receives such an alarm message. Each sink node which receives the alarm message sends a switchover request message to its peer source node to request a switchover which is executed only if the peer source node has not itself stored an alarm message. The sink node switches over only if the peer source node has responded positively.