-
公开(公告)号:US20190108130A1
公开(公告)日:2019-04-11
申请号:US16205508
申请日:2018-11-30
申请人: David M. Durham , Ron Gabor , Rajat Agarwal
发明人: David M. Durham , Ron Gabor , Rajat Agarwal
IPC分类号: G06F12/0895
摘要: In one embodiment, a method includes: in response to a sub-cacheline memory access request, receiving a data-line from a memory coupled to a processor; receiving tag information included in metadata associated with the data-line from the memory; determining, in a memory controller, whether a first tag identifier of the tag information matches a tag portion of an address of the memory line associated with the sub-cacheline memory access request, and in response to determining a match, storing a first portion of the data-line associated with the first tag identifier in a cache line of a cache of the processor, the first portion a sub-cacheline width. This method allows data lines stored in memory associated with multiple different tag metadata to be divided into multiple cachelines comprising the sub-cacheline data associated with a particular metadata address tag. Other embodiments are described and claimed.
-
公开(公告)号:US10248424B2
公开(公告)日:2019-04-02
申请号:US15283370
申请日:2016-10-01
摘要: One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.
-
公开(公告)号:US20170285976A1
公开(公告)日:2017-10-05
申请号:US15089140
申请日:2016-04-01
申请人: David M. Durham , Siddhartha Chhabra , Michael E. Kounavis , Sergej Deutsch , Karanvir S. Grewal , Joseph F. Cihula , Saeedeh Komijani
发明人: David M. Durham , Siddhartha Chhabra , Michael E. Kounavis , Sergej Deutsch , Karanvir S. Grewal , Joseph F. Cihula , Saeedeh Komijani
CPC分类号: G06F12/1408 , G06F21/64 , G06F21/79 , G06F2212/60
摘要: Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.
-
公开(公告)号:US09286245B2
公开(公告)日:2016-03-15
申请号:US13995360
申请日:2011-12-30
申请人: David M. Durham , Ravi L. Sahita , Prashant Dewan
发明人: David M. Durham , Ravi L. Sahita , Prashant Dewan
CPC分类号: G06F12/1458 , G06F21/121 , G06F21/50 , G06F21/79
摘要: Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation.
摘要翻译: 公开了用于硬件强制存储器访问许可的装置和方法的实施例。 在一个实施例中,处理器包括地址转换硬件和存储器访问硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 内存访问硬件是检测访问权限冲突。
-
公开(公告)号:US20150086012A1
公开(公告)日:2015-03-26
申请号:US14036263
申请日:2013-09-25
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
IPC分类号: H04N7/167
CPC分类号: G06F21/82 , G06F21/84 , G06F21/85 , H04N21/4122 , H04N21/4143 , H04N21/4367
摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.
摘要翻译: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及处理核心,其通信地耦合到所述体系结构保护的存储器,所述处理核心包括处理逻辑,所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境:执行驻留在架构保护的存储器中的指令, 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径,其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。
-
公开(公告)号:US20140157410A1
公开(公告)日:2014-06-05
申请号:US13690401
申请日:2012-11-30
申请人: Prashant Dewan , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Jason Martin , Michael Goldsmith , Ravi L. Sahita , Frank X McKeen , Carlos Rozas , Vembu Balaji , Scott Janus , Geoffrey S. Strongin , Xiaozhu Kang , Karanvir S. Grewal , Siddhartha Chhabra , Alpha T. Narendra Trivedi
发明人: Prashant Dewan , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Jason Martin , Michael Goldsmith , Ravi L. Sahita , Frank X McKeen , Carlos Rozas , Vembu Balaji , Scott Janus , Geoffrey S. Strongin , Xiaozhu Kang , Karanvir S. Grewal , Siddhartha Chhabra , Alpha T. Narendra Trivedi
IPC分类号: G06F21/64
摘要: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.
摘要翻译: 根据一些实施例,可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载,还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外,信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害,那么该部分可以被远程修补,并且在一些实施例中可以通过验证远程验证修补。
-
公开(公告)号:US08510760B2
公开(公告)日:2013-08-13
申请号:US12987813
申请日:2011-01-10
IPC分类号: G06F9/44
CPC分类号: G06F12/0866 , G06F13/387
摘要: Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.
摘要翻译: 这里描述了系统和方法来提供计算设备上的安全的主机资源管理。 其他实施例包括用于从隔离执行环境管理一个或多个主机设备驱动器的装置和系统。 另外的实施例包括用于从主机设备上的可管理资源查询和接收事件数据的方法。 另外的实施例包括用于将事件数据从一个或多个主机设备驱动程序报告给一个或多个能力模块的数据结构。
-
公开(公告)号:US20130191577A1
公开(公告)日:2013-07-25
申请号:US13734834
申请日:2013-01-04
IPC分类号: G06F12/08
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20130174147A1
公开(公告)日:2013-07-04
申请号:US13341891
申请日:2011-12-30
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/45583
摘要: Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.
摘要翻译: 本公开的各种实施例可以描述用于减少由程序之间切换存储器页面许可视图而引起的系统延迟的方法,装置和系统,同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。
-
100.发明申请公开(公告)号:US20130067228A1
公开(公告)日:2013-03-14
申请号:US13513047
申请日:2011-09-12
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , G06F21/32 , G06F21/6209 , G06F2221/2109 , H04L9/0825 , H04L63/045 , H04L63/0861
摘要: A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.
摘要翻译: 一种用于在不信任信道上安全地共享图像的方法和设备包括将加密图像从远程服务器下载到计算设备。 加密图像可以在其他用户上传时被加密。 使用面部识别程序认证计算设备的当前用户。 如果当前用户被认证并被确定被授权以查看解密的图像,则加密的图像被解密并显示给用户。 如果用户变得未认证(例如,用户离开计算设备或另一用户替换当前用户),则加密图像被代替加密图像被显示,使得解密的图像仅对于在计算机中物理存在的授权人员显示 设备。
-
-
-
-
-
-
-
-
-
搜索结果
105 条记录 (耗时 0.032 秒)
