-
公开(公告)号:US20190251256A1
公开(公告)日:2019-08-15
申请号:US16228719
申请日:2018-12-20
CPC分类号: G06F21/554 , G06F11/1004 , G06F11/1008 , G06F12/0246 , G06F12/1441 , G06F12/1483 , G06F12/1491 , G06F2212/1032 , G06F2212/1052 , G06F2212/151 , G06F2221/031 , H04L63/10
摘要: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
-
公开(公告)号:US20190243564A1
公开(公告)日:2019-08-08
申请号:US16383776
申请日:2019-04-15
IPC分类号: G06F3/06 , G06F12/14 , G06F12/0831 , G06F11/14
CPC分类号: G06F3/0619 , G06F3/065 , G06F3/0665 , G06F3/067 , G06F11/1446 , G06F12/0831 , G06F12/0873 , G06F12/1491 , G06F16/2343 , G06F16/24552 , G06F2212/621
摘要: Embodiments of the present disclosure may relate to methods and a computer program product for allowing writes based on a granularity level. The method for a storage server may include receiving a received granularity level for a particular volume of a storage device of a client computer including an effective duration for the received granularity level. The method may include receiving an anticipated write to the particular volume at an anticipated write granularity level. The method may include verifying whether the anticipated write granularity level substantially matches the received granularity level at the effective duration. The method may also include writing, in response to the anticipated write granularity level substantially matching the received granularity level at the effective duration, the anticipated write to the particular volume for the received granularity level.
-
公开(公告)号:US10031864B2
公开(公告)日:2018-07-24
申请号:US13841805
申请日:2013-03-15
CPC分类号: G06F12/1491 , G06F12/1441 , Y02D10/13
摘要: A single device that provides computing system-level functionality with non-volatile storage controller functionality. These functionalities can share the same electronics.
-
公开(公告)号:US20180173641A1
公开(公告)日:2018-06-21
申请号:US15579665
申请日:2016-04-28
申请人: ARM Limited
IPC分类号: G06F12/1009
CPC分类号: G06F12/1009 , G06F9/468 , G06F12/1018 , G06F12/1036 , G06F12/1458 , G06F12/1491 , G06F21/72 , G06F21/78 , G06F2212/1044 , G06F2212/1052 , G06F2212/151 , G06F2212/651 , G06F2212/657 , G06F2212/681
摘要: A data processing apparatus (20) comprises address translation circuitry (40) to translate a first address into a physical address directly identifying a corresponding location in a data store, and a table (50) comprising one or more entries indexed by the physical address, wherein at least one of the entries specifies the first address from which the corresponding physical address was translated by the address translation circuitry (40).
-
公开(公告)号:US09984009B2
公开(公告)日:2018-05-29
申请号:US15008650
申请日:2016-01-28
CPC分类号: G06F12/1491 , G06F13/28 , G06F13/4282 , G06F2212/1052
摘要: A processor, such as a low-cost microcontroller unit, uses a DMA controller to facilitate direct memory transactions between hardware subsystems independently of the CPU. To enable those transactions to be carried out security, gateways are provided to the DMA controller and peripheral bridge. The gateways, which have access to multiple access policies, switch between those policies depending on a hardware context and/or subcontext, such as the bus master originating the transaction and/or the DMA channel associated with the transaction. The gateways are operable to administer those policies independently of the CPU. In various implementations, gateways are provided for the DMA controller, the peripheral bridge, and/or individual peripherals. The processor is able to support secure, fully containerized operations involving its peripherals without constant CPU intervention.
-
公开(公告)号:US09971533B2
公开(公告)日:2018-05-15
申请号:US15638553
申请日:2017-06-30
IPC分类号: G06F12/00 , G06F3/06 , G06F11/07 , G06F12/109
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0673 , G06F11/0712 , G06F11/0727 , G06F11/073 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F12/1009 , G06F12/109 , G06F12/1408 , G06F12/145 , G06F12/1458 , G06F12/1475 , G06F12/1483 , G06F12/1491 , G06F2212/151 , G06F2212/654 , G06F2212/657
摘要: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.
-
公开(公告)号:US20180113816A1
公开(公告)日:2018-04-26
申请号:US15784403
申请日:2017-10-16
CPC分类号: G06F12/145 , G06F12/063 , G06F12/1441 , G06F12/1491 , G06F21/53 , G06F21/6272 , G06F2212/1052 , G06F2212/151
摘要: A memory protector is configured to evaluate access requests referring to a memory address space. The access requests comprise address parameters referring to addresses of the memory address space. The memory protector comprises an address evaluator, an address results combiner, and a data register. The address evaluator is configured to evaluate whether the address parameters refer to address ranges of a set of address ranges and is configured to provide results regarding the address ranges. The address results combiner is configured to combine results provided by the address evaluator depending on access protection groups to which the address ranges are mapped to. The memory protector is configured to provide access grant results based on combinations provided by the address results combiner. The data register is configured to store data concerning the set of address ranges and concerning a mapping of the address ranges to the access protection groups.
-
公开(公告)号:US09927995B2
公开(公告)日:2018-03-27
申请号:US14898853
申请日:2013-06-19
发明人: Patrik Ekdahl , Arash Vahidi
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0647 , G06F3/0683 , G06F12/1491 , G06F21/53 , G06F21/74
摘要: A method and an integrated circuit (100) for executing a trusted application within a trusted runtime environment (103) of the integrated circuit (100) are disclosed. The integrated circuit (100) comprises an internal memory (101) and the integrated circuit (100) is connected to an external memory (102). The trusted runtime environment (103) is restricted to use the internal memory (101) and the external memory (102). The integrated circuit (100) identifies (201) a call, by the trusted application, to a command of the trusted runtime environment (103). The trusted runtime environment (103) allows the command to be executed when the trusted application resides in the internal memory (101) only. Next, the integrated circuit (100) executes (204) the command while using the internal memory (101) only.
-
公开(公告)号:US20180039438A1
公开(公告)日:2018-02-08
申请号:US15784007
申请日:2017-10-13
申请人: INSIDE SECURE , INSIDE SECURE
IPC分类号: G06F3/06
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/1441 , G06F12/145 , G06F12/1491 , G06F21/64 , G06F21/74 , G06F21/79
摘要: In a general aspect, a method for sharing a memory between two functional entities can include assigning, to the first functional entity, a first data transformation function and a first inverse transformation function, and assigning, to the second functional entity a second data transformation function and a second inverse transformation function. The second inverse data transformation function can be incompatible with the first data transformation function and the first inverse data transformation function can be incompatible with the second data transformation function.
-
公开(公告)号:US20170300258A1
公开(公告)日:2017-10-19
申请号:US15638553
申请日:2017-06-30
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0673 , G06F11/0712 , G06F11/0727 , G06F11/073 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F12/1009 , G06F12/109 , G06F12/1408 , G06F12/145 , G06F12/1458 , G06F12/1475 , G06F12/1483 , G06F12/1491 , G06F2212/151 , G06F2212/654 , G06F2212/657
摘要: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.
-
-
-
-
-
-
-
-
-