公开(公告)号：JP2010092465A

公开(公告)日：2010-04-22

申请号：JP2009200006

申请日：2009-08-31

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： SAFFORD DAVID ROBERT ,  KARGER PAUL ASHLEY ,  H HUNT GUERNEY D ,  HALL WILLIAM ERIC ,  MERGEN MARK FREDERICK ,  TOLL DAVID C

IPC: G06F21/24 ,  G06F9/34

CPC classification number: G06F12/1483 ,  G06F21/629 ,  G06F21/71

Abstract: PROBLEM TO BE SOLVED: To provide a method and mechanisms for hardware-based mandatory access control. SOLUTION: Hardware mechanisms are provided for performing hardware-based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with the data to be processed by the processor. The instruction access policy label is passed along with the instruction via one or more hardware functional units of the processor. The operand access policy label is passed along with the data via the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized, to control access by instruction to the data, based on the instruction access policy label and the operand access policy label. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：提供一种基于硬件的强制访问控制的方法和机制。 解决方案：提供硬件机制，用于执行对数据指令的基于硬件的访问控制。 这些硬件机制将指令访问策略标签与要由处理器处理的指令相关联，并将操作数访问策略标签与要由处理器处理的数据相关联。 指令访问策略标签通过处理器的一个或多个硬件功能单元与指令一起传递。 操作数访问策略标签通过处理器的一个或多个硬件功能单元与数据一起传递。 利用与处理器的一个或多个硬件功能单元相关联的一个或多个硬件实现的策略引擎，以基于指令访问策略标签和操作数访问策略标签来控制对数据的指令的访问。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：DE3750824T2

公开(公告)日：1995-05-24

申请号：DE3750824

申请日：1987-01-08

Applicant: IBM

Inventor： CHANG ALBERT ,  MERGEN MARK FREDERICK ,  O'QUIN II JOHN THOMAS ,  O'QUIN III JOHN CLAUDE ,  ROGERS MARK DOUGLAS

IPC: G06F9/48 ,  G06F12/10 ,  G06F9/46 ,  G06F13/10

公开(公告)号：DE3750824D1

公开(公告)日：1995-01-19

申请号：DE3750824

申请日：1987-01-08

Applicant: IBM

Inventor： CHANG ALBERT ,  MERGEN MARK FREDERICK ,  O'QUIN II JOHN THOMAS ,  O'QUIN III JOHN CLAUDE ,  ROGERS MARK DOUGLAS

IPC: G06F9/48 ,  G06F12/10 ,  G06F9/46 ,  G06F13/10

公开(公告)号：BR8806305A

公开(公告)日：1989-08-15

申请号：BR8806305

申请日：1988-11-30

Applicant: IBM

Inventor： BLOUNT MARION LEE ,  COCCHI ANTHONY ,  MERGEN MARK FREDERICK ,  MORGAN STEPHEN PAUL ,  RADER KATALIN ANNA VERONIKA

IPC: G06F12/08 ,  G06F9/46 ,  G06F11/14 ,  G06F11/16 ,  G06F11/20 ,  G06F12/00 ,  G06F12/10 ,  G06F15/16 ,  G06F15/177 ,  G06F13/14

Abstract: A method for maintaining the overall system availability of a multi-processor data processing system in the event of a failure at one of a plurality of independent failure points. The system includes a plurality of virtual memory type processor units, each of which includes an interactive terminal, and a main memory which is connected to a secondary storage device which is also shared by the main memory of one of the other processor units. The main memories of the two units are also interconnected to provide a shared virtual memory system. Both processor units employ the same operating system and share the same virtual address space for storing information. The interactive terminal of each processor unit is connected to the other processor unit. Failure points include the terminals, the processor units, the communication links, and the various software components that are employed by the system. System availability is maintained by managing the storage of selected information at pre-established precise points in the processing operation. Identical operating system data structures that are stored in each processor unit are updated with the results of certain identified data processing transactions which have affected information required for succeeding processing operations in manner to insure that either identical updates occur or no update occurs. The arrangement ensures that any changes that might have occurred in the information stored in the data structure prior to the end of an aborted transaction is returned to the initial state to permit the transaction to be retried whenever the path of the failure can be bypassed.

公开(公告)号：BR8700175A

公开(公告)日：1987-12-01

申请号：BR8700175

申请日：1987-01-16

Applicant: IBM

Inventor： CHANG ALBERT ,  MERGEN MARK FREDERICK ,  O'QUIN JOHN THOMAS II ,  O'QUIN JOHN CLAUDE III ,  ROGERS MARK DOUGLASS

