AU2020237597B2 - Secure interface control high-level instruction interception for interruption enablement - Google Patents

Secure interface control high-level instruction interception for interruption enablement Download PDF

Info

Publication number
AU2020237597B2
AU2020237597B2 AU2020237597A AU2020237597A AU2020237597B2 AU 2020237597 B2 AU2020237597 B2 AU 2020237597B2 AU 2020237597 A AU2020237597 A AU 2020237597A AU 2020237597 A AU2020237597 A AU 2020237597A AU 2020237597 B2 AU2020237597 B2 AU 2020237597B2
Authority
AU
Australia
Prior art keywords
secure
guest
interruption
entity
interface control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2020237597A
Other languages
English (en)
Other versions
AU2020237597A1 (en
Inventor
Christian Borntraeger
Jonathan Bradbury
Fadi Busaba
Lisa Heller
Claudio Imbrenda
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of AU2020237597A1 publication Critical patent/AU2020237597A1/en
Application granted granted Critical
Publication of AU2020237597B2 publication Critical patent/AU2020237597B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
AU2020237597A 2019-03-08 2020-02-28 Secure interface control high-level instruction interception for interruption enablement Active AU2020237597B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,452 US11308215B2 (en) 2019-03-08 2019-03-08 Secure interface control high-level instruction interception for interruption enablement
US16/296,452 2019-03-08
PCT/EP2020/055317 WO2020182498A1 (en) 2019-03-08 2020-02-28 Secure interface control high-level instruction interception for interruption enablement

Publications (2)

Publication Number Publication Date
AU2020237597A1 AU2020237597A1 (en) 2021-06-10
AU2020237597B2 true AU2020237597B2 (en) 2022-11-24

Family

ID=69740350

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2020237597A Active AU2020237597B2 (en) 2019-03-08 2020-02-28 Secure interface control high-level instruction interception for interruption enablement

Country Status (11)

Country Link
US (1) US11308215B2 (https=)
EP (1) EP3935532B1 (https=)
JP (1) JP7398472B2 (https=)
CN (1) CN113544664B (https=)
AU (1) AU2020237597B2 (https=)
CA (1) CA3132752A1 (https=)
ES (1) ES2998775T3 (https=)
HU (1) HUE069535T2 (https=)
IL (1) IL284822B2 (https=)
PL (1) PL3935532T3 (https=)
WO (1) WO2020182498A1 (https=)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11842227B2 (en) * 2019-10-10 2023-12-12 Advanced Micro Devices, Inc. Hypervisor secure event handling at a processor
US12020059B2 (en) 2021-08-30 2024-06-25 International Business Machines Corporation Inaccessible prefix pages during virtual machine execution
US12019772B2 (en) * 2021-09-14 2024-06-25 International Business Machines Corporation Storing diagnostic state of secure virtual machines
WO2026054335A1 (ko) * 2024-09-03 2026-03-12 삼성전자주식회사 하이퍼바이저를 실행하기 위한 전자 장치, 방법, 및 프로세서

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150277947A1 (en) * 2014-03-27 2015-10-01 International Business Machines Corporation Exiting multiple threads in a computer
US20160132345A1 (en) * 2014-11-11 2016-05-12 International Business Machines Corporation Processing a guest event in a hypervisor-controlled system

