| 发明名称 |
Method and system for permitting access to resources based on instructions of a code tagged with an identifier assigned to a domain |
| 摘要 |
A method including: assigning identifiers to respective domains, where each of the domains is allocated a corresponding set of resources, and where the resources in the sets of resources are accessible at respective physical addresses; storing permissions to access the physical addresses, where each of the permissions indicates which of the physical addresses one or more of the domains are permitted to access. The method also includes: assigning a code to a first domain, where the code includes instructions, and where each of the instructions includes a corresponding one of the physical addresses; tagging each of the instructions by adding the identifier assigned to the first domain to each of the instructions; and during execution of each of the instructions, comparing the identifier included in the corresponding instruction to one of the permissions; and based on the comparison, permitting access to the set of resources allocated to the first domain. |
| 申请公布号 |
US8955062(B2) |
申请公布日期 |
2015.02.10 |
| 申请号 |
US201414215148 |
申请日期 |
2014.03.17 |
| 申请人 |
Marvell World Trade Ltd. |
发明人 |
Fullerton Mark N. |
| 分类号 |
G06F15/16;G06F17/30;G06F21/53;G06F21/54;G06F21/74;H04L29/06;G06F15/173;H04K1/00 |
主分类号 |
G06F15/16 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
assigning a plurality of identifiers respectively to a plurality of domains, wherein each of the plurality of domains is allocated a corresponding set of resources selected from a plurality of resources, and wherein the plurality of resources are accessible at respective physical addresses; storing a plurality of permissions to access the physical addresses, wherein each of the plurality of permissions indicates which of the physical addresses one or more of the plurality of domains are permitted to access; assigning a code to a first domain, wherein the plurality of domains includes the first domain, wherein the code is to be executed by a processor, wherein the code comprises instructions, and wherein each of the instructions comprises a corresponding one of the physical addresses; tagging each of the instructions in the code by adding the identifier assigned to the first domain to each of the instructions; and during execution of each of the instructions by the processor,
comparing (i) the identifier of the first domain included in the corresponding instruction to (ii) one or more of the plurality of permissions; andbased on the comparison, permitting access to the set of resources allocated to the first domain. |
| 地址 |
St. Michael BB |
