Electrical computers and digital data processing systems: input/ – Input/output data processing – Input/output access regulation
Reexamination Certificate
1994-07-27
2001-04-17
Lee, Thomas C. (Department: 2782)
Electrical computers and digital data processing systems: input/
Input/output data processing
Input/output access regulation
C710S200000, C711S151000, C711S152000
Reexamination Certificate
active
06219726
ABSTRACT:
BACKGROUND OF THE INVENTION
Field of the Invention:
The present invention relates to storage devices. More specifically, the present invention relates to systems for regulating access to tape devices.
Description of the Related Art:
Data integrity is a key consideration in any data processing system. Most data processing environments have requirements to prevent data integrity problems due to unauthorized access to data. Certain programs exist which allow a system to input access criteria for datasets and access authority for users. The system then uses this information to manage data access. For tape devices, this protection mechanism is typically limited to management of access to the entire tape, referred to as a “volume”.
Tape devices have, however, traditionally supported the storing of multiple datasets on the same volume. Even in the case of a single dataset, there is the additional consideration that there may be residual data left on the medium from some prior usage which is beyond the end of the last written dataset. Access to such residual information is referred to as “object reuse” in some arenas. Both of these conditions represent potential security exposures if the accesses to the medium are not managed to the scope of the data on the medium to which the user is authorized. This would typically be a single dataset.
In certain environments, tape applications are allowed to issue input/output (I/O) commands (e.g., channel programs), typically without much supervision by the control program. In other environments, the control program is responsible for performing label and file formatting while the application is responsible for reading or writing the data portion of the file. Although some devices provide a protection assist mechanism to reject certain commands which are reserved for use by the control program, this protection is not used to control commands which access the medium. With the introduction of commands which allow random position to different blocks or partitions on the medium, an application has the ability to position outside of the single file which it has been given access to by the control program and associated security software. There are also critical applications which utilize these functions within the limit of a single file with significant performance improvement so that it is not possible to simply remove the ability to issue these commands from the applications.
One currently used solution to prevent object reuse is to store only one file on the volume and to erase the rest of the volume following the dataset. This solution has the following problems.
First, only a single file can be stored on the volume. Multiple files would be exposed to the application accessing data in more than one file. As volume capacities increase, storage of multiple files to utilize capacity becomes a critical part of storage management. The average file size is typically significantly less than the full capacity of a volume.
Second, the application may overwrite formatted portions of the volume which should not be overwritten, such as the label group for the dataset.
Third, the application may attempt to write formatting information, such as tape marks, which would lead to invalid file formatting on the medium.
Fourth, The application may attempt to unload the medium before the control program has a chance to finish file formatting on the medium. This might allow the application to unload the current medium and access some other medium. For example, some devices provide a Load command. Some device loaders have an automatic mode of loading which causes another volume to be loaded when the current volume is unloaded.
Fifth, the time required to perform an erase function may be significant. On most tape devices, this function requires that the device overwrite any portions of the volume which follow the end of the file. As volume capacities increase, the time spent performing this function increases linearly. For instance, the time to erase a 10 gigabit volume on a device which writes at a 1 megabit per second data rate would be roughly 10,000 seconds or three hours. If a significant number of the files processed require this type of processing, then the availability of tape devices for normal processing is severely impacted.
A second alternative is for the control program to scan through every channel program which is received from an application to determine whether there are any commands which might have undesirable effects. This solution has the following problems.
First, there is overhead associated with the scanning of each channel program.
Second, the channel program is typically in the user's address space which may lead to additional complexities with storage protection keys and address space translation problems.
Third, the control program may need to examine the parameter data associated with the command in order to assess its impact. This implies that a detailed knowledge of the device command set must be coded into the control program. It also creates the problem of having to update the control program every time new functions are introduced so that they are not rejected by the checking performed in the control program (e.g., an unknown function or command must be assumed to be a potential access violation and therefore it must be rejected). This may prohibit the early introduction of new functions by providing support directly in the application without the control program's knowledge.
Fourth, the program may not be able to assess whether the command creates a problem or not. For instance, a Locate command specifies some logical block further down the medium. The control program may or may not know the extent (e.g., the range of logical blocks) of the currently active dataset and therefore may not be able to determine whether the access is outside the range of the dataset.
Thus, there is a need in the art for a fast, inexpensive technique for limiting access to a tape volume which does not waste the unused capacity thereof.
SUMMARY OF THE INVENTION
The need in the art is addressed by the present invention which provides a method and system for limiting access to a media storage device such as a tape drive unit. In accordance with the inventive method, a set of control parameters is generated for the device for a given application program. A tape control unit uses the parameters to process commands from the application program and thereby control access to the tape. In a illustrative application, an extent is defined on the tape and controls are defined which govern the type of access permitted within the extent. The system rejects any commands which attempt to access medium outside of the defined extent. Write and formatting commands within the extent are limited and partition changes, loads and unloads are prohibited.
REFERENCES:
patent: 4525780 (1985-06-01), Bratt et al.
patent: 4604694 (1986-08-01), Hough
patent: 4780821 (1988-10-01), Crossley
patent: 4941107 (1990-07-01), Hasebe
patent: 5065429 (1991-11-01), Lang
patent: 5191611 (1993-03-01), Lang
patent: 5276735 (1994-01-01), Boebert
patent: 5283830 (1994-02-01), Hinsley et al.
patent: 5339403 (1994-08-01), Parker
Benman & Collins
Chen Duo
International Business Machines - Corporation
Lee Thomas C.
Sullivan Robert M.
LandOfFree
System for providing access protection on media storage... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for providing access protection on media storage..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for providing access protection on media storage... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2475263