CN104756129B - 用于在数据处理器的不同操作域之间切换的安全机制 - Google Patents

用于在数据处理器的不同操作域之间切换的安全机制 Download PDF

Info

Publication number
CN104756129B
CN104756129B CN201380049974.2A CN201380049974A CN104756129B CN 104756129 B CN104756129 B CN 104756129B CN 201380049974 A CN201380049974 A CN 201380049974A CN 104756129 B CN104756129 B CN 104756129B
Authority
CN
China
Prior art keywords
instruction
domain
data
security
instructions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380049974.2A
Other languages
English (en)
Chinese (zh)
Other versions
CN104756129A (zh
Inventor
托马斯·克里斯托弗·乔洛卡特
斯图亚特·大卫·贝尔斯
西蒙·约翰·克拉斯克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ARM Ltd
Original Assignee
Advanced Risc Machines Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Risc Machines Ltd filed Critical Advanced Risc Machines Ltd
Publication of CN104756129A publication Critical patent/CN104756129A/zh
Application granted granted Critical
Publication of CN104756129B publication Critical patent/CN104756129B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30072Arrangements for executing specific machine instructions to perform conditional operations, e.g. using predicates or guards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
CN201380049974.2A 2012-10-01 2013-09-17 用于在数据处理器的不同操作域之间切换的安全机制 Active CN104756129B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
GB201217531A GB201217531D0 (en) 2012-10-01 2012-10-01 ARMv7-M Asset Protection Proposal
GB1217531.1 2012-10-01
GB1313869.8A GB2506501A (en) 2012-10-01 2013-08-02 A secure mechanism to switch between different domains of operation
GB1313869.8 2013-08-02
PCT/GB2013/052423 WO2014053806A1 (en) 2012-10-01 2013-09-17 A secure mechanism to switch between different domains of operation in a data processor

Publications (2)

Publication Number Publication Date
CN104756129A CN104756129A (zh) 2015-07-01
CN104756129B true CN104756129B (zh) 2017-11-28

Family

ID=47225487

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380049974.2A Active CN104756129B (zh) 2012-10-01 2013-09-17 用于在数据处理器的不同操作域之间切换的安全机制

Country Status (12)

Country Link
US (1) US9122890B2 (cg-RX-API-DMAC7.html)
EP (2) EP2888691B1 (cg-RX-API-DMAC7.html)
JP (1) JP6272875B2 (cg-RX-API-DMAC7.html)
KR (2) KR102160916B1 (cg-RX-API-DMAC7.html)
CN (1) CN104756129B (cg-RX-API-DMAC7.html)
AR (1) AR092752A1 (cg-RX-API-DMAC7.html)
GB (2) GB201217531D0 (cg-RX-API-DMAC7.html)
IL (2) IL237180B (cg-RX-API-DMAC7.html)
IN (1) IN2015DN01188A (cg-RX-API-DMAC7.html)
MY (2) MY176723A (cg-RX-API-DMAC7.html)
TW (1) TWI607342B (cg-RX-API-DMAC7.html)
WO (2) WO2014053802A1 (cg-RX-API-DMAC7.html)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015095352A1 (en) * 2013-12-17 2015-06-25 Sequitur Labs, Inc. Method and system for dynamic runtime selection and modification of conditional expressions in computations
US9703733B2 (en) * 2014-06-27 2017-07-11 Intel Corporation Instructions and logic to interrupt and resume paging in a secure enclave page cache
CN105988713B (zh) * 2015-01-29 2019-01-08 深圳市硅格半导体有限公司 存储装置及存储方法
US9747218B2 (en) 2015-03-20 2017-08-29 Mill Computing, Inc. CPU security mechanisms employing thread-specific protection domains
US9870466B2 (en) * 2015-09-26 2018-01-16 Mcafee, Inc. Hardware-enforced code paths
CN107315568B (zh) * 2016-04-26 2020-08-07 中科寒武纪科技股份有限公司 一种用于执行向量逻辑运算的装置
US20180004946A1 (en) * 2016-07-01 2018-01-04 Intel Corporation Regulating control transfers for execute-only code execution
US10650156B2 (en) 2017-04-26 2020-05-12 International Business Machines Corporation Environmental security controls to prevent unauthorized access to files, programs, and objects
GB2562102B (en) * 2017-05-05 2019-09-04 Advanced Risc Mach Ltd An apparatus and method for managing use of capabilities
CN109754062B (zh) * 2017-11-07 2024-05-14 上海寒武纪信息科技有限公司 卷积扩展指令的执行方法以及相关产品
US11182507B2 (en) * 2018-08-30 2021-11-23 Micron Technology, Inc. Domain crossing in executing instructions in computer processors
US11914726B2 (en) 2018-08-30 2024-02-27 Micron Technology, Inc. Access control for processor registers based on execution domains
US10942863B2 (en) 2018-08-30 2021-03-09 Micron Technology, Inc. Security configurations in page table entries for execution domains using a sandbox application operation
GB2577878B (en) * 2018-10-08 2020-11-11 Advanced Risc Mach Ltd Transition disable indicator
CN111339060B (zh) * 2018-12-19 2024-03-12 上海寒武纪信息科技有限公司 运算方法、装置、计算机设备和存储介质
CN111353595A (zh) * 2018-12-20 2020-06-30 上海寒武纪信息科技有限公司 运算方法、装置及相关产品
CN111400341B (zh) * 2019-01-02 2022-12-09 上海寒武纪信息科技有限公司 标量查找指令处理方法、装置及相关产品
GB2589897B (en) 2019-12-11 2022-03-23 Advanced Risc Mach Ltd Domain transition disable configuration parameter
GB2589896B (en) * 2019-12-11 2022-07-27 Advanced Risc Mach Ltd An apparatus and method for handling exceptions
GB2589895B (en) * 2019-12-11 2022-03-16 Advanced Risc Mach Ltd Intermodal calling branch instruction
CN115114134B (zh) * 2021-03-17 2025-04-04 浙江大华技术股份有限公司 一种软件诊断系统加载方法及其系统、设备、存储介质
CN114936166B (zh) * 2022-06-22 2025-01-28 云合智网(上海)技术有限公司 SAI Thrift自动化测试框架的构建方法
CN119906585B (zh) * 2025-03-31 2025-06-24 北京国都互联科技有限公司 数据安全传输方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1711524A (zh) * 2002-11-18 2005-12-21 Arm有限公司 在安全模式和非安全模式间切换的处理器
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
CN101281459A (zh) * 2007-04-03 2008-10-08 Arm有限公司 受保护的功能调用

