-
公开(公告)号:US20080244758A1
公开(公告)日:2008-10-02
申请号:US11694548
申请日:2007-03-30
CPC分类号: G06F21/6218 , G06F21/57 , G06F21/70
摘要: An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.
摘要翻译: 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置,并且在一个实施例中包括虚拟机管理器,存储器保护模块和完整性测量管理器。 在另一实施例中,提供对一个或多个硬件设备的安全访问的方法可以包括:修改页表,验证设备驱动程序的完整性,以及如果设备驱动程序被验证,则向设备驱动程序提供存储器保护。
-
62.发明申请Method and apparatus for run-time in-memory patching of code from a service processor 有权从服务处理器的代码运行时内存补丁的方法和装置公开(公告)号:US20080083030A1
公开(公告)日:2008-04-03
申请号:US11540373
申请日:2006-09-29
IPC分类号: G06F12/14
CPC分类号: G06F8/656
摘要: Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.
摘要翻译: 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中,包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁,并且不会暂停程序的执行。
-
公开(公告)号:US07254133B2
公开(公告)日:2007-08-07
申请号:US10196541
申请日:2002-07-15
IPC分类号: H04L12/28
CPC分类号: H04L63/1458 , H04L29/06 , H04L69/16 , H04L69/163
摘要: Denial of service type attacks are attacks where the nature of a system used to establish communication sessions is exploited to prevent the establishment of sessions. For example, to establish a Transmission Control Protocol (TCP)/Internet Protocol (IP) communication session, a three-way handshake is performed between communication endpoints. When a connection request is received, resources are allocated towards establishing the communication session. Malicious entities can attack the handshake by repeatedly only partially completing the handshake, causing the receiving endpoint to run out of resources for allocating towards establishing sessions, thus preventing legitimate connections. Illustrated embodiments overcome such attacks by delaying allocating resources until after the three-way handshake is successfully completed.
摘要翻译: 拒绝服务类型攻击是攻击,其中用于建立通信会话的系统的性质被利用来阻止建立会话。 例如,为了建立传输控制协议(TCP)/因特网协议(IP)通信会话,在通信端点之间执行三次握手。 当接收到连接请求时,分配资源来建立通信会话。 恶意实体可以通过重复仅部分完成握手来攻击握手,导致接收端点用尽资源以分配建立会话,从而防止合法连接。 示例性实施例通过延迟分配资源来克服这种攻击,直到三次握手成功完成。
-
64.发明授权Method and apparatus for high accuracy distributed time synchronization using processor tick counters 失效使用处理器刻度计数器的高精度分布式时间同步的方法和装置公开(公告)号:US07194556B2
公开(公告)日:2007-03-20
申请号:US09823070
申请日:2001-03-30
申请人: Priya Rajagopal , David M. Durham
发明人: Priya Rajagopal , David M. Durham
IPC分类号: G06F15/16
CPC分类号: G06F1/12
摘要: A method and apparatus are provided that allow processing engines to be synchronized to each other with high accuracy. In one embodiment, the invention includes obtaining a processor tick counter value from a first processing engine, comparing the obtained processor tick counter value to a processor tick counter value from a second processing engine and determining a timing offset for synchronizing the first processing engine and the second processing engine using the comparison. The invention may further include obtaining a processor tick counter value by sending a request message from the second processing engine to the first processing engine, and receiving a reply from the first processing engine at the second processing engine. The processor tick counter value at the second processing engine can be determined by recording the time at which the request message is sent and by recording the time at which the reply is received. The invention can further include obtaining a processor frequency from the first processing engine, obtaining a processor frequency from the second processing engine and correcting the timing offset for any difference between the first processing engine frequency and the second processing engine frequency.
