Patent application number | Description | Published |
20100088739 | Hardware Based Mandatory Access Control - Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label. | 04-08-2010 |
20100125708 | Recursive Logical Partition Real Memory Map - A recursive logical partition real memory map mechanism is provided for use in address translation. The mechanism, which is provided in a data processing system, receives a first address based on an address submitted from a process of a currently active logical partition. The first address is translated into a second address using a recursive logical partition real memory (RLPRM) map data structure for the currently active logical partition. The memory is accessed using the second address. The RLPRM map data structure provides a plurality of translation table pointers, each translation table pointer pointing to a separate page table for a separate level of virtualization in the data processing system with the data processing system supporting multiple levels of virtualization. | 05-20-2010 |
20100125709 | Logical Partition Memory - A mechanism is provided, in a data processing system, for accessing memory based on an effective address submitted by a process of a partition. The mechanism may translate the effective address into a virtual address using a segment look-aside buffer. The mechanism may further translate the virtual address into a partition real address using a page table. Moreover, the mechanism may translate the partition real address into a system real address using a logical partition real memory map for the partition. The system real address may then be used to access the memory. | 05-20-2010 |
20100125915 | Secure Computer Architecture - A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream. | 05-20-2010 |
20110035532 | Secure Recursive Virtualization - A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled. | 02-10-2011 |
20120331466 | Secure Recursive Virtualization - A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled. | 12-27-2012 |
20130019307 | Secure Computer Architecture - A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream. | 01-17-2013 |
20130227704 | PROCESSOR AND DATA PROCESSING METHOD WITH NON-HIERARCHICAL COMPUTER SECURITY ENHANCEMENTS FOR CONTEXT STATES - Disclosed are a processor and processing method that provide non-hierarchical computer security enhancements for context states. The processor can comprise a context control unit that uses context identifier tags associated with corresponding contexts to control access by the contexts to context information (i.e., context states) contained in the processor's non-stackable and/or stackable registers. For example, in response to an access request, the context control unit can grant a specific context access to a register only when that register is tagged with a specific context identifier tag. If the register is tagged with another context identifier tag, the contents of the specific register are saved in a context save area of memory and the previous context states of the specific context are restored to the specific register before access can be granted. The context control unit can also provide such computer security enhancements while still facilitating authorized cross-context and/or cross-level communications. | 08-29-2013 |
Patent application number | Description | Published |
20090033490 | System and Method of Dynamically Weighted Analysis for Intrusion Decision-Making - An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced. | 02-05-2009 |
20130291063 | Identification of Unauthorized or Misconfigured Wireless Access Point Using Distributed Endpoints - A system for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes multiple network endpoints and multiple agents running on endpoints. The agents are adapted to periodically locate WAPs and to report located WAPs to a central entity. The system further includes a central entity operative to receive information from the agents regarding located WAPs, to determine whether at least a given one of the located WAPs needs to be probed, and to initiate active probing of located WAPs when it is determined that the given one of the located WAPs needs to be probed. | 10-31-2013 |
20130291067 | Identification of Unauthorized or Misconfigured Wireless Access Point Using Distributed Endpoints - A method for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes the steps of: an agent running on an endpoint in the communication network locating one or more WAPs in the communication network; the agent reporting at least one located WAP to a central entity; and the central entity performing steps of applying prescribed criteria to determine whether the located WAP needs to be probed, and initiating active probing of the located WAP when it is determined that the located WAP needs to be probed to thereby determine whether the located WAP is unauthorized and/or misconfigured. | 10-31-2013 |
Patent application number | Description | Published |
20090070607 | Methods and apparatuses for reducing step loads of processors - Methods and apparatuses for reducing step loads of processors are disclosed. Method embodiments comprise examining a number of instructions to be processed by a processor to determine the types of instructions that it has, calculating power consumption by in an execution period based on the types of instructions, and limiting the execution to a subset of instructions of the number to control the quantity of power for the execution period. Some embodiments may also create artificial activity to provide a minimum power floor for the processor. Apparatus embodiments comprise instruction type determination logic to determine types of instructions in an incoming instruction stream, a power calculator to calculate power consumption associated with processing a number of instructions in an execution period, and instruction throttling logic to control the power consumption by limiting the number of instructions to be processed in the execution period. | 03-12-2009 |
20110252255 | Methods And Apparatuses For Reducing Step Loads Of Processors - Methods and apparatuses for reducing step loads of processors are disclosed. Method embodiments comprise examining a number of instructions to be processed by a processor to determine the types of instructions that it has, calculating power consumption by in an execution period based on the types of instructions, and limiting the execution to a subset of instructions of the number to control the quantity of power for the execution period. Some embodiments may also create artificial activity to provide a minimum power floor for the processor. Apparatus embodiments comprise instruction type determination logic to determine types of instructions in an incoming instruction stream, a power calculator to calculate power consumption associated with processing a number of instructions in an execution period, and instruction throttling logic to control the power consumption by limiting the number of instructions to be processed in the execution period. | 10-13-2011 |
20130275787 | Methods And Apparatuses For Reducing Step Loads Of Processors - Methods and apparatuses for reducing step loads of processors are disclosed. Method embodiments comprise examining a number of instructions to be processed by a processor to determine the types of instructions that it has, calculating power consumption by in an execution period based on the types of instructions, and limiting the execution to a subset of instructions of the number to control the quantity of power for the execution period. Some embodiments may also create artificial activity to provide a minimum power floor for the processor. Apparatus embodiments comprise instruction type determination logic to determine types of instructions in an incoming instruction stream, a power calculator to calculate power consumption associated with processing a number of instructions in an execution period, and instruction throttling logic to control the power consumption by limiting the number of instructions to be processed in the execution period. | 10-17-2013 |