Securing CPU affinity in multiprocessor architectures
    1.
    发明授权
    Securing CPU affinity in multiprocessor architectures 有权
    在多处理器架构中保护CPU关联

    公开(公告)号:US08136153B2

    公开(公告)日:2012-03-13

    申请号:US11937320

    申请日:2007-11-08

    IPC分类号: G06F13/00

    摘要: In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches.

    摘要翻译: 在本发明的一个实施例中,为了控制多处理器环境的方法,限制了用户或进程设置或修改关联性的能力。 这可以通过使用参考监视器来实现,该监视器控制过程检索和设置其或另一进程的亲和力的能力。 这有助于预防安全漏洞。

    Method and system for securing instruction caches using substantially random instruction mapping scheme
    2.
    发明授权
    Method and system for securing instruction caches using substantially random instruction mapping scheme 有权
    使用基本上随机的指令映射方案来保护指令高速缓存的方法和系统

    公开(公告)号:US08055848B2

    公开(公告)日:2011-11-08

    申请号:US12183689

    申请日:2008-07-31

    IPC分类号: G06F12/08

    CPC分类号: G06F12/1408 G06F12/0842

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves maintaining a different substantially random instruction mapping policy into an I-cache for each of multiple processes, and for each process, performing a substantially random mapping scheme for mapping a process instruction into the I-cache based on the substantially random instruction mapping policy for said process. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及为多个进程中的每一个维护不同的基本上随机的指令映射策略到I缓存中,并且对于每个进程,执行基本上随机的映射方案,用于将处理指令映射到I缓存中, 用于所述进程的随机指令映射策略。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。

    SECURING STORED CONTENT FOR TRUSTED HOSTS AND SAFE COMPUTING ENVIRONMENTS
    3.
    发明申请
    SECURING STORED CONTENT FOR TRUSTED HOSTS AND SAFE COMPUTING ENVIRONMENTS 失效
    保护有关主机和安全计算环境的存储内容

    公开(公告)号:US20090049510A1

    公开(公告)日:2009-02-19

    申请号:US11839439

    申请日:2007-08-15

    CPC分类号: G06F21/53 G06F21/57 G06F21/79

    摘要: Techniques for protecting content to ensure its use in a trusted environment are disclosed. The stored content is protected against harmful and/or defective host (or hosted) environments. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device. A trusted host can effectively provide a safe virtual environment that allows a content representing a copy (or image) of an original computing environment to operate on the host computing system to give a similar appearance as the original computing environment.

    摘要翻译: 公开了用于保护内容以确保其在可信环境中使用的技术。 存储的内容受到保护,防止有害和/或缺陷的主机(或托管)环境。 为设备提供的受信任的安全组件可以在允许内容与主机联系之前验证存储的内容和主机的内部完整性。 作为计数器部件,为主机提供的可信安全组件可以验证和证实可以为存储在设备中的内容提供的主机和/或特定主机计算环境的完整性。 为设备提供的受信任的安全性组件基于为主机提供的可信安全组件所证明的信息有效地验证主机完整性。 如果信任的安全组件信任主机,则允许可信主机提供受信任的主机计算环境,以便对存储在设备中的内容安全。 可信主机可以有效地提供安全的虚拟环境,其允许表示原始计算环境的副本(或图像)的内容在主机计算系统上操作以给出与原始计算环境相似的外观。

    Method and system for securing instruction caches using cache line locking
    4.
    发明授权
    Method and system for securing instruction caches using cache line locking 失效
    使用高速缓存行锁定来保护指令高速缓存的方法和系统

    公开(公告)号:US08019946B2

    公开(公告)日:2011-09-13

    申请号:US12183908

    申请日:2008-07-31

    IPC分类号: G06F12/08

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves providing security critical instructions to indicate a security critical code section; and implementing an I-cache locking policy to prevent unauthorized eviction and replacement of security critical instructions in the I-cache. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及提供安全关键指令来指示安全关键代码段; 并实施I缓存锁定策略,以防止未经授权的驱逐和替换I缓存中的安全关键指令。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。

    SECURING CPU AFFINITY IN MULTIPROCESSOR ARCHITECTURES
    5.
    发明申请
    SECURING CPU AFFINITY IN MULTIPROCESSOR ARCHITECTURES 有权
    在多处理器架构中保护CPU的优势

    公开(公告)号:US20090126006A1

    公开(公告)日:2009-05-14

    申请号:US11937320

    申请日:2007-11-08

    IPC分类号: G06F21/02

    摘要: In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches.

    摘要翻译: 在本发明的一个实施例中,为了控制多处理器环境的方法,限制了用户或进程设置或修改关联性的能力。 这可以通过使用参考监视器来实现,该监视器控制过程检索和设置其或另一进程的亲和力的能力。 这有助于预防安全漏洞。

    Securing stored content for trusted hosts and safe computing environments
    6.
    发明授权
    Securing stored content for trusted hosts and safe computing environments 失效
    保护可信主机和安全计算环境的存储内容

    公开(公告)号:US08782801B2

    公开(公告)日:2014-07-15

    申请号:US11839439

    申请日:2007-08-15

    IPC分类号: G06F17/30

    CPC分类号: G06F21/53 G06F21/57 G06F21/79

    摘要: Techniques for protecting content to ensure its use in a trusted environment are disclosed. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device.

