公开(公告)号：US20250028838A1

公开(公告)日：2025-01-23

申请号：US18223828

申请日：2023-07-19

Applicant: Arm Limited

Inventor： Michael Bartling ,  Matthias Lothar Boettcher ,  Brendan James Moran

IPC: G06F21/57

Abstract: A method is provided that includes receiving a computer program comprising regions of code, each region of code including at least one function, pruning a search space of the received computer program by applying a high-level model recognizing potential software vulnerabilities to the computer program to determine a region of the code of the regions of code that includes a potential software vulnerability, performing a localized static analysis on the region of the code that include the potential software vulnerability to determine a local condition that causes the potential software vulnerability to be expressed in the computer program, and generating a report that includes the region of the code that includes the potential software vulnerability including a location of the region of the code within the computer program and the local condition that causes the potential software vulnerability to be expressed in the computer program.

公开(公告)号：US11658808B2

公开(公告)日：2023-05-23

申请号：US16546596

申请日：2019-08-21

Applicant: Arm Limited

Inventor： Andreas Lars Sandberg ,  Matthias Lothar Boettcher ,  Prakash S. Ramrakhyani

IPC: H04L9/06 ,  H04L9/32 ,  G06F13/16 ,  G06F21/72 ,  G06F12/14

CPC classification number: H04L9/0656 ,  G06F12/1408 ,  G06F13/1668 ,  G06F21/72 ,  H04L9/3242

Abstract: Memory control circuitry controls access to data stored in memory, and memory security circuitry generates encrypted data to be stored in the memory. The encrypted data is based on target data and a first one-time-pad (OTP). In response to an OTP update event indicating that the first OTP is to be updated to a second OTP different from the first OTP, the memory security circuitry generates a re-encryption value based on the first OTP and the second OTP, and the memory security circuitry to issues a re-encryption request to cause updated encrypted data to be generated in a downstream component based on the encrypted data and the re-encryption value and to cause the encrypted data to be replaced in the memory by the updated encrypted data.

公开(公告)号：US11609863B2

公开(公告)日：2023-03-21

申请号：US16975255

申请日：2020-06-24

Applicant: Arm Limited

Inventor： Matthias Lothar Boettcher ,  François Christopher Jacques Botman

IPC: G06F12/14 ,  G06F12/02 ,  G06F12/1009

Abstract: An apparatus comprises capability checking circuitry 86 to perform a capability validity checking operation to determine whether use of a capability satisfies one or more use-limiting conditions. The capability comprises a pointer and pointer-use-limiting information specifying the one or more use-limiting conditions. The one or more use-limiting conditions comprise at least an allowable range of addresses for the pointer. In response to a capability write request requesting that a capability is written to a memory location associated with a capability write target address, when capability write address tracking is enabled, capability write address tracking circuitry 200 updates a capability write address tracking structure 100 based on the capability write target address.

公开(公告)号：US11599679B2

公开(公告)日：2023-03-07

申请号：US16908853

申请日：2020-06-23

Applicant: Arm Limited

Inventor： Brendan James Moran ,  Matthias Lothar Boettcher

IPC: G06F21/72 ,  H04L9/00 ,  H04L9/08

Abstract: A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.

公开(公告)号：US11263073B2

公开(公告)日：2022-03-01

申请号：US16641377

申请日：2018-08-30

Applicant: ARM Limited

Inventor： Matthias Lothar Boettcher ,  Mbou Eyole ,  Balaji Venu

IPC: G06F11/07 ,  G06F9/22

Abstract: An apparatus has a processing pipeline (2) comprising an execute stage (30) and at least one front end stage (10), (20), (25) for controlling which micro operations are issued to the execute stage. The pipeline has an intra-core lockstep mode of operation in which the at least one front end stage (10), (20), (25) issues micro operations for controlling the execute stage (30) to perform main processing and checker processing. The checker processing comprises redundant operations corresponding to associated main operations of at least part of the main processing. Error handling circuitry (200), (210) is responsive to the detection of a mismatch between information associated with given checker and main operations to trigger a recovery operation to correct an error and continue forward progress of the main processing.

公开(公告)号：US11200175B2

公开(公告)日：2021-12-14

申请号：US16825021

申请日：2020-03-20

Applicant: Arm Limited

Inventor： Matthias Lothar Boettcher

IPC: G06F12/0891 ,  G06F12/1027 ,  G06F9/30 ,  G06F12/02 ,  G06F12/0864 ,  G06F12/14

Abstract: There is provided a data processing apparatus that includes memory circuitry that provides a physical address space, which is logically divided into a plurality of memory segments and stores a plurality of accessors with associated validity indicators. Each of the accessors controls access to a region of the physical address space in dependence on at least its associated validity indicator. Tracking circuitry tracks which of the memory segments contain the accessors and invalidation circuitry responds to a request to invalidate an accessor by determining a set of equivalent accessors with reference to the tracking circuitry, and invalidating the accessor and the equivalent accessors by setting the associated validity indicator of each of the accessor and the equivalent accessors to indicate that the accessor and the equivalent accessors are invalid.

