Browse Prior Art Database

Virtual Key

IP.com Disclosure Number: IPCOM000080269D
Original Publication Date: 1973-Nov-01
Included in the Prior Art Database: 2005-Feb-27
Document File: 2 page(s) / 12K

Publishing Venue

IBM

Related People

Etchison, KL: AUTHOR

Abstract

In supporting a virtual machine capability in an operating system environment, a security problem may arise due to the requirement of the virtual machine guests to set storage keys that may be duplicates of keys already in use by the operating system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 62% of the total text.

Page 1 of 2

Virtual Key

In supporting a virtual machine capability in an operating system environment, a security problem may arise due to the requirement of the virtual machine guests to set storage keys that may be duplicates of keys already in use by the operating system.

The solution involves setting actual hardware keys as keys not currently in use by the operating system and mapping key references. This is called `virtual keying' as the virtual machine user never sees the actual key.

The current implementation of the virtual machine capability involves interception of all interruptions and privileged instruction execution within the virtual machines.

Actual storage keys are referenced in the following manners: A. Hardware Comparisons 1. PSW Key to storage

2. I/O Key to storage

B. Instruction References 1. ISK

2. SSK.

The instructions are privileged. The keys to be used by hardware in hardware comparisons are set by privileged instructions or hardware interruptions.

All of these events are intercepted currently in a virtual machine facility. To support virtual keys, all that is required is a mapping mechanism to convert keys (except key zero) in `store' type operations to the proper `real key' and in `read' operations back to the proper `virtual key', and a mechanism for communicating with the operating system concerning which real keys have been used by the virtual machine facility.

The following table describes the various `store' and `read' type operations and the co...