CN113544664B - 用于中断使能的安全接口控件高级指令拦截 - Google Patents

用于中断使能的安全接口控件高级指令拦截 Download PDF

Info

Publication number
CN113544664B
CN113544664B CN202080019339.XA CN202080019339A CN113544664B CN 113544664 B CN113544664 B CN 113544664B CN 202080019339 A CN202080019339 A CN 202080019339A CN 113544664 B CN113544664 B CN 113544664B
Authority
CN
China
Prior art keywords
secure
interrupt
client
interface control
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202080019339.XA
Other languages
English (en)
Chinese (zh)
Other versions
CN113544664A (zh
Inventor
C·博尔特雷格
C·英布伦达
F·布萨巴
J·布拉德伯里
L·海勒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN113544664A publication Critical patent/CN113544664A/zh
Application granted granted Critical
Publication of CN113544664B publication Critical patent/CN113544664B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
CN202080019339.XA 2019-03-08 2020-02-28 用于中断使能的安全接口控件高级指令拦截 Active CN113544664B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,452 US11308215B2 (en) 2019-03-08 2019-03-08 Secure interface control high-level instruction interception for interruption enablement
US16/296,452 2019-03-08
PCT/EP2020/055317 WO2020182498A1 (en) 2019-03-08 2020-02-28 Secure interface control high-level instruction interception for interruption enablement

Publications (2)

Publication Number Publication Date
CN113544664A CN113544664A (zh) 2021-10-22
CN113544664B true CN113544664B (zh) 2023-03-14

Family

ID=69740350

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080019339.XA Active CN113544664B (zh) 2019-03-08 2020-02-28 用于中断使能的安全接口控件高级指令拦截

Country Status (11)

Country Link
US (1) US11308215B2 (https=)
EP (1) EP3935532B1 (https=)
JP (1) JP7398472B2 (https=)
CN (1) CN113544664B (https=)
AU (1) AU2020237597B2 (https=)
CA (1) CA3132752A1 (https=)
ES (1) ES2998775T3 (https=)
HU (1) HUE069535T2 (https=)
IL (1) IL284822B2 (https=)
PL (1) PL3935532T3 (https=)
WO (1) WO2020182498A1 (https=)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11842227B2 (en) * 2019-10-10 2023-12-12 Advanced Micro Devices, Inc. Hypervisor secure event handling at a processor
US12020059B2 (en) 2021-08-30 2024-06-25 International Business Machines Corporation Inaccessible prefix pages during virtual machine execution
US12019772B2 (en) * 2021-09-14 2024-06-25 International Business Machines Corporation Storing diagnostic state of secure virtual machines
WO2026054335A1 (ko) * 2024-09-03 2026-03-12 삼성전자주식회사 하이퍼바이저를 실행하기 위한 전자 장치, 방법, 및 프로세서

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102906705A (zh) * 2010-06-23 2013-01-30 国际商业机器公司 将消息信号中断转换为对客户操作系统的i/o适配器事件通知
WO2013181939A1 (zh) * 2012-06-08 2013-12-12 华为技术有限公司 通信设备硬件资源的虚拟化管理方法及相关装置
CN105700826A (zh) * 2015-12-31 2016-06-22 华为技术有限公司 虚拟化方法和装置