公开(公告)号：US10437594B2

公开(公告)日：2019-10-08

申请号：US15746559

申请日：2016-06-15

Applicant: ARM LIMITED

Inventor： Mbou Eyole ,  Matthias Lothar Boettcher

IPC: G06F9/30 ,  G06F9/38 ,  G06F3/06 ,  G06F15/80

Abstract: An apparatus and method are provided for transferring a plurality of data structures from memory into one or more vectors of data elements stored in a register bank. The apparatus has first interface circuitry to receive data structures retrieved from memory, where each data structure has an associated identifier and comprises N data elements. Multi-axial buffer circuitry is provided having an array of storage elements, where along a first axis the array is organized as N sets of storage elements, each set containing a plurality VL of storage elements, and where along a second axis the array is organized as groups of N storage elements, with each group containing a storage element from each of the N sets. Access control circuitry then stores the N data elements of a received data structure in one of the groups selected in dependence on the associated identifier. Responsive to an indication that all required data structures have been stored in the multi-axial buffer circuitry, second interface circuitry then outputs the data elements stored in one or more of the sets of storage elements as one or more corresponding vectors of data elements for storage in a register bank, each vector containing VL data elements. Such an approach can significantly increase the performance of handling such load operations, and give rise to potential energy savings.

公开(公告)号：US12118088B2

公开(公告)日：2024-10-15

申请号：US16855716

申请日：2020-04-22

Applicant: Arm Limited

Inventor： Subbayya Chowdary Yanamadala ,  Jeremy Patrick Dubeuf ,  Carl Wayne Vineyard ,  Matthias Lothar Boettcher ,  Hugo John Martin Vincent ,  Shidhartha Das

IPC: G06F21/56 ,  G06F9/54 ,  G06F21/72 ,  G06F21/85

CPC classification number: G06F21/566 ,  G06F9/54 ,  G06F21/72 ,  G06F21/85 ,  G06F2221/034

Abstract: A moderator system that can receive outputs of various stages of the security analytic framework and can receive input from external sources to provide information about emerging styles of attacks. One or more models/behavioral profiles can be curated by the moderator system, and the moderator system can provide updates to components of the security analytics framework.

公开(公告)号：US11507475B2

公开(公告)日：2022-11-22

申请号：US16475487

申请日：2017-12-12

Applicant: Arm Limited

Inventor： Matthias Lothar Boettcher ,  Mbou Eyole ,  Nathanael Premillieu

IPC: G06F11/00 ,  G06F11/16 ,  G06F9/30 ,  G06F11/07 ,  G06F9/38

Abstract: A data processing apparatus (2) has scalar processing circuitry (32-42) and vector processing circuitry (38, 40, 42). When executing main scalar processing on the scalar processing circuitry (32-42), or main vector processing using a subset of said plurality of lanes on the vector processing circuitry (38, 40, 42), checker processing is executed using at least one lane of the plurality of lanes on the vector processing circuitry (38, 40, 42), the checker processing comprising operations corresponding to at least part of the main scalar/vector processing. Errors can then be detected based on a comparison of an outcome of the main processing and an outcome of the checker processing. This provides a technique for achieving functional safety in a high end processor with better performance and reduced hardware cost compared to a dual/triple core lockstep approach.

公开(公告)号：US11133817B1

公开(公告)日：2021-09-28

申请号：US16929930

申请日：2020-07-15

Applicant: Arm Limited

Inventor： Matthias Lothar Boettcher ,  Hugo John Martin Vincent ,  Brendan James Moran

IPC: H03M1/12 ,  H03M1/46 ,  H03M3/00 ,  H03M1/14

Abstract: A processing system with a microarchitectural feature for mitigation of differential power analysis and electromagnetic analysis attacks can include a memory, a processor, and a mitigation response unit. The processor can include an instruction predictor that comprises a storage device for storing metadata associated with corresponding instruction blocks. The mitigation response unit is coupled to the instruction predictor to write and read the metadata associated with the corresponding instruction blocks. The mitigation response unit is configured to determine a mitigation technique for an instruction block based on an electromagnetic or power signature corresponding to execution of the instruction block and metadata associated with the instruction block.