IPC: G06F9/48 ,  G06F12/10 ,  G06F12/08 ,  G06F13/24

公开(公告)号：DE3854384T2

公开(公告)日：1996-03-28

申请号：DE3854384

申请日：1988-11-09

Applicant: IBM

Inventor： BLOUNT MARION LEE ,  COCCHI ANTHONY ,  MERGEN MARK FREDERICK ,  MORGAN STEPHEN PAUL ,  RADER KATALIN ANNA

IPC: G06F12/08 ,  G06F9/46 ,  G06F11/14 ,  G06F11/16 ,  G06F11/20 ,  G06F12/00 ,  G06F12/10 ,  G06F15/16 ,  G06F15/177

Abstract: A method for maintaining the overall system availability of a multi-processor data processing system in the event of a failure at one of a plurality of independent failure points. The system includes a plurality of virtual memory type processor units, each of which includes an interactive terminal, and a main memory which is connected to a secondary storage device which is also shared by the main memory of one of the other processor units. The main memories of the two units are also interconnected to provide a shared virtual memory system. Both processor units employ the same operating system and share the same virtual address space for storing information. The interactive terminal of each processor unit is connected to the other processor unit. Failure points include the terminals, the processor units, the communication links, and the various software components that are employed by the system. System availability is maintained by managing the storage of selected information at pre-established precise points in the processing operation. Identical operating system data structures that are stored in each processor unit are updated with the results of certain identified data processing transactions which have affected information required for succeeding processing operations in manner to insure that either identical updates occur or no update occurs. The arrangement ensures that any changes that might have occurred in the information stored in the data structure prior to the end of an aborted transaction is returned to the initial state to permit the transaction to be retried whenever the path of the failure can be bypassed.

公开(公告)号：DE3851038D1

公开(公告)日：1994-09-15

申请号：DE3851038

申请日：1988-10-20

Applicant: IBM

Inventor： CHANG ALBERT ,  COCKE JOHN ,  MERGEN MARK FREDERICK ,  OEHLER RICHARD RAPHAEL

IPC: G06F12/00 ,  G06F12/14

Abstract: A method of and a controller for accessing a protected memory which is logically divided into major partitions - pages - which are in turn sub-divided into minor partitions - blocks - by concurrently executing transactions, using virtual block addressing and address translation at the memory controller via an access table, wherein there are provided table entries containing priviledged access control fields relating to the pages and lock fields relating to the individual blocks, by receiving an address of a data block to be accessed by an identifiable transaction; deriving from the address an access table entry corresponding to the data block and testing the data in the page access control field and the lock field governing access to the block; and providing the requested access if permitted by the access control data and the lock data for the type of access concerned, and also providing recorded access, if not permitted but not specifically denied by the lock data, using at least part of the lock field to record such latter type of access.

公开(公告)号：DE3854384D1

公开(公告)日：1995-10-05

申请号：DE3854384

申请日：1988-11-09

Applicant: IBM

Inventor： BLOUNT MARION LEE ,  COCCHI ANTHONY ,  MERGEN MARK FREDERICK ,  MORGAN STEPHEN PAUL ,  RADER KATALIN ANNA

IPC: G06F12/08 ,  G06F9/46 ,  G06F11/14 ,  G06F11/16 ,  G06F11/20 ,  G06F12/00 ,  G06F12/10 ,  G06F15/16 ,  G06F15/177

Abstract: A method for maintaining the overall system availability of a multi-processor data processing system in the event of a failure at one of a plurality of independent failure points. The system includes a plurality of virtual memory type processor units, each of which includes an interactive terminal, and a main memory which is connected to a secondary storage device which is also shared by the main memory of one of the other processor units. The main memories of the two units are also interconnected to provide a shared virtual memory system. Both processor units employ the same operating system and share the same virtual address space for storing information. The interactive terminal of each processor unit is connected to the other processor unit. Failure points include the terminals, the processor units, the communication links, and the various software components that are employed by the system. System availability is maintained by managing the storage of selected information at pre-established precise points in the processing operation. Identical operating system data structures that are stored in each processor unit are updated with the results of certain identified data processing transactions which have affected information required for succeeding processing operations in manner to insure that either identical updates occur or no update occurs. The arrangement ensures that any changes that might have occurred in the information stored in the data structure prior to the end of an aborted transaction is returned to the initial state to permit the transaction to be retried whenever the path of the failure can be bypassed.

公开(公告)号：DE3851038T2

公开(公告)日：1995-03-09

申请号：DE3851038

申请日：1988-10-20

Applicant: IBM

Inventor： CHANG ALBERT ,  COCKE JOHN ,  MERGEN MARK FREDERICK ,  OEHLER RICHARD RAPHAEL

IPC: G06F12/00 ,  G06F12/14

Abstract: A method of and a controller for accessing a protected memory which is logically divided into major partitions - pages - which are in turn sub-divided into minor partitions - blocks - by concurrently executing transactions, using virtual block addressing and address translation at the memory controller via an access table, wherein there are provided table entries containing priviledged access control fields relating to the pages and lock fields relating to the individual blocks, by receiving an address of a data block to be accessed by an identifiable transaction; deriving from the address an access table entry corresponding to the data block and testing the data in the page access control field and the lock field governing access to the block; and providing the requested access if permitted by the access control data and the lock data for the type of access concerned, and also providing recorded access, if not permitted but not specifically denied by the lock data, using at least part of the lock field to record such latter type of access.