-
71.发明申请CREATING STACK POSITION DEPENDENT CRYPTOGRAPHIC RETURN ADDRESS TO MITIGATE RETURN ORIENTED PROGRAMMING ATTACKS 有权创建堆栈位置相关的CRYPTOGRAPHIC返回地址以减轻面向方面的编程攻击公开(公告)号:US20160094552A1
公开(公告)日:2016-03-31
申请号:US14498521
申请日:2014-09-26
申请人: David M. Durham , Baiju V. Patel
发明人: David M. Durham , Baiju V. Patel
IPC分类号: H04L29/06
摘要: A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.
摘要翻译: 计算设备包括用于保护由处理器使用以控制程序的执行流程的返回地址的技术。 计算设备使用加密算法以将返回地址绑定到堆栈中的位置的方式为返回地址提供安全性。
-
公开(公告)号:US20150242333A1
公开(公告)日:2015-08-27
申请号:US14709369
申请日:2015-05-11
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
73.发明授权Method and apparatus for memory encryption with integrity check and protection against replay attacks 有权用于内存加密的方法和装置,具有完整性检查和防止重放攻击公开(公告)号:US09076019B2
公开(公告)日:2015-07-07
申请号:US13977213
申请日:2011-06-29
申请人: Shay Gueron , Uday Savagaonkar , Francis X. McKeen , Carlos V. Rozas , David M. Durham , Jacob Doweck , Ofir Mulla , Ittai Anati , Zvika Greenfield , Moshe Maor
发明人: Shay Gueron , Uday Savagaonkar , Francis X. McKeen , Carlos V. Rozas , David M. Durham , Jacob Doweck , Ofir Mulla , Ittai Anati , Zvika Greenfield , Moshe Maor
CPC分类号: G06F21/72 , G06F12/1408 , G06F21/00 , G06F21/64 , H04L9/0637 , H04L9/3242
摘要: A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor.
摘要翻译: 提供了一种提供加密完整性检查和重放保护以防止对系统存储器的硬件攻击的方法和装置。 分组密码的操作模式增强了标准的XTS-AES操作模式,通过扩展调整以包括“时间戳”指示符来执行存储器加密。 基于树的重放保护方案使用标准的XTS-AES来加密系统内存中的高速缓存行的内容。 高速缓存行的消息认证码(MAC)使用增强型XTS-AES和与高速缓存行相关联的“时间戳”指示符进行加密。 “时间戳指示符”存储在处理器中。
-
公开(公告)号:US20150143071A1
公开(公告)日:2015-05-21
申请号:US13995337
申请日:2011-12-30
申请人: Ravi L. Sahita , Yasser Rasheed , Vedvyas Shanbhogue , David M. Durham , Scott H. Robinson , Paul S. Schmitz
发明人: Ravi L. Sahita , Yasser Rasheed , Vedvyas Shanbhogue , David M. Durham , Scott H. Robinson , Paul S. Schmitz
CPC分类号: G06F12/10 , G06F21/554 , G06F21/6227 , G06F2212/251 , G06F2221/034
摘要: Embodiments of apparatuses and methods for memory event notification are disclosed. In one embodiment, a processor includes address translation hardware and memory event hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory event hardware is to detect an access to a registered portion of memory.
摘要翻译: 公开了用于存储器事件通知的装置和方法的实施例。 在一个实施例中,处理器包括地址转换硬件和存储器事件硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 存储器事件硬件是检测对存储器的注册部分的访问。
-
公开(公告)号:US20140283056A1
公开(公告)日:2014-09-18
申请号:US13838091
申请日:2013-03-15
IPC分类号: G06F21/56
CPC分类号: G06F21/56 , G06F9/45558 , G06F21/554 , G06F21/563 , G06F21/566 , G06F2009/45583 , G06F2009/45587
摘要: Technologies for securing an electronic device include determining addresses of one or more memory pages, injecting for each memory page a portion of identifier data into the memory page, storing an indication of the identifier data injected into each of the memory pages, determining an attempt to access at least one of the memory pages, determining any of the identifier data present on a memory page associated with the attempt, comparing the indication of the identifier data with the determined identifier data present on the memory page, and, based on the comparison, determining whether to allow the access.
