CN104756129B - 用于在数据处理器的不同操作域之间切换的安全机制 - Google Patents

用于在数据处理器的不同操作域之间切换的安全机制 Download PDF

Info

Publication number
CN104756129B
CN104756129B CN201380049974.2A CN201380049974A CN104756129B CN 104756129 B CN104756129 B CN 104756129B CN 201380049974 A CN201380049974 A CN 201380049974A CN 104756129 B CN104756129 B CN 104756129B
Authority
CN
China
Prior art keywords
instruction
domain
data storage
security
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380049974.2A
Other languages
English (en)
Chinese (zh)
Other versions
CN104756129A (zh
Inventor
托马斯·克里斯托弗·乔洛卡特
斯图亚特·大卫·贝尔斯
西蒙·约翰·克拉斯克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ARM Ltd
Original Assignee
Advanced Risc Machines Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Risc Machines Ltd filed Critical Advanced Risc Machines Ltd
Publication of CN104756129A publication Critical patent/CN104756129A/zh
Application granted granted Critical
Publication of CN104756129B publication Critical patent/CN104756129B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30072Arrangements for executing specific machine instructions to perform conditional operations, e.g. using predicates or guards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
CN201380049974.2A 2012-10-01 2013-09-17 用于在数据处理器的不同操作域之间切换的安全机制 Active CN104756129B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
GB201217531A GB201217531D0 (en) 2012-10-01 2012-10-01 ARMv7-M Asset Protection Proposal
GB1217531.1 2012-10-01
GB1313869.8A GB2506501A (en) 2012-10-01 2013-08-02 A secure mechanism to switch between different domains of operation
GB1313869.8 2013-08-02
PCT/GB2013/052423 WO2014053806A1 (en) 2012-10-01 2013-09-17 A secure mechanism to switch between different domains of operation in a data processor

Publications (2)

Publication Number Publication Date
CN104756129A CN104756129A (zh) 2015-07-01
CN104756129B true CN104756129B (zh) 2017-11-28

Family

ID=47225487

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380049974.2A Active CN104756129B (zh) 2012-10-01 2013-09-17 用于在数据处理器的不同操作域之间切换的安全机制

Country Status (12)

Country Link
US (1) US9122890B2 (enExample)
EP (2) EP2888691B1 (enExample)
JP (1) JP6272875B2 (enExample)
KR (2) KR102160916B1 (enExample)
CN (1) CN104756129B (enExample)
AR (1) AR092752A1 (enExample)
GB (2) GB201217531D0 (enExample)
IL (2) IL237180B (enExample)
IN (1) IN2015DN01188A (enExample)
MY (2) MY176723A (enExample)
TW (1) TWI607342B (enExample)
WO (2) WO2014053802A1 (enExample)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015095352A1 (en) * 2013-12-17 2015-06-25 Sequitur Labs, Inc. Method and system for dynamic runtime selection and modification of conditional expressions in computations
US9703733B2 (en) 2014-06-27 2017-07-11 Intel Corporation Instructions and logic to interrupt and resume paging in a secure enclave page cache
CN105988713B (zh) * 2015-01-29 2019-01-08 深圳市硅格半导体有限公司 存储装置及存储方法
US9747218B2 (en) * 2015-03-20 2017-08-29 Mill Computing, Inc. CPU security mechanisms employing thread-specific protection domains
US9870466B2 (en) * 2015-09-26 2018-01-16 Mcafee, Inc. Hardware-enforced code paths
CN111651202B (zh) * 2016-04-26 2023-09-22 中科寒武纪科技股份有限公司 一种用于执行向量逻辑运算的装置
US20180004946A1 (en) * 2016-07-01 2018-01-04 Intel Corporation Regulating control transfers for execute-only code execution
US10650156B2 (en) 2017-04-26 2020-05-12 International Business Machines Corporation Environmental security controls to prevent unauthorized access to files, programs, and objects
GB2562102B (en) * 2017-05-05 2019-09-04 Advanced Risc Mach Ltd An apparatus and method for managing use of capabilities
CN109754062B (zh) * 2017-11-07 2024-05-14 上海寒武纪信息科技有限公司 卷积扩展指令的执行方法以及相关产品
US11182507B2 (en) * 2018-08-30 2021-11-23 Micron Technology, Inc. Domain crossing in executing instructions in computer processors
US10942863B2 (en) 2018-08-30 2021-03-09 Micron Technology, Inc. Security configurations in page table entries for execution domains using a sandbox application operation
US11914726B2 (en) 2018-08-30 2024-02-27 Micron Technology, Inc. Access control for processor registers based on execution domains
GB2577878B (en) * 2018-10-08 2020-11-11 Advanced Risc Mach Ltd Transition disable indicator
CN111353595A (zh) * 2018-12-20 2020-06-30 上海寒武纪信息科技有限公司 运算方法、装置及相关产品
CN111339060B (zh) * 2018-12-19 2024-03-12 上海寒武纪信息科技有限公司 运算方法、装置、计算机设备和存储介质
CN111400341B (zh) * 2019-01-02 2022-12-09 上海寒武纪信息科技有限公司 标量查找指令处理方法、装置及相关产品
GB2589897B (en) * 2019-12-11 2022-03-23 Advanced Risc Mach Ltd Domain transition disable configuration parameter
GB2589896B (en) * 2019-12-11 2022-07-27 Advanced Risc Mach Ltd An apparatus and method for handling exceptions
GB2589895B (en) * 2019-12-11 2022-03-16 Advanced Risc Mach Ltd Intermodal calling branch instruction
CN115114134B (zh) * 2021-03-17 2025-04-04 浙江大华技术股份有限公司 一种软件诊断系统加载方法及其系统、设备、存储介质
CN114936166B (zh) * 2022-06-22 2025-01-28 云合智网(上海)技术有限公司 SAI Thrift自动化测试框架的构建方法
CN119906585B (zh) * 2025-03-31 2025-06-24 北京国都互联科技有限公司 数据安全传输方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1711524A (zh) * 2002-11-18 2005-12-21 Arm有限公司 在安全模式和非安全模式间切换的处理器
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
CN101281459A (zh) * 2007-04-03 2008-10-08 Arm有限公司 受保护的功能调用

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4087856A (en) * 1976-06-30 1978-05-02 International Business Machines Corporation Location dependence for assuring the security of system-control operations
US7383587B2 (en) * 2002-11-18 2008-06-03 Arm Limited Exception handling control in a secure processing system
US20040168047A1 (en) * 2003-02-24 2004-08-26 Matsushita Electric Industrial Co., Ltd. Processor and compiler for creating program for the processor
JP4949267B2 (ja) * 2004-12-14 2012-06-06 シリコン ハイブ ビー・ヴィー プログラム可能な信号処理回路及びインターリーブ方法
US8621607B2 (en) * 2006-05-18 2013-12-31 Vmware, Inc. Computational system including mechanisms for tracking taint
US8136091B2 (en) * 2007-01-31 2012-03-13 Microsoft Corporation Architectural support for software-based protection
US8578483B2 (en) 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
GB2482701C (en) * 2010-08-11 2018-12-26 Advanced Risc Mach Ltd Illegal mode change handling
US9798873B2 (en) * 2011-08-04 2017-10-24 Elwha Llc Processor operable to ensure code integrity

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1711524A (zh) * 2002-11-18 2005-12-21 Arm有限公司 在安全模式和非安全模式间切换的处理器
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
CN101281459A (zh) * 2007-04-03 2008-10-08 Arm有限公司 受保护的功能调用

Also Published As

Publication number Publication date
WO2014053802A1 (en) 2014-04-10
EP2888691A1 (en) 2015-07-01
KR102160916B1 (ko) 2020-09-29
KR20150065735A (ko) 2015-06-15
GB201217531D0 (en) 2012-11-14
WO2014053806A1 (en) 2014-04-10
IL237180B (en) 2018-06-28
JP2015534689A (ja) 2015-12-03
EP2888691B1 (en) 2018-11-21
CN104756129A (zh) 2015-07-01
JP6272875B2 (ja) 2018-01-31
EP2885738B1 (en) 2016-10-26
AR092752A1 (es) 2015-04-29
US20140075581A1 (en) 2014-03-13
EP2885738A1 (en) 2015-06-24
KR102186675B1 (ko) 2020-12-04
GB201313869D0 (en) 2013-09-18
MY176723A (en) 2020-08-19
TWI607342B (zh) 2017-12-01
KR20150064069A (ko) 2015-06-10
IN2015DN01188A (enExample) 2015-06-26
US9122890B2 (en) 2015-09-01
IL237280A0 (en) 2015-04-30
MY168636A (en) 2018-11-16
TW201415287A (zh) 2014-04-16
IL237280B (en) 2018-04-30
GB2506501A (en) 2014-04-02

Similar Documents

Publication Publication Date Title
CN104756129B (zh) 用于在数据处理器的不同操作域之间切换的安全机制
CN102663312B (zh) 一种基于虚拟机的rop攻击检测方法及系统
Lee et al. Enlisting hardware architecture to thwart malicious code injection
CN105264540B (zh) 数据处理设备中的软件库的安全保护
CN103310163B (zh) 使用安全域与次安全域的数据处理装置和方法
JP7645262B2 (ja) ドメイン遷移無効化構成パラメータ
CN106991328B (zh) 一种基于动态内存指纹异常分析的漏洞利用检测识别方法
TW202029045A (zh) 驗證堆疊指標
Chekole et al. Cima: Compiler-enforced resilience against memory safety attacks in cyber-physical systems
Das et al. Detecting/preventing information leakage on the memory bus due to malicious hardware
JP7737373B2 (ja) インターモーダル呼び出し分岐命令
CN110162965B (zh) 一种运行时访问控制方法及计算装置
CN110008726B (zh) 一种运行时访问控制装置和方法
Zhang et al. eSROP Attack: Leveraging Signal Handler to Implement Turing-Complete Attack Under CFI Defense
Ravichandran Discovering Novel Microarchitectural Security Vulnerabilities in Modern Processors
Mishra Adversarial Assertions
Zhu et al. The Formal Functional Specification of DeltaUNITY: An Industrial Software Engineering Practice
de Oliveira et al. Reversing to detect software vulnerabilities

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant