利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

15 条记录 (耗时 0.014 秒)

    Secure recursive virtualization
    2.
    发明授权
    Secure recursive virtualization 失效
    安全的递归虚拟化

    公开(公告)号:US08286164B2

    公开(公告)日:2012-10-09

    申请号:US12537808

    申请日:2009-08-07

    申请人: William E. Hall Guerney D. H. Hunt Paul A. Karger Suzanne K. McIntosh Mark F. Mergen David R. Safford David C. Toll

    发明人: William E. Hall Guerney D. H. Hunt Paul A. Karger Suzanne K. McIntosh Mark F. Mergen David R. Safford David C. Toll

    IPC分类号: G06F9/455 G06F21/00

    CPC分类号: G06F9/45533 G06F9/5077 G06F21/57 G06F2009/4557 G06F2009/45579

    摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.

    摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。

    Automatic provisioning of services based on a high level description and an infrastructure description
    3.
    发明授权
    Automatic provisioning of services based on a high level description and an infrastructure description 有权
    基于高级描述和基础设施描述自动提供服务

    公开(公告)号:US07676552B2

    公开(公告)日:2010-03-09

    申请号:US10776297

    申请日:2004-02-11

    申请人: Tamar Eilam Liana L. Fong Guerney D. H. Hunt Michael H. Kalantar Lily B. Mummert John A. Pershing, Jr.

    发明人: Tamar Eilam Liana L. Fong Guerney D. H. Hunt Michael H. Kalantar Lily B. Mummert John A. Pershing, Jr.

    IPC分类号: G06F15/16

    CPC分类号: G06F9/5061

    摘要: The present invention is directed to provisioning and managing computing services in a computing utility system. It receives as an input an infrastructure independent description of a set of requirements on the new desired state of a computing service. It uses a knowledge plane to represent the infrastructure. The method generates a Concrete Model that describes a resource structure that refines the input and is implementable over the infrastructure. It then generates and possibly executes provisioning actions to create an identical resource structure on the infrastructure. The method can be used to create new computing services, to destroy existing computing services, to modify the resource combinations allocated to a computing service, or the configuration of these resources. Provisioning actions can be executed immediately, or saved and executed later, and possibly many times. Provisioning actions may be regenerated using the method whenever infrastructure characteristics, or the service requirements change.

    摘要翻译: 本发明旨在提供和管理计算实用程序系统中的计算服务。 它作为输入接收关于计算服务的新的期望状态的一组要求的基础架构独立描述。 它使用知识面来代表基础设施。 该方法生成一个描述资源结构的具体模型,该资源结构优化了输入并且可以在基础架构上实现。 然后它生成并可能执行配置动作,以在基础架构上创建相同的资源结构。 该方法可用于创建新的计算服务,摧毁现有计算服务,修改分配给计算服务的资源组合或这些资源的配置。 配置动作可以立即执行,也可以稍后进行保存并执行,可能需要多次执行。 只要基础设施特征或服务要求发生变化,就可以使用该方法重新进行配置动作。

    Hierarchical resource management for a computing utility
    5.
    发明授权
    Hierarchical resource management for a computing utility 有权
    计算实用程序的分层资源管理

    公开(公告)号:US08655997B2

    公开(公告)日:2014-02-18

    申请号:US10587618

    申请日:2004-01-30

    申请人: Tamar Eilam Guerney D. H. Hunt Sandra D. Miller Lily B. Mummert

    发明人: Tamar Eilam Guerney D. H. Hunt Sandra D. Miller Lily B. Mummert

    IPC分类号: G06F15/16 G06F12/00

    CPC分类号: G06F9/5072 G06F2209/5014 G06F2209/503

    摘要: This invention provides for the hierarchical provisioning and management of a computing infrastructure which is used to provide computing services to the customers of the service provider that operates the infrastructure. Infrastructure resources can include those acquired from other service providers. The invention provides architecture for hierarchical management of computing infrastructures. It allows the dynamic provisioning and assignment of resources to computing environments. Customers can have multiple computing environments within their domain. The service provider shares its resources across multiple customer domains and arbitrates on the use of resources between and within domains. The invention enables resources to be dedicated to a specific customer domain or to a specific computing environment. Customers can specify acquisition and distribution policy which controls their use of resources within their domains.