摘要翻译: 提供了一种方法和装置,其允许处理引擎以高精度彼此同步。 在一个实施例中,本发明包括从第一处理引擎获得处理器刻度计数器值,将得到的处理器刻度计数值与来自第二处理引擎的处理器刻度计数器值进行比较,并确定用于使第一处理引擎和 第二处理引擎使用比较。 本发明还可以包括通过从第二处理引擎向第一处理引擎发送请求消息并且在第二处理引擎处接收来自第一处理引擎的回复来获得处理器计数值。 可以通过记录发送请求消息的时间并记录回复的时间来确定第二处理引擎处理器计数器值。 本发明还可以包括从第一处理引擎获得处理器频率,从第二处理引擎获得处理器频率,并且校正第一处理引擎频率和第二处理引擎频率之间的差异的定时偏移。
-
公开(公告)号:US20220014356A1
公开(公告)日:2022-01-13
申请号:US17485146
申请日:2021-09-24
摘要: In one embodiment, an apparatus includes a processor comprising at least one core to execute instructions of a plurality of virtual machines (VMs) and a virtual machine monitor (VMM), and a cryptographic engine to protect data associated with the plurality of VMs through use of a plurality of private keys and a trusted transformer key, where each of the plurality of private keys are to protect program instructions and data of a respective VM and the trusted transformer key is to protect management structure data for the plurality of VMs. The processor is further to provide, to the VMM, read and write access to the management structure data through an untrusted transformer key
-
66.发明申请公开(公告)号:US20190095350A1
公开(公告)日:2019-03-28
申请号:US15714217
申请日:2017-09-25
申请人: David M. Durham , Siddhartha Chhabra , Amy L. Santoni , Gilbert Neiger , Barry E. Huntley , Hormuzd M. Khosravi , Baiju V. Patel , Ravi L. Sahita , Gideon Gerzon , Ido Ouziel , Ioannis T. Schoinas , Rajesh M. Sankaran
发明人: David M. Durham , Siddhartha Chhabra , Amy L. Santoni , Gilbert Neiger , Barry E. Huntley , Hormuzd M. Khosravi , Baiju V. Patel , Ravi L. Sahita , Gideon Gerzon , Ido Ouziel , Ioannis T. Schoinas , Rajesh M. Sankaran
摘要: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
-
公开(公告)号:US20170185529A1
公开(公告)日:2017-06-29
申请号:US14998323
申请日:2015-12-24
CPC分类号: G06F3/0685 , G06F3/0623 , G06F3/0661 , G06F12/023 , G06F12/1408 , G06F12/145 , G06F21/602 , G06F21/82 , G06F2212/1052 , G06F2212/401 , G06F2212/402 , G06F2212/60
摘要: Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.
-
公开(公告)号:US09390031B2
公开(公告)日:2016-07-12
申请号:US11323446
申请日:2005-12-30
CPC分类号: G06F12/1475 , G06F12/1491 , G06F21/74 , G06F21/79
摘要: Apparatuses and methods for page coloring to associate memory pages with programs are disclosed. In one embodiment, an apparatus includes a paging unit and an interface to access a memory. The paging unit includes translation logic and comparison logic. The translation logic is to translate a first address to a second address. The first address is to be provided by an instruction stored in a first page in the memory. The translation is based on an entry in a data structure, and the entry is to include a base address of a second page in the memory including the second address. The comparison logic is to compare the color of the first page to the color of the second page. The color of the first page is to indicate association of the first page with a first program including the first instruction. The data structure entry is also to include the color of the second page to indicate association of the second page with the first program or a second program.
摘要翻译: 公开了用于将内存页与程序相关联的页着色的装置和方法。 在一个实施例中,一种装置包括寻呼单元和用于访问存储器的接口。 寻呼单元包括翻译逻辑和比较逻辑。 翻译逻辑是将第一个地址转换为第二个地址。 第一个地址由存储在第一页的指令提供。 翻译是基于数据结构中的条目,并且该条目是在包括第二地址的存储器中包括第二页的基地址。 比较逻辑是将第一页的颜色与第二页的颜色进行比较。 第一页的颜色是指示第一页与包括第一指令的第一程序的关联。 数据结构条目还包括第二页的颜色以指示第二页与第一程序或第二程序的关联。
-
69.发明申请CREATING STACK POSITION DEPENDENT CRYPTOGRAPHIC RETURN ADDRESS TO MITIGATE RETURN ORIENTED PROGRAMMING ATTACKS 有权创建堆栈位置相关的CRYPTOGRAPHIC返回地址以减轻面向方面的编程攻击公开(公告)号:US20160094552A1
公开(公告)日:2016-03-31
申请号:US14498521
申请日:2014-09-26
申请人: David M. Durham , Baiju V. Patel
发明人: David M. Durham , Baiju V. Patel
IPC分类号: H04L29/06
摘要: A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.
摘要翻译: 计算设备包括用于保护由处理器使用以控制程序的执行流程的返回地址的技术。 计算设备使用加密算法以将返回地址绑定到堆栈中的位置的方式为返回地址提供安全性。
-
公开(公告)号:US20150242333A1
公开(公告)日:2015-08-27
申请号:US14709369
申请日:2015-05-11
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
105 条记录 (耗时 0.027 秒)
