摘要:
Various embodiments of the present invention provide distributed computing systems featuring an operating-system-transparent distributed memory that, among other things, facilitates shared-message-based inter-thread communication between intercommunicating threads executing concurrently on a single-processor computer system, concurrently and simultaneously on a multi-processor computer system, and concurrently and simultaneously on multiple, discrete computer systems. Certain embodiments of the present invention are implemented using a secure-platform architecture in which secure-platform code running on processors within a distributed computing system provide a virtual, or logical, computing platform on which operating systems and higher-level software can be layered. A distributed memory system is provided by the secure-platform layer, using an extension of the memory-management hardware, firmware, and software systems originally developed to support virtual memory in single-processor and multi-processor computer systems. In essence, logical processors, logical caches, logical memory, and logical mass-storage-device-implemented backing store are mapped onto the individual processors, caches, memories, and interconnected mass-storage systems of a number of discrete computer systems interconnected by high-speed networking.
摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
A method and system for providing secure, direct access to computer system resources, such as system memory, by a non-trusted processing entity running in an unprivileged state that request access to the resource through a device that directly accesses the resource. The device includes access-right-checking logic and is configured to verify access rights of non-trusted processing entities that attempt to access the resource through the device. By checking access rights, the device ensures that non-trusted processing entities access only those particular portions of the resource authorized for access by the secure kernel.
摘要:
A methods for preparing an authenticable and verifiable image of a software module by adding to the received software module image a size and location block, an authentication block including a cryptographically protected module-specific public key and a clear-text version of the module-specific public key, and a verification block that includes a digital signature prepared from the module image. In one particular embodiment of the present invention, a next firmware-module that is to be accessed during a secure boot process is created to include a module-specific public key, a hashed and encrypted version of the module-specific public key, and a digital signature of the firmware-module image prepared using a module-specific private key.
摘要:
Method and system that allows a secure processing entity to allocate a portion of a system resource for use only by the secure processing entity. The portion of the system resource allocated for use only by the secure processing entity is protected from DMA-access by an untrusted processing entity, such as an I/O controller in the control of untrusted software. In one embodiment, a secure kernel may provide address translations to a system controller that result in the system controller returning invalid-memory-address errors to a DMA engine attempting to access a portion of a system memory allocated for use only by a secure kernel. In another embodiment of the present invention, a secure kernel initializes a system controller to contain a view of system-memory address space that does not include a portion of system-memory address space allocated for use only by a secure kernel.
摘要:
A key fragment generator accepts a key string, such as from a key string generator, and produces a plurality of key fragments that can be entered by a human with a lower likelihood of error than if the human attempted to enter the original key string. A key defragmenter accepts a plurality of entered key fragments, reconstitutes the original key string from the entered key fragments and, optionally, provides the reconstituted key string to a software package or other license manager. The key fragment generator can produce “friendly” key fragments that are easier for humans to read and enter than the arbitrary character strings that characterize typical key strings. The key fragment generator can produce “error-detectable” key fragments. If an error-detectable key fragment is entered incorrectly, the key defragmenter can generate an error message and permit a user to enter the key fragment again. The key fragment generator can produce “error-correctable” key fragments. If an error-correctable key fragment is entered incorrectly, the key defragmenter can generate an error message that describes the nature of the error or that draws a user's attention to a portion of the key fragment that the user entered incorrectly. The error message can include a “hint” related to one or more confusable characters that were entered incorrectly.
摘要:
Systems, methodologies, media, and other embodiments associated with performing a manipulation of a persistent memory using an extensible firmware interface are described. One exemplary method embodiment includes selectively refreshing a persistent memory from an EFI level application and providing to a user level application a signal concerning the persistent memory refreshing.
摘要:
An external personal computer or other computing device is employed as an external security-state monitor to monitor the security state of one or more computer systems. The security-state monitor creates pairs of write-once CDs containing an identical sequence of encryption keys. One CD of a pair remains with the security-state monitor, and the other CD of the pair is provided to the system administrator of a computer system. Keys are employed by the security-state monitor and computer system one time only, and the current key employed can be specified by an index into the sequence of keys stored on the duplicate CDs. When the computer system carries out an initial boot into a secure state, the computer system informs the security-state monitor using the current key from the computer system's CD. The security-state monitor accordingly determines that the computer system is currently secure. Prior to loading the executing the first untrusted software, the secure software executing on the computer system sends a message to the security-state monitor indicating that the computer system is transitioning to an insecure state.
摘要:
Security-state-reporting and data-control functionality introduced into a computer system to monitor and report the security state of the computer system and to store and make selectively available, for processes executing within a computer system, security-state-associated data. The hardware element includes two control registers, a current-security-state control register (“CSS”) and a current-data-bank control register (“CDB”). When the CSS is read, the CSS reports the current security state of the computer system, with security states represented as unsigned integers starting from a highest security level of 0 and decreasing with unsigned integers of increasing magnitudes. The CDB controls access to one or more data-register banks, positioning a data-register window to allow access only to those data-register-bank registers associated with the currently reported security state.
摘要:
Various embodiments of the present invention provide distributed computing systems featuring an operating-system-transparent distributed memory that, among other things, facilitates shared-message-based inter-thread communication between intercommunicating threads executing concurrently on a single-processor computer system, concurrently and simultaneously on a multi-processor computer system, and concurrently and simultaneously on multiple, discrete computer systems. Certain embodiments of the present invention are implemented using a secure-platform architecture in which secure-platform code running on processors within a distributed computing system provide a virtual, or logical, computing platform on which operating systems and higher-level software can be layered. A distributed memory system is provided by the secure-platform layer, using an extension of the memory-management hardware, firmware, and software systems originally developed to support virtual memory in single-processor and multi-processor computer systems. In essence, logical processors, logical caches, logical memory, and logical mass-storage-device-implemented backing store are mapped onto the individual processors, caches, memories, and interconnected mass-storage systems of a number of discrete computer systems interconnected by high-speed networking.