-
公开(公告)号:US20140281354A1
公开(公告)日:2014-09-18
申请号:US13842516
申请日:2013-03-15
IPC分类号: G06F12/10
CPC分类号: G06F12/1009 , G06F21/57 , G06F21/64
摘要: A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.
摘要翻译: 提供与具有存储器的运行时完整性检查(RTIC)方法兼容,该存储器具有至少部分存储随时间改变的数据或至少部分被配置为虚拟存储器的数据。 例如,该方法可以包括通过作为示例的操作系统存储页面条目表和访问页面条目表,或者作为另一示例,管理程序来在存储器上执行RTIC,其中作为示例,例如, 操作系统,作为另一示例,管理程序,或者作为另一示例存储应用软件。 该表可以例如存储在安全存储器或外部存储器中。 页面条目包括页面的哈希值和指示哈希值的有效性状态的散列有效指示符。 页面条目还可以包括指示存储器页面的驻留状态的驻留指示符。
-
公开(公告)号:US08572410B1
公开(公告)日:2013-10-29
申请号:US13552527
申请日:2012-07-18
申请人: Thomas E. Tkacik , Carlin R. Covey
发明人: Thomas E. Tkacik , Carlin R. Covey
IPC分类号: G06F21/00
CPC分类号: H04L9/0861 , G06F21/72
摘要: Embodiments of an electronic circuit include a cryptographic engine which includes a key derivation function and encryption logic. The key derivation function combines a master secret key with a plurality of key modifiers including at least an operating system tag specific to an operating system, and derives an encryption key from the combined master secret key and plurality of key modifiers. The encryption logic is coupled to the key derivation function and encrypts data using the derived encryption key to generate a cryptographic binary large object (blob) for virtualized protected storage that is accessible only to the operating system specified by the operating system tag.
摘要翻译: 电子电路的实施例包括密码引擎,其包括密钥导出功能和加密逻辑。 密钥导出功能将主秘密密钥与至少包括操作系统特有的操作系统标签的多个密钥修改器相结合,并从组合主密钥和多个密钥修饰符导出加密密钥。 加密逻辑耦合到密钥导出函数,并使用导出的加密密钥对数据进行加密,以生成仅由操作系统标签指定的操作系统可访问的用于虚拟化保护存储的密码二进制大对象(blob)。
-
13.发明申请Computing Device with Entry Authentication into Trusted Execution Environment and Method Therefor 有权具有进入认证的计算设备到可信执行环境及其方法公开(公告)号:US20090240923A1
公开(公告)日:2009-09-24
申请号:US12053502
申请日:2008-03-21
IPC分类号: G06F9/30
CPC分类号: G06F21/52 , G06F9/30076 , G06F2221/2105
摘要: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).
摘要翻译: 计算设备(10)包括管理从不可信软件(116)到可信软件(118)的切换的可信执行环境(TEE)管理器(40)。 TEE管理器(40)包括被配置为存储密码,即时操作数指令(54)的存储器(90)。 在非信任软件(116)和可信软件(118)之间的切换点,存储器(90)可作为指令获取被访问,其内容作为指令被提取到CPU核心(24)中。 立即操作数指令(54)的立即操作数部分(60)提供密码,这些密码被写回到TEE管理器(40)内的猜测寄存器(80)中。 当指示(54)和猜测寄存器(80)中的猜测之间的预定关系被识别时,验证了立即操作数指令(54)的实际执行,发出TEE操作模式和安全敏感硬件(44 )被允许由可信软件(118)的特权例程(42)部分使用。
-
14.发明授权Computing device with entry authentication into trusted execution environment and method therefor 有权具有进入认证的可信任执行环境的计算设备及其方法公开(公告)号:US08117642B2
公开(公告)日:2012-02-14
申请号:US12053502
申请日:2008-03-21
CPC分类号: G06F21/52 , G06F9/30076 , G06F2221/2105
摘要: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).
