System, apparatus and method for stateful application of control data in a device

What is claimed is: 1 . A device comprising: a processor to execute instructions; and a policy logic to receive a request to access a resource to be protected by the device, wherein the policy logic is to access control data associated with the resource, the control data having a first device state field of a first value, the policy logic to determine whether the device is in a device state associated with the first value and if so to apply an access policy of the control data to determine whether to grant the request to access the resource. 2 . The device of claim 1 , wherein the control data comprises an access control list, the access control list including a plurality of device state fields, each to indicate whether the access policy of the access control list is to be applied when the device is in the corresponding device state. 3 . The device of claim 2 , wherein one of the plurality of device state fields comprises an operational criticality state of the device. 4 . The device of claim 2 , wherein one of the plurality of device state fields comprises an operational optimization goal of the device. 5 . The device of claim 2 , wherein the policy logic is to receive a plurality of device state inputs and determine whether each of the plurality of device state inputs matches a value stored in a corresponding one of the plurality of device state fields of the control data. 6 . The device of claim 5 , wherein at least one of the plurality of device state inputs is to be received from one or more second devices coupled to the device via a network. 7 . The device of claim 1 , wherein the control data comprises at least one state vector including a plurality of fields each for a device state factor and to indicate whether the access policy of the control data is to be applied when the device state factor is valid in the device. 8 . The device of claim 1 , further comprising a storage to store an index, the index comprising a plurality of entries each associated with one of a plurality of control data and to indicate a composite device state of the device in which the policy logic is to apply the associated control data to an access request. 9 . The device of claim 1 , further comprising a storage to store a plurality of control data, wherein the policy logic is to obtain the plurality of control data from an authoritative policy storage of a network, based on a current composite device state of the device. 10 . The device of claim 9 , wherein the policy logic is to evict one or more of the plurality of control data responsive to a change to the current composite device state. 11 . The device of claim 1 , wherein the policy logic is to pre-filter a plurality of control data based on the device state of the device, and to access the control data based on a result of the pre-filter. 12 . At least one computer readable storage medium comprising instructions that when executed enable a system to: determine a device state for the system, the system comprising an Internet of Things (IoT) device; determine whether an access control list associated with a resource is to be applied when the system is in the determined device state; and if the access control list is determined to be applied when the system is in the determined device state, determine whether a requester is to be granted access to the resource based on the access control list, and otherwise prevent the access without further application of the access control list. 13 . The at least one computer readable storage medium of claim 12 , further comprising instructions that when executed enable the system to request and obtain the access control list from an authoritative policy storage located remotely from the system responsive to a device state change of the system. 14 . The at least one computer readable storage medium of claim 12 , further comprising instructions that when executed enable the system to access an index, the index comprising a plurality of entries each associated with one of a plurality of access control lists and to indicate a composite device state of the system in which a policy logic of the system is to apply the associated access control list to an access request, to determine whether the access control list is to be applied. 15 . The at least one computer readable storage medium of claim 12 , further comprising instructions that when executed enable the system to access a plurality of access control lists associated with the resource, each of the plurality of access control lists comprising a composite device state matching a composite device state of the system. 16 . The at least one computer readable storage medium of claim 15 , further comprising instructions that when executed enable the system to evict from a storage of the system one or more of the plurality of access control lists responsive to a change to the composite device state. 17 . The at least one computer readable storage medium of claim 15 , further comprising instructions that when executed enable the system to grant the requester the access to the resource based on at least some of the accessed plurality of access control lists. 18 . A system comprising: a processor having a first logic to execute in a trusted execution environment; and a storage to store a plurality of access control policies, each of the plurality of access control policies associated with a composite device state of the system and including an access policy for a resource to be protected by the first logic, wherein the first logic is to apply one or more of the plurality of access control policies to a request for access to the resource, responsive to a matching of the associated composite device state of the one or more access control policies with a current composite device state of the system. 19 . The system of claim 18 , wherein the composite device state associated with a first access control policy includes a plurality of device state fields, each having one of a first value to indicate that a corresponding device state factor of the current composite device state of the system is to be valid or a second value to indicate that the corresponding device state factor of the current composite device state of the system is to be invalid. 20 . The system of claim 19 , wherein the storage is to store an index having a plurality of entries each associated with one of the plurality of access control policies and to store the first value or the second value for the plurality of device state fields. 21 . The system of claim 20 , wherein the first logic is to access the index to identify the one or more of the plurality of access control policies for application to the request for access. 22 . The system of claim 18 , further comprising a plurality of sensors to provide one or more device state factors of the current composite device state, wherein at least one of the plurality of sensors is to couple to the processor via a control channel to provide the one or more device state factors.