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4087856A (en) * 1976-06-30 1978-05-02 International Business Machines Corporation Location dependence for assuring the security of system-control operations
US7383587B2 (en) * 2002-11-18 2008-06-03 Arm Limited Exception handling control in a secure processing system
US20040168047A1 (en) * 2003-02-24 2004-08-26 Matsushita Electric Industrial Co., Ltd. Processor and compiler for creating program for the processor
EP1828884B1 (en) * 2004-12-14 2010-08-25 Silicon Hive B.V. Programmable signal processing circuit and method of de-interleaving
US8621607B2 (en) * 2006-05-18 2013-12-31 Vmware, Inc. Computational system including mechanisms for tracking taint
US8136091B2 (en) * 2007-01-31 2012-03-13 Microsoft Corporation Architectural support for software-based protection
US8578483B2 (en) * 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
GB2482701C (en) * 2010-08-11 2018-12-26 Advanced Risc Mach Ltd Illegal mode change handling
US9798873B2 (en) * 2011-08-04 2017-10-24 Elwha Llc Processor operable to ensure code integrity

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1711524A (zh) * 2002-11-18 2005-12-21 Arm有限公司 在安全模式和非安全模式间切换的处理器
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
CN101281459A (zh) * 2007-04-03 2008-10-08 Arm有限公司 受保护的功能调用

Also Published As

Publication number Publication date
IL237180B (en) 2018-06-28
EP2885738A1 (en) 2015-06-24
WO2014053802A1 (en) 2014-04-10
JP2015534689A (ja) 2015-12-03
EP2888691B1 (en) 2018-11-21
IN2015DN01188A (cg-RX-API-DMAC7.html) 2015-06-26
EP2888691A1 (en) 2015-07-01
EP2885738B1 (en) 2016-10-26
AR092752A1 (es) 2015-04-29
CN104756129A (zh) 2015-07-01
JP6272875B2 (ja) 2018-01-31
US9122890B2 (en) 2015-09-01
GB2506501A (en) 2014-04-02
US20140075581A1 (en) 2014-03-13
KR20150064069A (ko) 2015-06-10
TW201415287A (zh) 2014-04-16
IL237280B (en) 2018-04-30
TWI607342B (zh) 2017-12-01
WO2014053806A1 (en) 2014-04-10
KR20150065735A (ko) 2015-06-15
KR102160916B1 (ko) 2020-09-29
MY176723A (en) 2020-08-19
GB201217531D0 (en) 2012-11-14
MY168636A (en) 2018-11-16
IL237280A0 (en) 2015-04-30
GB201313869D0 (en) 2013-09-18
KR102186675B1 (ko) 2020-12-04

Similar Documents

Publication Publication Date Title
CN104756129B (zh) 用于在数据处理器的不同操作域之间切换的安全机制
Shanbhogue et al. Security analysis of processor instruction set architecture for enforcing control-flow integrity
US9275225B2 (en) Linear address mapping protection
CN101351774B (zh) 将存储页面与程序相关联的页面着色的方法、装置和系统
US20120216281A1 (en) Systems and Methods for Providing a Computing Device Having a Secure Operating System Kernel
TWI667611B (zh) 資料處理設備及用於其之方法
JP2008257735A (ja) 保護された関数呼び出し
JP7645262B2 (ja) ドメイン遷移無効化構成パラメータ
Qiang et al. PrivGuard: Protecting sensitive kernel data from privilege escalation attacks
KR101816866B1 (ko) 감시 대상 시스템의 기밀성 및 무결성 감시 장치 및 방법
JP7737373B2 (ja) インターモーダル呼び出し分岐命令
CN111771188A (zh) 带链接分支指令的分支目标变体
JP2025514826A (ja) 例外復帰状態ロックパラメータ
TW202418067A (zh) 堆疊指標切換有效性檢查
Kapoor et al. Rootkits part 2: A technical primer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant