CN107392011A - 一种内存页转移方法 - Google Patents
一种内存页转移方法 Download PDFInfo
- Publication number
- CN107392011A CN107392011A CN201710726204.7A CN201710726204A CN107392011A CN 107392011 A CN107392011 A CN 107392011A CN 201710726204 A CN201710726204 A CN 201710726204A CN 107392011 A CN107392011 A CN 107392011A
- Authority
- CN
- China
- Prior art keywords
- safety container
- container
- secure memory
- enclave
- linear address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
Description
字段 | 说明 |
VALID | 当前这个EPCM是否合法 |
R/W/X | enclave对相应的EPC页是否有读/写/执行权限 |
ENCLAVESECS | 对应EPC页属于哪个enclave |
ENCLAVEADDRESS | 能够访问对应EPC页的合法虚拟地址 |
BLOCKED/PENDING/MODIFIED | 对应的EPC所处的状态 |
参数名称 | 说明 |
Target_Enclave_ID | 目标enclave的ID |
参数名称 | 说明 |
Current_Enclave_ID | 当前enclave的ID |
Shared_Key | 共享随机数 |
Target_Enclave_Func | 目标enclave的函数编号 |
EPC_PAGE_NUM | 要转移权限的EPC页面数量 |
Current_Enclave_Page_Vaddr | 当前enclave中将要转移的页面的线性地址 |
Target_Enclage_Page_Vaddr | 目标enclave中将要接收被转移物理页面的线性地址 |
Current_Enclave_TCS | 当前enclave的TCS(Thread Control Structure)地址 |
Target_Enclave_TCS | 目标enclave的TCS地址 |
Claims (8)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010033813.6A CN111259380B (zh) | 2017-08-22 | 2017-08-22 | 内存页转移方法和函数调用方法 |
CN201710726204.7A CN107392011B (zh) | 2017-08-22 | 2017-08-22 | 一种内存页转移方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710726204.7A CN107392011B (zh) | 2017-08-22 | 2017-08-22 | 一种内存页转移方法 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010033813.6A Division CN111259380B (zh) | 2017-08-22 | 2017-08-22 | 内存页转移方法和函数调用方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107392011A true CN107392011A (zh) | 2017-11-24 |
CN107392011B CN107392011B (zh) | 2019-11-22 |
Family
ID=60353956
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710726204.7A Active CN107392011B (zh) | 2017-08-22 | 2017-08-22 | 一种内存页转移方法 |
CN202010033813.6A Active CN111259380B (zh) | 2017-08-22 | 2017-08-22 | 内存页转移方法和函数调用方法 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010033813.6A Active CN111259380B (zh) | 2017-08-22 | 2017-08-22 | 内存页转移方法和函数调用方法 |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN107392011B (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021227954A1 (zh) * | 2020-05-09 | 2021-11-18 | 支付宝(杭州)信息技术有限公司 | 基于容器集群的应用访问请求处理 |
CN116108454A (zh) * | 2023-04-06 | 2023-05-12 | 支付宝(杭州)信息技术有限公司 | 内存页面管理方法及装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159184A1 (en) * | 2010-12-17 | 2012-06-21 | Johnson Simon P | Technique for Supporting Multiple Secure Enclaves |
EP2889777A2 (en) * | 2013-12-27 | 2015-07-01 | Intel IP Corporation | Modifying memory permissions in a secure processing environment |
CN105339945A (zh) * | 2013-07-23 | 2016-02-17 | 英特尔公司 | 安全处理环境中的特征许可 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100476759C (zh) * | 2004-03-16 | 2009-04-08 | 钟巨航 | 外存储器的虚拟分隔方法及其装置 |
CN101819564B (zh) * | 2009-02-26 | 2013-04-17 | 国际商业机器公司 | 协助在虚拟机之间进行通信的方法和装置 |
CN102473224B (zh) * | 2009-12-22 | 2016-10-12 | 英特尔公司 | 提供安全应用执行的方法和装置 |
CN103136059A (zh) * | 2011-11-24 | 2013-06-05 | 中兴通讯股份有限公司 | 一种内存区间相互隔离的程序之间的通讯方法及处理单元 |
US9747102B2 (en) * | 2012-12-28 | 2017-08-29 | Intel Corporation | Memory management in secure enclaves |
US9323686B2 (en) * | 2012-12-28 | 2016-04-26 | Intel Corporation | Paging in secure enclaves |
US9189411B2 (en) * | 2012-12-28 | 2015-11-17 | Intel Corporation | Logging in secure enclaves |
US20140189246A1 (en) * | 2012-12-31 | 2014-07-03 | Bin Xing | Measuring applications loaded in secure enclaves at runtime |
US9430384B2 (en) * | 2013-03-31 | 2016-08-30 | Intel Corporation | Instructions and logic to provide advanced paging capabilities for secure enclave page caches |
US9767044B2 (en) * | 2013-09-24 | 2017-09-19 | Intel Corporation | Secure memory repartitioning |
CN105531709B (zh) * | 2013-09-27 | 2019-08-20 | 迈克菲股份有限公司 | 可执行对象在本地设备上的受信任的执行 |
US9311508B2 (en) * | 2013-12-27 | 2016-04-12 | Intel Corporation | Processors, methods, systems, and instructions to change addresses of pages of secure enclaves |
US9703733B2 (en) * | 2014-06-27 | 2017-07-11 | Intel Corporation | Instructions and logic to interrupt and resume paging in a secure enclave page cache |
US20160085695A1 (en) * | 2014-09-24 | 2016-03-24 | Intel Corporation | Memory initialization in a protected region |
CN104573553A (zh) * | 2014-12-30 | 2015-04-29 | 中国航天科工集团第二研究院七O六所 | 一种面向Xen的虚拟机内存共享的安全隔离方法 |
CN104750620B (zh) * | 2015-04-23 | 2018-02-16 | 四川师范大学 | 一种内存迁移方法及装置 |
US20170303150A1 (en) * | 2016-02-16 | 2017-10-19 | Saguna Networks Ltd. | Methods Circuits Devices Systems and Functionally Associated Computer Executable Code to Support Edge Computing on a Communication Network |
CN106777166A (zh) * | 2016-12-21 | 2017-05-31 | 济南浪潮高新科技投资发展有限公司 | 一种利用Docker容器进行虚拟内存数据库存储的实现方法 |
-
2017
- 2017-08-22 CN CN201710726204.7A patent/CN107392011B/zh active Active
- 2017-08-22 CN CN202010033813.6A patent/CN111259380B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159184A1 (en) * | 2010-12-17 | 2012-06-21 | Johnson Simon P | Technique for Supporting Multiple Secure Enclaves |
CN105339945A (zh) * | 2013-07-23 | 2016-02-17 | 英特尔公司 | 安全处理环境中的特征许可 |
EP2889777A2 (en) * | 2013-12-27 | 2015-07-01 | Intel IP Corporation | Modifying memory permissions in a secure processing environment |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021227954A1 (zh) * | 2020-05-09 | 2021-11-18 | 支付宝(杭州)信息技术有限公司 | 基于容器集群的应用访问请求处理 |
CN116108454A (zh) * | 2023-04-06 | 2023-05-12 | 支付宝(杭州)信息技术有限公司 | 内存页面管理方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN111259380A (zh) | 2020-06-09 |
CN107392011B (zh) | 2019-11-22 |
CN111259380B (zh) | 2021-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106354670A (zh) | 一种用于虚拟化环境下传输数据的方法与设备 | |
CN105283855B (zh) | 一种寻址方法及装置 | |
CN104881596B (zh) | 在安全处理环境中修改存储器权限 | |
CN104813295B (zh) | 安全区域内的日志记录 | |
CN101853416B (zh) | 设有虚拟智能卡的物理智能卡及虚拟智能卡的配置方法 | |
CN105138310B (zh) | 一种并发访问控制方法和系统 | |
CN103116723A (zh) | 一种网址拦截处理的方法、装置和系统 | |
CN108710585A (zh) | 安全区域内的存储器管理 | |
CN103778066B (zh) | 数据处理方法和装置 | |
CN101490654A (zh) | 在虚拟机中避免高速缓存行共享 | |
DE60044783D1 (de) | Partitionierte speichervorrichtung mit merkmalen unterschiedlicher speichertechnologien | |
CN107392011A (zh) | 一种内存页转移方法 | |
CN105959331B (zh) | 防火墙策略的优化方法及装置 | |
CN103400074B (zh) | 一种隐藏进程的检测方法及装置 | |
Whyte | Introduction: rural economic reforms and Chinese family patterns | |
CN107071007A (zh) | 一种获取配置资源的方法、装置及客户端 | |
CN113297433A (zh) | 一种访问图数据库的方法和系统 | |
KR20120036654A (ko) | 공유 가상 메모리를 이용한 멀티 프로세서 및 주소 변환 테이블 생성 방법 | |
CN106610865A (zh) | 一种数据加锁及解锁的方法及装置 | |
Alharkan et al. | An order effect of neighborhood structures in variable neighborhood search algorithm for minimizing the makespan in an identical parallel machine scheduling | |
CN103988462B (zh) | 用于执行寄存器重命名的寄存器重命名数据处理装置和方法 | |
CN101315655A (zh) | 一种防御缓冲区溢出攻击方法和装置 | |
Chen et al. | Mixed coordination mechanisms for scheduling games on hierarchical machines | |
CN109491785A (zh) | 内存访问调度方法、装置及设备 | |
Trebilcock | What makes poor countries poor?: the role of institutional capital in economic development |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20180110 Address after: 300143 Tianjin Haitai Huayuan Industrial Zone No. 18 West North 2-204 industrial incubation -3-8 Applicant after: Hai Guang Information Technology Co., Ltd. Address before: 201203 3F, No. 1388, 02-01, Zhang Dong Road, Pudong New Area, Shanghai Applicant before: Analog Microelectronics (Shanghai) Co., Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 300143 Tianjin Haitai Huayuan Industrial Zone No. 18 West North 2-204 industrial incubation -3-8 Patentee after: Haiguang Information Technology Co., Ltd Address before: 300143 Tianjin Haitai Huayuan Industrial Zone No. 18 West North 2-204 industrial incubation -3-8 Patentee before: HAIGUANG INFORMATION TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |