-
公开(公告)号:US20240346155A1
公开(公告)日:2024-10-17
申请号:US18299216
申请日:2023-04-12
Applicant: Arm Limited
Inventor: Roberto AVANZI , Andreas Lars SANDBERG , Ionut Alexandru MIHALCEA , David Helmut SCHALL , Alexander KLIMOV
CPC classification number: G06F21/602 , G06F21/78
Abstract: Apparatuses and methods for memory protection are disclosed. A memory protection apparatus is interposed between a system cache and a memory system. The apparatus comprises encryption circuitry, which encrypts data item in dependence on encryption metadata and decrypts encrypted data items in dependence on the encryption metadata. In response to a change in a metadata item of the encryption metadata, when no cached copy of an affected data item is currently in the system cache, the affected data item is retrieved from the memory system, re-encrypted using the updated metadata item and returned to the memory system. When there is a cached copy, in dependence on update control data, the copy is retrieved from the system cache, encrypted using the updated metadata item and written out to the memory system.
-
Patent Agency Ranking
公开(公告)号:US20210311640A1
公开(公告)日:2021-10-07
申请号:US17269919
申请日:2019-10-17
Applicant: Arm Limited
Inventor: Yuval ELAD , Roberto AVANZI , Jason PARKER
IPC: G06F3/06 , G06F12/1009 , G06F16/901
Abstract: An apparatus (4) comprises memory access circuitry (12) to control access to data stored in a memory; and memory integrity checking circuitry (20) to verify integrity of data stored in the memory, using an integrity tree (26) in which the association between parent and child nodes is provided by a pointer. This helps to reduce the memory footprint of the tree.
-
公开(公告)号:US20240086085A1
公开(公告)日:2024-03-14
申请号:US17944553
申请日:2022-09-14
Applicant: Arm Limited
Inventor: Roberto AVANZI
IPC: G06F3/06
CPC classification number: G06F3/0623 , G06F3/0659 , G06F3/0673
Abstract: Apparatus, methods, and software for protecting a plurality of memory locations are disclosed. Logical addresses are translated into physical addresses in dependence on one of a first translation function and a second translation function. A transitional logical address and an associated transitional value are locally held in circuitry which applies the translation functions. A remapping of first to second translation function usage is performed by determining a new transitional physical address by applying the second translation function to the transitional logical address; determining a new transitional logical address by applying an inverse of the first translation function to the new transitional physical address; retrieving a new transitional value using the new transitional physical address; storing the old transitional value to the memory location indicated by the new transitional physical address; and locally storing the new transitional value. This remapping can be interleaved with normal memory accesses.
-
公开(公告)号:US20230259660A1
公开(公告)日:2023-08-17
申请号:US18003841
申请日:2021-06-25
Applicant: Arm Limited
Inventor: Andreas Lars SANDBERG , Roberto AVANZI
Abstract: A data integrity tree for memory security comprises a plurality of nodes, wherein a linked series of nodes of the data integrity tree protects a data item stored in memory. A parent node in the linked series of nodes comprises a plurality of counters, each associated with a respective child node and providing an input to a protection function associated with the respective child node. A node authentication code protects the plurality of counters in each parent node and is dependent on a counter in a node above the parent node in the data integrity tree. A plurality of hash value child nodes each comprises a plurality of encrypted hash values generated as a function of a respective block of data stored in the memory and as a function of a counter comprised in a node above the hash value child node in the data integrity tree.
-
公开(公告)号:US20230113906A1
公开(公告)日:2023-04-13
申请号:US17756877
申请日:2020-11-12
Applicant: Arm Limited
Inventor: Hector MONTANER MAS , Andreas Lars SANDBERG , Roberto AVANZI
IPC: G06F12/14 , G06F12/0866
Abstract: An apparatus including memory access circuitry for controlling access to data stored in the non-trusted memory, and memory security circuitry to verify integrity of data stored in the non-trusted memory. The memory security circuitry has authentication code generation circuitry for generating authentication codes to be associated with the data stored in the non-trusted memory, for use when verifying the integrity of the data. The apparatus also has a trusted storage, and the authentication code generation circuitry is arranged to generate different authentication codes, dependent on whether the authentication code is to be stored in the non-trusted memory or the trusted storage.
-
公开(公告)号:US20220014379A1
公开(公告)日:2022-01-13
申请号:US16925723
申请日:2020-07-10
Applicant: Arm Limited
Inventor: Roberto AVANZI , Andreas Lars SANDBERG , Michael Andrew CAMPBELL , Matthias Lothar BOETTCHER , Prakash S. RAMRAKHYANI
Abstract: Apparatuses and method are disclosed for protecting the integrity of data stored in a protected area of memory. Data in the protected area of memory is retrieved in data blocks and an authentication code is associated with a memory granule contiguously comprising a first data block and a second data block. Calculation of the authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block. A hash value cache is provided to store hash values determined from data blocks retrieved from the protected area of the memory. When the first data block and its associated authentication code are retrieved from memory, a lookup for the second hash value in the hash value cache is performed, and a verification authentication code is calculated for the memory granule to which that data block belongs. The integrity of the first data block is contingent on the verification authentication code matching the retrieved authentication code.
-
-
-
-
-
Search Results
6
records
(took 0.015 seconds)