Family Cites Families (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896499A (en) 1997-02-21 1999-04-20 International Business Machines Corporation Embedded security processor
WO2005036367A2 (en) 2003-10-08 2005-04-21 Unisys Corporation Virtual data center that allocates and manages system resources across multiple nodes
US20080059556A1 (en) 2006-08-31 2008-03-06 Egenera, Inc. Providing virtual machine technology as an embedded layer within a processing platform
US8176280B2 (en) * 2008-02-25 2012-05-08 International Business Machines Corporation Use of test protection instruction in computing environments that support pageable guests
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8516481B2 (en) 2008-04-04 2013-08-20 Hewlett-Packard Development Company, L.P. Virtual machine manager system and methods
US9002014B2 (en) 2008-05-24 2015-04-07 Via Technologies, Inc. On-die cryptographic apparatus in a secure microprocessor
US9100548B2 (en) 2008-07-17 2015-08-04 Cisco Technology, Inc. Feature enablement at a communications terminal
GB2462258B (en) * 2008-07-28 2012-02-08 Advanced Risc Mach Ltd Interrupt control for virtual processing apparatus
TWI525452B (zh) 2008-10-02 2016-03-11 美國博通公司 安全處理系統
US8555377B2 (en) 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
US8468284B2 (en) * 2010-06-23 2013-06-18 International Business Machines Corporation Converting a message signaled interruption into an I/O adapter event notification to a guest operating system
CN102811239B (zh) 2011-06-03 2017-09-12 中兴通讯股份有限公司 一种虚拟机系统及其安全控制方法
KR101323858B1 (ko) 2011-06-22 2013-11-21 한국과학기술원 가상화 시스템에서 메모리 접근을 제어하는 장치 및 방법
CN102750178B (zh) * 2012-06-08 2015-04-29 华为技术有限公司 通信设备硬件资源的虚拟化管理方法及相关装置
US9218288B2 (en) 2012-06-15 2015-12-22 International Business Machines Corporation Monitoring a value in storage without repeated storage access
EP2867770B1 (en) 2012-06-29 2020-05-27 Intel Corporation Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US8656482B1 (en) 2012-08-20 2014-02-18 Bitdefender IPR Management Ltd. Secure communication using a trusted virtual machine
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
GB2515536A (en) * 2013-06-27 2014-12-31 Ibm Processing a guest event in a hypervisor-controlled system
WO2015015473A1 (en) 2013-08-02 2015-02-05 Ologn Technologies Ag A secure server on a system with virtual machines
US9355050B2 (en) 2013-11-05 2016-05-31 Qualcomm Incorporated Secure, fast and normal virtual interrupt direct assignment in a virtualized interrupt controller in a mobile system-on-chip
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9672058B2 (en) 2014-03-13 2017-06-06 Unisys Corporation Reduced service partition virtualization system and method
KR20160033517A (ko) 2014-09-18 2016-03-28 한국전자통신연구원 인터럽트 컨트롤러를 위한 하이브리드 가상화 방법
US10235282B2 (en) 2015-06-01 2019-03-19 Hitachi, Ltd. Computer system, computer, and method to manage allocation of virtual and physical memory areas
GB2539436B (en) 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
CN105184147B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 云计算平台中的用户安全管理方法
CN105184164B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 一种数据处理方法
US9792143B1 (en) 2015-10-23 2017-10-17 Amazon Technologies, Inc. Platform secure execution modes
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
CN105700826A (zh) * 2015-12-31 2016-06-22 华为技术有限公司 虚拟化方法和装置
CN107038128B (zh) 2016-02-03 2020-07-28 华为技术有限公司 一种执行环境的虚拟化、虚拟执行环境的访问方法及装置
US10223281B2 (en) * 2016-07-18 2019-03-05 International Business Machines Corporation Increasing the scope of local purges of structures associated with address translation
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US20180165224A1 (en) 2016-12-12 2018-06-14 Ati Technologies Ulc Secure encrypted virtualization
WO2018176360A1 (en) 2017-03-31 2018-10-04 Intel Corporation Scalable interrupt virtualization for input/output devices
WO2019070675A1 (en) * 2017-10-03 2019-04-11 Rutgers, The State University Of New Jersey TRACKING INFORMATION FLOW BASED ON VALUES IN PROGICIELS
DE112017008307T5 (de) 2017-12-27 2020-09-17 Intel Corporation Systeme und verfahren zur effizienten unterbrechung von virtuellen maschinen
US10545783B2 (en) * 2018-08-22 2020-01-28 Intel Corporation Technologies for securing data structures for controlling virtual machines
US11693952B2 (en) 2018-10-31 2023-07-04 Vmware, Inc. System and method for providing secure execution environments using virtualization technology
US10970100B2 (en) * 2019-03-08 2021-04-06 International Business Machines Corporation Starting a secure guest using an initial program load mechanism
US11347869B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11487906B2 (en) * 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
US11403409B2 (en) * 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting
US11206128B2 (en) * 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US20200285501A1 (en) * 2019-03-08 2020-09-10 International Business Machines Corporation Communication interface of a secure interface control
US11640361B2 (en) * 2019-03-08 2023-05-02 International Business Machines Corporation Sharing secure memory across multiple security domains
US11531627B2 (en) * 2019-03-08 2022-12-20 International Business Machines Corporation Secure storage isolation
US11182192B2 (en) * 2019-03-08 2021-11-23 International Business Machines Corporation Controlling access to secure storage of a virtual machine
US11347529B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
US11283800B2 (en) * 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging
US11176054B2 (en) * 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
US11068310B2 (en) * 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11455398B2 (en) * 2019-03-08 2022-09-27 International Business Machines Corporation Testing storage protection hardware in a secure virtual machine environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150277947A1 (en) * 2014-03-27 2015-10-01 International Business Machines Corporation Exiting multiple threads in a computer
US20160132345A1 (en) * 2014-11-11 2016-05-12 International Business Machines Corporation Processing a guest event in a hypervisor-controlled system

Also Published As

Publication number Publication date
IL284822B2 (en) 2024-03-01
US20200285747A1 (en) 2020-09-10
JP7398472B2 (ja) 2023-12-14
US11308215B2 (en) 2022-04-19
IL284822B1 (en) 2023-11-01
JP2022522374A (ja) 2022-04-18
IL284822A (en) 2021-08-31
EP3935532C0 (en) 2024-11-27
HUE069535T2 (hu) 2025-03-28
PL3935532T3 (pl) 2025-03-03
AU2020237597A1 (en) 2021-06-10
CA3132752A1 (en) 2020-09-17
ES2998775T3 (en) 2025-02-21
EP3935532B1 (en) 2024-11-27
EP3935532A1 (en) 2022-01-12
WO2020182498A1 (en) 2020-09-17
CN113544664A (zh) 2021-10-22
CN113544664B (zh) 2023-03-14

Similar Documents

Publication Publication Date Title
US11487906B2 (en) Storage sharing between a secure domain and a non-secure entity
EP3935496B1 (en) Sharing secure memory across multiple security domains
EP3935546B1 (en) Host virtual address space for secure interface control storage
US11206128B2 (en) Secure paging with page change detection
AU2020233947B2 (en) Secure interface control secure storage hardware tagging
US11182192B2 (en) Controlling access to secure storage of a virtual machine
US11635991B2 (en) Secure storage query and donation
US11455398B2 (en) Testing storage protection hardware in a secure virtual machine environment
AU2020237597B2 (en) Secure interface control high-level instruction interception for interruption enablement
EP3935509B1 (en) Secure interface control high-level page management
AU2020233905B2 (en) Communication interface of a secure interface control
HK40057240A (en) Secure interface control high-level instruction interception for interruption enablement
HK40057240B (en) Secure interface control high-level instruction interception for interruption enablement

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)