摘要翻译: 用于确保电子设备的技术包括确定一个或多个存储器页面的地址,将每个存储器页面的一部分标识符数据注入存储器页面,存储注入到每个存储器页面中的标识符数据的指示, 访问存储器页面中的至少一个,确定存在于与尝试相关联的存储器页面上的任何标识符数据,将标识符数据的指示与存储在页面上的确定的标识符数据进行比较,并且基于该比较, 确定是否允许访问。
-
公开(公告)号:US20140041033A1
公开(公告)日:2014-02-06
申请号:US13995360
申请日:2011-12-30
申请人: David M. Durham , Ravi L. Sahita , Prashant Dewan
发明人: David M. Durham , Ravi L. Sahita , Prashant Dewan
IPC分类号: G06F12/14
CPC分类号: G06F12/1458 , G06F21/121 , G06F21/50 , G06F21/79
摘要: Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation.
摘要翻译: 公开了用于硬件强制存储器访问许可的装置和方法的实施例。 在一个实施例中,处理器包括地址转换硬件和存储器访问硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 内存访问硬件是检测访问权限冲突。
-
77.发明申请公开(公告)号:US20120255015A1
公开(公告)日:2012-10-04
申请号:US13076378
申请日:2011-03-30
CPC分类号: G06F21/54 , G06F11/3644 , G06F21/566
摘要: Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory.
摘要翻译: 通常,本公开描述了用于透明地测试计算机进程的系统和方法。 这些系统和方法被配置为允许检测可执行代码,同时允许旧的存储器扫描工具来监视存储在存储器中的相应的未被记录的可执行代码。
-
78.发明申请公开(公告)号:US20110107423A1
公开(公告)日:2011-05-05
申请号:US12609961
申请日:2009-10-30
CPC分类号: G06F21/51 , G06F21/56 , G06F21/567
摘要: A computer platform may support anti-virus agents that may be provided access to directly scan the memory. The computer platform may comprise a platform control hub, which may comprise a manageability engine and a virtualizer engine, wherein the manageability engine may allow the anti-virus agents to be downloaded to a platform hardware space that is isolated from an operating system. The manageability engine may authenticate the anti-virus agents and provide an access for the anti-virus agents to directly scan a memory or a storage device coupled to the platform hardware.
摘要翻译: 计算机平台可以支持可以提供访问以直接扫描存储器的防病毒代理。 计算机平台可以包括平台控制中心,其可以包括可管理性引擎和虚拟器引擎,其中可管理引擎可以允许将防病毒代理程序下载到与操作系统隔离的平台硬件空间。 可管理性引擎可以对防病毒代理进行身份验证,并为防病毒代理提供访问,以直接扫描与平台硬件耦合的存储器或存储设备。
-
公开(公告)号:US20110107355A1
公开(公告)日:2011-05-05
申请号:US12987813
申请日:2011-01-10
IPC分类号: G06F9/44
CPC分类号: G06F12/0866 , G06F13/387
摘要: Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.
摘要翻译: 这里描述了系统和方法来提供计算设备上的安全的主机资源管理。 其他实施例包括用于从隔离执行环境管理一个或多个主机设备驱动器的装置和系统。 另外的实施例包括用于从主机设备上的可管理资源查询和接收事件数据的方法。 另外的实施例包括用于将事件数据从一个或多个主机设备驱动程序报告给一个或多个能力模块的数据结构。
-
公开(公告)号:US07870565B2
公开(公告)日:2011-01-11
申请号:US11173885
申请日:2005-06-30
IPC分类号: G06F9/44
CPC分类号: G06F12/0866 , G06F13/387
摘要: Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.
摘要翻译: 这里描述了系统和方法来提供计算设备上的安全的主机资源管理。 其他实施例包括用于从隔离执行环境管理一个或多个主机设备驱动器的装置和系统。 另外的实施例包括用于从主机设备上的可管理资源查询和接收事件数据的方法。 另外的实施例包括用于将事件数据从一个或多个主机设备驱动程序报告给一个或多个能力模块的数据结构。
-
-
-
-
-
-
-
-
-
搜索结果
105 条记录 (耗时 0.03 秒)