    摘要翻译: 公开了用于保护内容以确保其在可信环境中使用的技术。 为设备提供的受信任的安全组件可以在允许内容与主机联系之前验证存储的内容和主机的内部完整性。 作为计数器部件,为主机提供的可信安全组件可以验证和证实可以为存储在设备中的内容提供的主机和/或特定主机计算环境的完整性。 为设备提供的受信任的安全性组件基于为主机提供的可信安全组件所证明的信息有效地验证主机完整性。 如果信任的安全组件信任主机,则允许可信主机提供受信任的主机计算环境,以便对存储在设备中的内容安全。

    METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING SUBSTANTIALLY RANDOM INSTRUCTION MAPPING SCHEME
    7.
    发明申请
    METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING SUBSTANTIALLY RANDOM INSTRUCTION MAPPING SCHEME 有权
    使用实体随机指令映射方案来保护指令速度的方法和系统

    公开(公告)号:US20100030967A1

    公开(公告)日:2010-02-04

    申请号:US12183689

    申请日:2008-07-31

    IPC分类号: G06F12/08

    CPC分类号: G06F12/1408 G06F12/0842

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves maintaining a different substantially random instruction mapping policy into an I-cache for each of multiple processes, and for each process, performing a substantially random mapping scheme for mapping a process instruction into the I-cache based on the substantially random instruction mapping policy for said process. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及为多个进程中的每一个维护不同的基本上随机的指令映射策略到I缓存中,并且对于每个进程,执行基本上随机的映射方案,用于将处理指令映射到I缓存中, 用于所述进程的随机指令映射策略。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。

    METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING CACHE LINE LOCKING
    8.
    发明申请
    METHOD AND SYSTEM FOR SECURING INSTRUCTION CACHES USING CACHE LINE LOCKING 失效
    使用高速缓存线路锁定来保护指令速度的方法和系统

    公开(公告)号:US20100030964A1

    公开(公告)日:2010-02-04

    申请号:US12183908

    申请日:2008-07-31

    IPC分类号: G06F12/08

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves providing security critical instructions to indicate a security critical code section; and implementing an I-cache locking policy to prevent unauthorized eviction and replacement of security critical instructions in the I-cache. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及提供安全关键指令来指示安全关键代码段; 并实施I缓存锁定策略,以防止未经授权的驱逐和替换I缓存中的安全关键指令。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。

    Enhancing the security of public key cryptosystem implementations
    9.
    发明授权
    Enhancing the security of public key cryptosystem implementations 失效
    增强公钥密码系统实现的安全性

    公开(公告)号:US07903814B2

    公开(公告)日:2011-03-08

    申请号:US11828849

    申请日:2007-07-26

    IPC分类号: H04L9/00 G06F11/30

    CPC分类号: H04L9/302

    摘要: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase to populate a data structure. Then, a first random number multiplied by a public key is added to each value in the data structure, in modulo of a second random number multiplied by the public key. Then an exponentiation phase is performed, wherein each modular multiplication and square operation in the exponentiation phase is performed in modulo of the second random number multiplied by the public key, producing a result. Then the result of the exponentiation phase is reduced in modulo of the public key. The introduction of the random numbers aids in the prevention of potential security breaches from the deduction of operands in the table initiation phase by malicious individuals.

    摘要翻译: 在一个实施例中,通过首先执行表起始阶段来填充数据结构来执行消息的密码学变换。 然后,乘以公开密钥的第一随机数被加到数据结构中的每个值上,以第二随机数乘以公钥的模数。 然后执行取幂阶段,其中乘幂相位中的每个模乘和平方运算以第二随机数乘以公钥进行模拟,产生结果。 然后,乘法相位的结果以公钥的模数减少。 随机数的引入有助于防止潜在的安全漏洞在恶意个人的桌面启动阶段扣除操作数。

    Secure multicast content delivery
    10.
    发明授权
    Secure multicast content delivery 有权
    安全的多播内容传送

    公开(公告)号:US08218772B2

    公开(公告)日:2012-07-10

    申请号:US12165201

    申请日:2008-06-30

    IPC分类号: H04L9/00

    摘要: In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key.

    摘要翻译: 在一个实施例中,提供了一种用于在服务提供商和终端之间建立安全组播信道的方法。 从服务提供商接收到终端配置的请求。 首先将终端的配置发送给服务提供商。 获得安全密钥,其中安全性在第一时间被绑定到终端的配置。 然后使用终端的配置在第二时间对安全密钥进行解密,其中如果第二次终端的配置与终端的配置不同,则解密失败。 然后使用安全密钥与服务提供商建立安全的多播信道。