Apparatus, method and system to control accessibility of platform resources based on an integrity level
| DWPI Title: Apparatus for controlling accessibility of platform resources, has logic for identifying rule set based on policy corresponding to integrity level, and automatically initiating operation to cause condition to be satisfied |
| Abstract: Techniques and mechanism to selectively provide resource access to a functional domain of a platform. In an embodiment, the platform includes both a report domain to monitor the functional domain and a policy domain to identify, based on such monitoring, a transition of the functional domain from a first integrity level to a second integrity level. In response to a change in integrity level, the policy domain may configure the enforcement domain to enforce against the functional domain one or more resource accessibility rules corresponding to the second integrity level. In another embodiment, the policy domain automatically initiates operations in aid of transitioning the platform from the second integrity level to a higher integrity level. |
| Use: Apparatus for controlling accessibility of platform resources based on an integrity level in computer security. Uses include but are not limited to control accessibility of server, desktop computer, laptop computer, handheld device such as smartphone, tablet, palmtop and e-reader, game console, smart TV and computing-capable device. |
| Advantage: The apparatus utilizes a system to detect loss of integrity for hardware components and/or software components of a computing-capable platform, and dynamically migrate the platform to a lower level of functionality. The apparatus provides violation of a condition by an attempt to write in region that contributes to the state being satisfied, thus obtaining an automatic enforcement response according to a policy corresponding to the integrity level. |
| Novelty: The apparatus a logic including circuitry for providing a policy domain (130) in response to a transition from a state to another state. The logic identified a rule set based on a policy corresponding to an integrity level. The logic configures an enforcement domain (150) to enforce the rule set against access by a functional domain (120) to resources (110). The logic identifies a condition of a state assigned an integrity level greater than another integrity level based on another integrity level. The logic automatically initiates an operation to cause the condition to be satisfied. |
| Filed: 3/18/2015 |
| Application Number: US14661174A |
| Tech ID: SD 12611.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |