Binary translation reuse in a system with address space layout randomization
    1.
    发明授权
    Binary translation reuse in a system with address space layout randomization 有权
    具有地址空间布局随机化的系统中的二进制翻译重用

    公开(公告)号:US09471292B2

    公开(公告)日:2016-10-18

    申请号:US14256044

    申请日:2014-04-18

    IPC分类号: G06F9/45 G06F12/10

    摘要: Generally, this disclosure provides systems, methods and computer readable media for binary translation (BT) reuse. The system may include a (BT) module to translate a region of code from a first instruction set architecture (ISA) to a second ISA, for execution associated with a first process. The BT module may also be configured to store a first physical page number associated with the translated code and the first process. The system may also include a processor to execute the translated code and to update a virtual address instruction pointer associated with the execution. The system may further include a translation reuse module to validate the translated code for reuse by a second process. The validation may include generating a second physical page number based on a page table mapping of the updated virtual address instruction pointer and matching the second physical page number to the stored first physical page number.

    摘要翻译: 通常,本公开提供用于二进制翻译(BT)重用的系统,方法和计算机可读介质。 该系统可以包括用于将代码区域从第一指令集架构(ISA)转换到第二ISA的(BT)模块,用于与第一进程相关联的执行。 BT模块还可以被配置为存储与翻译的代码和第一进程相关联的第一物理页码。 该系统还可以包括执行转换代码并更新与执行相关联的虚拟地址指令指针的处理器。 该系统还可以包括翻译重用模块,以验证翻译的代码以供第二过程重用。 验证可以包括基于更新的虚拟地址指令指针的页表映射并将第二物理页号与所存储的第一物理页号进行匹配来生成第二物理页号。

    Instruction and Logic for Support of Code Modification
    2.
    发明申请
    Instruction and Logic for Support of Code Modification 有权
    支持代码修改的指令和逻辑

    公开(公告)号:US20150277915A1

    公开(公告)日:2015-10-01

    申请号:US14229161

    申请日:2014-03-28

    IPC分类号: G06F9/30 G06F9/38

    摘要: A processor includes support for executing binary-translated code including code modifications. The processor includes a processor core that includes a cache to store translation indicators from a physical map, each translation indicator to indicate whether a corresponding memory location includes translated code to be protected. The processor core also includes logic to execute a translated instruction. The translated instruction is translated from an instruction stored in a memory location. The processor core further includes logic to set a translation indicator in the cache corresponding to the memory location to indicate that it includes translated code to be protected. The processor core also includes logic to request senior store buffer drains of other processor cores of the processor based upon the execution of the translated instruction.

    摘要翻译: 处理器包括执行包括代码修改的二进制翻译代码的支持。 处理器包括处理器核心,其包括用于存储来自物理图的转换指示符的高速缓存,每个转换指示符,以指示对应的存储器位置是否包括要保护的转换代码。 处理器核还包括执行翻译指令的逻辑。 转换后的指令从存储在存储单元中的指令转换。 处理器核心还包括用于设置与存储器位置相对应的高速缓存中的转换指示符以指示其包括要保护的转换代码的逻辑。 处理器核心还包括基于转换的指令的执行来请求处理器的其他处理器核心的高级存储缓冲器排水的逻辑。

    Instruction and logic for support of code modification

    公开(公告)号:US09652268B2

    公开(公告)日:2017-05-16

    申请号:US14229161

    申请日:2014-03-28

    IPC分类号: G06F9/00 G06F9/44 G06F9/455

    摘要: A processor includes support for executing binary-translated code including code modifications. The processor includes a processor core that includes a cache to store translation indicators from a physical map, each translation indicator to indicate whether a corresponding memory location includes translated code to be protected. The processor core also includes logic to execute a translated instruction. The translated instruction is translated from an instruction stored in a memory location. The processor core further includes logic to set a translation indicator in the cache corresponding to the memory location to indicate that it includes translated code to be protected. The processor core also includes logic to request senior store buffer drains of other processor cores of the processor based upon the execution of the translated instruction.

    Processing attestation data associated with a plurality of data processing systems
    4.
    发明授权
    Processing attestation data associated with a plurality of data processing systems 有权
    处理与多个数据处理系统相关联的证明数据

    公开(公告)号:US09075994B2

    公开(公告)日:2015-07-07

    申请号:US13460080

    申请日:2012-04-30

    IPC分类号: G06F21/57 G06F9/455 G06F9/44

    摘要: An attestation technique is provided for processing attestation data associated with a plurality of data processing systems. A first data processing system is operable for receiving a request for attestation from a requester. In response to receiving the request, the first data processing system is further operable for retrieving a list of one or more children, wherein the one or more children include the second data processing system; retrieving and storing attestation data associated with each of the one or more children; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first data processing system and the child attestation data associated with the one or more children.

    摘要翻译: 提供了一种用于处理与多个数据处理系统相关联的认证数据的证明技术。 第一数据处理系统可操作用于从请求者接收认证请求。 响应于接收到请求,第一数据处理系统还可操作用于检索一个或多个子项的列表,其中所述一个或多个子节点包括第二数据处理系统; 检索和存储与所述一个或多个孩子中的每一个相关联的证明数据; 检索和存储与第一数据处理系统相关联的证明数据; 以及向所述请求者发送包含与所述第一数据处理系统相关联的认证数据和与所述一个或多个孩子相关联的所述儿童认证数据的连接响应。

    Virtual machine validation
    5.
    发明授权
    Virtual machine validation 有权
    虚拟机验证

    公开(公告)号:US09081600B2

    公开(公告)日:2015-07-14

    申请号:US13995814

    申请日:2011-12-19

    CPC分类号: G06F9/45533 G06F21/577

    摘要: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyze component, responsive to the control component receiving the at least one cryptographic data structure, for analyzing the at least one cryptographic data structure; a compare component, responsive to the analyze component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.

