System and method for providing access control to raw shared devices
US7930487B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 13, 2007 |
| Grant date | Apr 19, 2011 |
| Priority date | — |
| Expiry date | Aug 1, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/805
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An access control agent is advantageously deployed at a host device to prevent malicious use of a storage system by unauthorized hosts and users. In one embodiment the access control agent is disposed in a processing path between the application and the storage device. An application is mounted as an image file by a loop device to provide a virtual file system. The virtual file system is populated with access control information for each block of the file. Application I/O requests are mapped to physical blocks of the storage by the loop device, and the access control information is used to filter the access requests to preclude unauthorized requests from being forwarded to the storage client (and consequently the storage devices). With such an arrangement, access rights can be determined at I/O accesses, file and block granularity for each user.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.