    摘要翻译: 本发明提供了用于向运营基础设施的服务提供商的客户提供计算服务的计算基础设施的分层供应和管理。 基础设施资源可以包括从其他服务提供商获得的资源。 本发明提供了用于计算基础设施的分级管理的架构。 它允许动态配置和分配资源到计算环境。 客户可以在其域内拥有多个计算环境。 服务提供商在多个客户域中共享其资源,并对域内和域之间的资源使用进行仲裁。 本发明使资源能够专用于特定的客户域或特定的计算环境。 客户可以指定收购和分配政策,以控制其在其领域内的资源使用。

    Secure Recursive Virtualization
    7.
    发明申请
    Secure Recursive Virtualization 审中-公开
    安全递归虚拟化

    公开(公告)号:US20120331466A1

    公开(公告)日:2012-12-27

    申请号:US13603643

    申请日:2012-09-05

    申请人: William E. Hall Guerney D. H. Hunt Paul A. Karger Suzanne K. McIntosh Mark F. Mergen David R. Safford David C. Toll

    发明人: William E. Hall Guerney D. H. Hunt Paul A. Karger Suzanne K. McIntosh Mark F. Mergen David R. Safford David C. Toll

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45533 G06F9/5077 G06F21/57 G06F2009/4557 G06F2009/45579

    摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.

    摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。

    File manager for files shared by heterogeneous clients
    8.
    发明授权
    File manager for files shared by heterogeneous clients 失效
    异构客户机共享文件的文件管理器

    公开(公告)号:US5535375A

    公开(公告)日:1996-07-09

    申请号:US320768

    申请日:1994-10-11

    申请人: Marc M. Eshel Guerney D. H. Hunt Donald N. Jones Christopher Meyer Frederick A. Schwartz

    发明人: Marc M. Eshel Guerney D. H. Hunt Donald N. Jones Christopher Meyer Frederick A. Schwartz

    IPC分类号: G06F12/00 G06F15/16 G06F15/177 G06F17/30 H04L29/06

    CPC分类号: G06F17/30197 G06F17/30179

    摘要: A computer system manages files shared by first and second heterogeneous clients. The first client exhibits a first protocol such as SMB and the second client exhibits a second, different protocol such as NFS. A first protocol converter receives requests from the first client to create, read and update the files, and converts the requests to corresponding requests exhibiting a common protocol. A second protocol converter receives requests from the second client to create, read and update the files, and converts the requests to corresponding requests exhibiting the common protocol. A file manager is common to both clients and both protocol converters, receives the converted requests exhibiting the common protocol and executes the requests in a name space and data area which are both common to the first and second clients. The name space stores names of the files and the data area stores the files. The file manager provides access by each of the clients to files and names of the files created by the other client. A common lock manager is provided for the common name space and common data area. The system also supports second and third name spaces and data areas dedicated to the first and second clients, respectively.

    摘要翻译: 计算机系统管理由第一和第二异构客户端共享的文件。 第一个客户端展示了第一个协议,如SMB,第二个客户端展示了第二个不同的协议,如NFS。 第一协议转换器接收来自第一客户端的请求以创建,读取和更新文件,并且将请求转换成呈现公共协议的相应请求。 第二协议转换器接收来自第二客户端的请求以创建,读取和更新文件,并且将请求转换成呈现公共协议的相应请求。 文件管理器对于客户机和两个协议转换器都是通用的,接收呈现公共协议的转换请求,并且执行第一和第二客户机共同的命名空间和数据区域中的请求。 名称空间存储文件的名称和数据区域存储文件。 文件管理器提供每个客户端访问其他客户端创建的文件的文件和名称。 为公共名称空间和公共数据区域提供了通用的锁管理器。 该系统还分别支持专用于第一和第二客户端的第二和第三名称空间和数据区域。

    Processor and data processing method with non-hierarchical computer security enhancements for context states
    9.
    发明授权
    Processor and data processing method with non-hierarchical computer security enhancements for context states 有权
    处理器和数据处理方法,用于上下文状态的非分层计算机安全增强

    公开(公告)号:US08850557B2

    公开(公告)日:2014-09-30

    申请号:US13408170

    申请日:2012-02-29

    申请人: Richard H. Boivie William E. Hall Guerney D. H. Hunt Suzanne K. McIntosh Mark F. Mergen Marcel C. Rosu David R. Safford David C. Toll Carl Lynn C. Karger

    发明人: Richard H. Boivie William E. Hall Guerney D. H. Hunt Paul A. Karger Suzanne K. McIntosh Mark F. Mergen Marcel C. Rosu David R. Safford David C. Toll

    IPC分类号: G06F12/14 G06F21/31

    CPC分类号: G06F21/31 G06F21/54 G06F21/6218 G06F2221/2105

    摘要: Disclosed are a processor and processing method that provide non-hierarchical computer security enhancements for context states. The processor can comprise a context control unit that uses context identifier tags associated with corresponding contexts to control access by the contexts to context information (i.e., context states) contained in the processor's non-stackable and/or stackable registers. For example, in response to an access request, the context control unit can grant a specific context access to a register only when that register is tagged with a specific context identifier tag. If the register is tagged with another context identifier tag, the contents of the specific register are saved in a context save area of memory and the previous context states of the specific context are restored to the specific register before access can be granted. The context control unit can also provide such computer security enhancements while still facilitating authorized cross-context and/or cross-level communications.

    摘要翻译: 公开了一种为上下文状态提供非分层计算机安全增强的处理器和处理方法。 处理器可以包括上下文控制单元,其使用与相应上下文相关联的上下文标识符标签来控制上下文对包含在处理器的不可堆叠和/或可堆叠寄存器中的上下文信息(即上下文状态)的访问。 例如,响应于访问请求,上下文控制单元可以仅在该寄存器被标记有特定上下文标识符标签时才向该寄存器授予特定上下文访问。 如果寄存器用另一个上下文标识符标记,则将特定寄存器的内容保存在存储器的上下文保存区域中,并且特定上下文的先前上下文状态将被恢复到特定寄存器,然后才能授予访问权限。 上下文控制单元还可以提供这样的计算机安全增强,同时还促进授权的交叉上下文和/或跨级通信。

    Logical partition memory
    10.
    发明授权
    Logical partition memory 有权
    逻辑分区内存

    公开(公告)号:US08135937B2

    公开(公告)日:2012-03-13

    申请号:US12272261

    申请日:2008-11-17

    申请人: William E. Hall Guerney D. H. Hunt Paul A. Karger Mark F. Mergen David R. Safford David C. Toll

    发明人: William E. Hall Guerney D. H. Hunt Paul A. Karger Mark F. Mergen David R. Safford David C. Toll

    IPC分类号: G06F12/00 G06F13/00 G06F13/28 G06F9/46 G06F9/26 G06F9/34

    CPC分类号: G06F12/1036

    摘要: A mechanism is provided, in a data processing system, for accessing memory based on an effective address submitted by a process of a partition. The mechanism may translate the effective address into a virtual address using a segment look-aside buffer. The mechanism may further translate the virtual address into a partition real address using a page table. Moreover, the mechanism may translate the partition real address into a system real address using a logical partition real memory map for the partition. The system real address may then be used to access the memory.

    摘要翻译: 在数据处理系统中提供了一种基于由分区的进程提交的有效地址来访问存储器的机制。 该机制可以使用段间隔缓冲区将有效地址转换为虚拟地址。 该机制可以使用页表进一步将虚拟地址转换成分区实际地址。 此外,该机制可以使用分区的逻辑分区实际存储器映射将分区实际地址转换为系统实际地址。 然后可以使用系统实际地址来访问存储器。