摘要翻译: 计算设备(10)包括管理从不可信软件(116)到可信软件(118)的切换的可信执行环境(TEE)管理器(40)。 TEE管理器(40)包括被配置为存储密码,即时操作数指令(54)的存储器(90)。 在非信任软件(116)和可信软件(118)之间的切换点,存储器(90)可作为指令获取被访问,其内容作为指令被提取到CPU核心(24)中。 立即操作数指令(54)的立即操作数部分(60)提供密码,这些密码被写回到TEE管理器(40)内的猜测寄存器(80)中。 当指示(54)和猜测寄存器(80)中的猜测之间的预定关系被识别时,验证了立即操作数指令(54)的实际执行,发出TEE操作模式和安全敏感硬件(44 )被允许由可信软件(118)的特权例程(42)部分使用。
-
公开(公告)号:US4926476A
公开(公告)日:1990-05-15
申请号:US305576
申请日:1989-02-03
申请人: Carlin R. Covey
发明人: Carlin R. Covey
CPC分类号: G06F21/6218 , G06F21/64 , G06F2211/009
摘要: A CPU architecture guarantees that untrusted software will handle multi-level classified data in a secure manner. A single copy of untrusted software is granted simultaneous read and write access to multiple levels of classified data, with assurance that both the Bell-LaPadula simple security property and the *-property will be correctly enforced. This enforcement is accomplished without the severe constraints normally imposed by computers that do not incorporate this invention. The technique may also be used to enforce integrity policy constraints alone or in conjunction with security policy constraints (classifications). This method relies upon hardware comparison of sensitivity level tags (and/or integrity level tags) associated with data storage blocks. Software need not be examined before it is permitted to handle multi-level secure data because any attempted violation of a security policy (or an integrity policy) will cause a trap to the trusted operating system. Internal label registers are dynamically updated for permitted accesses by the untrusted software.
摘要翻译: CPU架构保证不受信任的软件将以安全的方式处理多级分类数据。 允许单个不受信任的软件副本同时对多级别的分类数据进行读写访问,同时保证Bell-LaPadula简单的安全属性和*性能都能正确执行。 这种执行是在没有通过并入本发明的计算机通常施加的严重限制的情况下实现的。 该技术还可用于单独执行完整性策略约束或与安全策略约束(分类)一起实施。 该方法依赖于与数据存储块相关联的灵敏度级别标签(和/或完整性级别标签)的硬件比较。 在允许处理多级安全数据之前,不需要检查软件,因为任何企图违反安全策略(或完整性策略)将导致受信任的操作系统陷阱。 动态更新内部标签寄存器,以供不可信软件允许访问。
-
公开(公告)号:US5249231A
公开(公告)日:1993-09-28
申请号:US878280
申请日:1992-05-04
IPC分类号: G06F12/14
CPC分类号: G06F12/1466
摘要: A method and apparatus for memory tagging for object reuse protection which includes a central processing unit (CPU), a memory for storing a data word object and a corresponding tag identifying a first process with a first identification (ID). The memory means is coupled to the CPU. A subject ID register for storing a current process ID for a current process is coupled to the CPU and the memory. Tag checking apparatus for comparing the current process ID to the first ID is coupled to the CPU, to the subject ID register, and to the memory. Control logic is coupled to the CPU, to the memory, and to the tag checking apparatus. The control logic is for denying access to the data word object by the current process if the current process ID does not match the first ID.
摘要翻译: 一种用于对象重用保护的存储器标签的方法和装置,其包括中央处理单元(CPU),用于存储数据字对象的存储器和识别具有第一标识(ID)的第一处理的相应标签。 存储装置耦合到CPU。 用于存储当前进程的当前进程ID的主体ID寄存器耦合到CPU和存储器。 用于将当前进程ID与第一ID进行比较的标签检查装置耦合到CPU,主题ID寄存器和存储器。 控制逻辑耦合到CPU,存储器和标签检查装置。 如果当前进程ID与第一个ID不匹配,则控制逻辑用于拒绝当前进程对数据字对象的访问。
-
公开(公告)号:US5249212A
公开(公告)日:1993-09-28
申请号:US891126
申请日:1992-06-01
CPC分类号: G06F11/10 , G06F12/1458
摘要: A method and apparatus for providing error detection, correction and prevention of unauthorized access to data using memory tags. The method and apparatus includes computing an original error detection/correction code associated with a data word. The original error detection/correction code, using a CPU and a subject identification register, is copied to a tag associated with the data word when an original subject writes the data word into a memory. A single-error-correction/double-error detection (SEC/DED) device applies a first bias to the tag to create a first-biased error detection/correction code when the memory is assigned to a first subject. The SEC/DED device applies a second bias to create a twice-biased error detection/correction code when a second subject attempts to access the data word. Access to the data word is denied if the twice-biased error detection/correction code comprises an uncorrectable error.
摘要翻译: 一种用于提供错误检测,校正和防止使用存储器标签对数据进行未授权访问的方法和装置。 该方法和装置包括计算与数据字相关联的原始错误检测/校正码。 当原始对象将数据字写入存储器时,使用CPU和主体标识寄存器的原始错误检测/校正码被复制到与数据字相关联的标签。 单错误纠正/双重错误检测(SEC / DED)设备将第一偏置应用于标签,以便在将存储器分配给第一主体时创建第一偏置误差检测/校正码。 当第二个对象尝试访问数据字时,SEC / DED设备应用第二偏置来产生两倍偏差的错误检测/校正码。 如果两次偏置的错误检测/纠正码包含不可校正的错误,则访问数据字被拒绝。
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.023 秒)