    摘要翻译: 一种系统,方法和计算机程序产品,用于提供受信任的主机环境与虚拟机(VM)的要求的合规性的验证。 该系统包括:存储部件,用于在至少一个加密数据结构中密码地存储与可信主机环境相关联的配置数据; 响应于所述存储组件存储所述配置数据的发送组件,用于将所述至少一个密码数据结构发送到控制组件; 分析组件,响应于所述控制组件接收所述至少一个密码数据结构,用于分析所述至少一个密码数据结构; 比较部件,响应于分析部件确定配置数据,用于将配置数据与要求进行比较; 以及验证组件,响应于所述比较组件确定所述配置数据与所述需求匹配,以允许所述VM的验证。

    VIRTUAL MACHINE VALIDATION
    6.
    发明申请
    VIRTUAL MACHINE VALIDATION 有权
    虚拟机验证

    公开(公告)号:US20140025961A1

    公开(公告)日:2014-01-23

    申请号:US13995814

    申请日:2011-12-19

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45533 G06F21/577

    摘要: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.

    摘要翻译: 一种系统,方法和计算机程序产品,用于提供受信任的主机环境与虚拟机(VM)的要求的合规性的验证。 该系统包括:存储部件,用于在至少一个加密数据结构中密码地存储与可信主机环境相关联的配置数据; 响应于所述存储组件存储所述配置数据的发送组件,用于将所述至少一个密码数据结构发送到控制组件; 分析组件,响应于所述控制组件接收所述至少一个密码数据结构,用于分析所述至少一个密码数据结构; 比较部件,响应于分析部件确定配置数据,用于将配置数据与要求进行比较; 以及验证组件,响应于所述比较组件确定所述配置数据与所述需求匹配,以允许所述VM的验证。

    MANAGING DYNAMIC CAPACITANCE USING CODE SCHEDULING
    8.
    发明申请
    MANAGING DYNAMIC CAPACITANCE USING CODE SCHEDULING 审中-公开
    使用代码调度管理动态电容

    公开(公告)号:US20150268997A1

    公开(公告)日:2015-09-24

    申请号:US14221750

    申请日:2014-03-21

    IPC分类号: G06F9/48 G06F1/32

    摘要: In an embodiment, a processor includes a schedule logic to schedule a set of instructions for execution in an execution logic of the processor and a power analysis logic having a first calculation logic to calculate a maximum dynamic capacitance for at least a portion of the processor and a second calculation logic to calculate a dynamic capacitance estimate for execution of the set of instructions. A rescheduling of the set of instructions may occur based on a comparison of the dynamic capacitance estimate and the maximum dynamic capacitance. Other embodiments are described and claimed.

    摘要翻译: 在一个实施例中,处理器包括调度逻辑以调度用于在处理器的执行逻辑中执行的指令集,以及具有第一计算逻辑的功率分析逻辑,以计算处理器的至少一部分的最大动态电容, 用于计算用于执行该组指令的动态电容估计的第二计算逻辑。 可以基于动态电容估计和最大动态电容的比较来重新安排该组指令。 描述和要求保护其他实施例。

    Attesting a component of a system during a boot process
    9.
    发明授权
    Attesting a component of a system during a boot process 有权
    在引导过程中验证系统的组件

    公开(公告)号:US08869264B2

    公开(公告)日:2014-10-21

    申请号:US13241835

    申请日:2011-09-23

    IPC分类号: G06F21/00 G06F21/31 G06F21/57

    摘要: A method, apparatus and program product for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.

    摘要翻译: 一种用于在引导过程期间证明系统的组件的方法,装置和程序产品。 该方法包括以下步骤:验证系统处于可信状态; 响应于验证系统处于可信状态,请求系统的注册,其中所述请求步骤还包括以下步骤:检索与所述系统相关联的注册数据; 检索与系统的组件相关联的当前输入数据; 将当前输入数据与登记数据进行比较,以确定系统是否可以保留其可信状态; 其中响应于所述比较步骤,如果所述当前输入数据与所述注册数据匹配,则所述系统保持其可信状态; 以及接受所述受信任状态,直到从具有保留的可信状态的系统接收到到所述系统的更新的通知。

    Method for Attesting a Plurality of Data Processing Systems
    10.
    发明申请
    Method for Attesting a Plurality of Data Processing Systems 审中-公开
    认证多种数据处理系统的方法

    公开(公告)号:US20120131334A1

    公开(公告)日:2012-05-24

    申请号:US13289044

    申请日:2011-11-04

    IPC分类号: H04L29/06

    摘要: A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively.

    摘要翻译: 一种证明多个数据处理系统的技术。 该方法包括:配置数据处理系统链,其中第一数据处理系统负责检索与第二数据处理系统相关联的认证数据; 发送第一数据处理系统的认证请求; 响应于接收到所述请求,检索相关联的一个或多个子项的列表,其中所述一个或多个子组成所述第二数据处理系统; 检索和存储与每个孩子相关联的证明数据; 检索和存储与第一数据处理系统相关联的证明数据; 以及向所述请求者发送包含与所述第一和第二数据处理系统相关联的认证数据的级联响应,使得与所述第一和第二数据处理系统相关联的证明数据可以分别用于证明所述第一和第二数据处理系统 。