Family Cites Families (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896499A (en) 1997-02-21 1999-04-20 International Business Machines Corporation Embedded security processor
WO2005036367A2 (en) 2003-10-08 2005-04-21 Unisys Corporation Virtual data center that allocates and manages system resources across multiple nodes
US20080059556A1 (en) 2006-08-31 2008-03-06 Egenera, Inc. Providing virtual machine technology as an embedded layer within a processing platform
US8176280B2 (en) * 2008-02-25 2012-05-08 International Business Machines Corporation Use of test protection instruction in computing environments that support pageable guests
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8516481B2 (en) 2008-04-04 2013-08-20 Hewlett-Packard Development Company, L.P. Virtual machine manager system and methods
US9002014B2 (en) 2008-05-24 2015-04-07 Via Technologies, Inc. On-die cryptographic apparatus in a secure microprocessor
US9100548B2 (en) 2008-07-17 2015-08-04 Cisco Technology, Inc. Feature enablement at a communications terminal
GB2462258B (en) * 2008-07-28 2012-02-08 Advanced Risc Mach Ltd Interrupt control for virtual processing apparatus
TWI525452B (zh) 2008-10-02 2016-03-11 美國博通公司 安全處理系統
US8555377B2 (en) 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
CN102811239B (zh) 2011-06-03 2017-09-12 中兴通讯股份有限公司 一种虚拟机系统及其安全控制方法
KR101323858B1 (ko) 2011-06-22 2013-11-21 한국과학기술원 가상화 시스템에서 메모리 접근을 제어하는 장치 및 방법
US9218288B2 (en) 2012-06-15 2015-12-22 International Business Machines Corporation Monitoring a value in storage without repeated storage access
EP2867770B1 (en) 2012-06-29 2020-05-27 Intel Corporation Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US8656482B1 (en) 2012-08-20 2014-02-18 Bitdefender IPR Management Ltd. Secure communication using a trusted virtual machine
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
GB2515536A (en) * 2013-06-27 2014-12-31 Ibm Processing a guest event in a hypervisor-controlled system
WO2015015473A1 (en) 2013-08-02 2015-02-05 Ologn Technologies Ag A secure server on a system with virtual machines
US9355050B2 (en) 2013-11-05 2016-05-31 Qualcomm Incorporated Secure, fast and normal virtual interrupt direct assignment in a virtualized interrupt controller in a mobile system-on-chip
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9672058B2 (en) 2014-03-13 2017-06-06 Unisys Corporation Reduced service partition virtualization system and method
US9213569B2 (en) * 2014-03-27 2015-12-15 International Business Machines Corporation Exiting multiple threads in a computer
KR20160033517A (ko) 2014-09-18 2016-03-28 한국전자통신연구원 인터럽트 컨트롤러를 위한 하이브리드 가상화 방법
GB2532415A (en) * 2014-11-11 2016-05-25 Ibm Processing a guest event in a hypervisor-controlled system
US10235282B2 (en) 2015-06-01 2019-03-19 Hitachi, Ltd. Computer system, computer, and method to manage allocation of virtual and physical memory areas
GB2539436B (en) 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
CN105184147B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 云计算平台中的用户安全管理方法
CN105184164B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 一种数据处理方法
US9792143B1 (en) 2015-10-23 2017-10-17 Amazon Technologies, Inc. Platform secure execution modes
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
CN107038128B (zh) 2016-02-03 2020-07-28 华为技术有限公司 一种执行环境的虚拟化、虚拟执行环境的访问方法及装置
US10223281B2 (en) * 2016-07-18 2019-03-05 International Business Machines Corporation Increasing the scope of local purges of structures associated with address translation
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US20180165224A1 (en) 2016-12-12 2018-06-14 Ati Technologies Ulc Secure encrypted virtualization
WO2018176360A1 (en) 2017-03-31 2018-10-04 Intel Corporation Scalable interrupt virtualization for input/output devices
WO2019070675A1 (en) * 2017-10-03 2019-04-11 Rutgers, The State University Of New Jersey TRACKING INFORMATION FLOW BASED ON VALUES IN PROGICIELS
DE112017008307T5 (de) 2017-12-27 2020-09-17 Intel Corporation Systeme und verfahren zur effizienten unterbrechung von virtuellen maschinen
US10545783B2 (en) * 2018-08-22 2020-01-28 Intel Corporation Technologies for securing data structures for controlling virtual machines
US11693952B2 (en) 2018-10-31 2023-07-04 Vmware, Inc. System and method for providing secure execution environments using virtualization technology
US10970100B2 (en) * 2019-03-08 2021-04-06 International Business Machines Corporation Starting a secure guest using an initial program load mechanism
US11347869B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11487906B2 (en) * 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
US11403409B2 (en) * 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting
US11206128B2 (en) * 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US20200285501A1 (en) * 2019-03-08 2020-09-10 International Business Machines Corporation Communication interface of a secure interface control
US11640361B2 (en) * 2019-03-08 2023-05-02 International Business Machines Corporation Sharing secure memory across multiple security domains
US11531627B2 (en) * 2019-03-08 2022-12-20 International Business Machines Corporation Secure storage isolation
US11182192B2 (en) * 2019-03-08 2021-11-23 International Business Machines Corporation Controlling access to secure storage of a virtual machine
US11347529B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
US11283800B2 (en) * 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging
US11176054B2 (en) * 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
US11068310B2 (en) * 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11455398B2 (en) * 2019-03-08 2022-09-27 International Business Machines Corporation Testing storage protection hardware in a secure virtual machine environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102906705A (zh) * 2010-06-23 2013-01-30 国际商业机器公司 将消息信号中断转换为对客户操作系统的i/o适配器事件通知
WO2013181939A1 (zh) * 2012-06-08 2013-12-12 华为技术有限公司 通信设备硬件资源的虚拟化管理方法及相关装置
CN105700826A (zh) * 2015-12-31 2016-06-22 华为技术有限公司 虚拟化方法和装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于硬件架构和虚拟化扩展机制的虚拟机自省机制研究;邹冰玉等;《四川大学学报(工程科学版)》;20150131(第01期);全文 *

Also Published As

Publication number Publication date
IL284822B2 (en) 2024-03-01
US20200285747A1 (en) 2020-09-10
JP7398472B2 (ja) 2023-12-14
US11308215B2 (en) 2022-04-19
IL284822B1 (en) 2023-11-01
JP2022522374A (ja) 2022-04-18
IL284822A (en) 2021-08-31
EP3935532C0 (en) 2024-11-27
HUE069535T2 (hu) 2025-03-28
PL3935532T3 (pl) 2025-03-03
AU2020237597A1 (en) 2021-06-10
CA3132752A1 (en) 2020-09-17
ES2998775T3 (en) 2025-02-21
EP3935532B1 (en) 2024-11-27
EP3935532A1 (en) 2022-01-12
WO2020182498A1 (en) 2020-09-17
CN113544664A (zh) 2021-10-22
AU2020237597B2 (en) 2022-11-24

Similar Documents

Publication Publication Date Title
KR102738488B1 (ko) 여러 보안 도메인들에 걸친 보안 메모리의 공유
CN113544655B (zh) 安全接口控件安全存储硬件标记
CN113597609B (zh) 用于安全接口控件存储的主机虚拟地址空间
CN113544680B (zh) 用于页导入/导出的程序中断
CN113544645B (zh) 在安全虚拟机环境中测试存储保护硬件
CN113544686A (zh) 安全域和不安全实体之间的存储共享
CN113544642B (zh) 安全存储查询和捐献
CN113544664B (zh) 用于中断使能的安全接口控件高级指令拦截
JP7393846B2 (ja) セキュア・インターフェイス制御の高レベルのページ管理
JP7436495B2 (ja) セキュア・ストレージの分離
JP7525234B2 (ja) セキュア・インターフェース・コントロールの通信インターフェース
HK40057848B (zh) 安全接口控件的通信接口
HK40057240B (en) Secure interface control high-level instruction interception for interruption enablement
HK40057240A (en) Secure interface control high-level instruction interception for interruption enablement
HK40057638B (zh) 安全接口控件安全存储硬件标记
HK40057847B (zh) 安全存储隔离
HK40057638A (en) Secure interface control secure storage hardware tagging
HK40057847A (en) Secure storage isolation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40057240

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant