CN114365099B - 防止计算环境中的历史模式不一致的推测性访问 - Google Patents

防止计算环境中的历史模式不一致的推测性访问 Download PDF

Info

Publication number
CN114365099B
CN114365099B CN202080064279.3A CN202080064279A CN114365099B CN 114365099 B CN114365099 B CN 114365099B CN 202080064279 A CN202080064279 A CN 202080064279A CN 114365099 B CN114365099 B CN 114365099B
Authority
CN
China
Prior art keywords
selected event
address
pattern
event
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202080064279.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN114365099A (zh
Inventor
W·奥法雷尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN114365099A publication Critical patent/CN114365099A/zh
Application granted granted Critical
Publication of CN114365099B publication Critical patent/CN114365099B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0842Multiuser, multiprocessor or multiprocessing cache systems for multiprocessing or multitasking
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0844Multiple simultaneous or quasi-simultaneous cache accessing
    • G06F12/0855Overlapped cache accessing, e.g. pipeline
    • G06F12/0857Overlapped cache accessing, e.g. pipeline by multiple requestors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3004Arrangements for executing specific machine instructions to perform operations on memory
    • G06F9/30043LOAD or STORE instructions; Clear instruction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3836Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3836Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
    • G06F9/3842Speculative instruction execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/50Control mechanisms for virtual memory, cache or TLB
    • G06F2212/507Control mechanisms for virtual memory, cache or TLB using speculative control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Advance Control (AREA)
CN202080064279.3A 2019-09-17 2020-09-10 防止计算环境中的历史模式不一致的推测性访问 Active CN114365099B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/572,675 US11403394B2 (en) 2019-09-17 2019-09-17 Preventing selective events of a computing environment
US16/572,675 2019-09-17
PCT/EP2020/075363 WO2021052860A1 (en) 2019-09-17 2020-09-10 Preventing historical pattern inconsistent speculative accesses in a computing environment

Publications (2)

Publication Number Publication Date
CN114365099A CN114365099A (zh) 2022-04-15
CN114365099B true CN114365099B (zh) 2023-03-10

Family

ID=72474307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080064279.3A Active CN114365099B (zh) 2019-09-17 2020-09-10 防止计算环境中的历史模式不一致的推测性访问

Country Status (5)

Country Link
US (1) US11403394B2 (enExample)
EP (1) EP4031998B1 (enExample)
JP (1) JP7438337B2 (enExample)
CN (1) CN114365099B (enExample)
WO (1) WO2021052860A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11635965B2 (en) 2018-10-31 2023-04-25 Intel Corporation Apparatuses and methods for speculative execution side channel mitigation
US11443044B2 (en) * 2019-09-23 2022-09-13 International Business Machines Corporation Targeted very long delay for increasing speculative execution progression
US11029957B1 (en) * 2020-03-27 2021-06-08 Intel Corporation Apparatuses, methods, and systems for instructions to compartmentalize code
US12130908B2 (en) * 2020-05-01 2024-10-29 Forcepoint Llc Progressive trigger data and detection model
US12008370B2 (en) * 2021-05-06 2024-06-11 Purdue Research Foundation Method for preventing security attacks during speculative execution
US12417099B2 (en) 2022-04-02 2025-09-16 Intel Corporation Circuitry and methods for informing indirect prefetches using capabilities
US20230315640A1 (en) * 2022-04-02 2023-10-05 Intel Corporation Circuitry and methods for implementing capability-directed prefetching

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104335164A (zh) * 2012-06-15 2015-02-04 国际商业机器公司 事务中止处理

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5859992A (en) * 1997-03-12 1999-01-12 Advanced Micro Devices, Inc. Instruction alignment using a dispatch list and a latch list
US6314493B1 (en) * 1998-02-03 2001-11-06 International Business Machines Corporation Branch history cache
US6397296B1 (en) * 1999-02-19 2002-05-28 Hitachi Ltd. Two-level instruction cache for embedded processors
US20020091991A1 (en) * 2000-05-11 2002-07-11 Castro Juan Carlos Unified real-time microprocessor computer
US20040123081A1 (en) * 2002-12-20 2004-06-24 Allan Knies Mechanism to increase performance of control speculation
EP1471421A1 (en) * 2003-04-24 2004-10-27 STMicroelectronics Limited Speculative load instruction control
US20050154859A1 (en) * 2004-01-14 2005-07-14 Arm Limited Branch prediction in a data processing apparatus
US7721054B2 (en) 2005-01-18 2010-05-18 Texas Instruments Incorporated Speculative data loading using circular addressing or simulated circular addressing
EP2115583A2 (en) * 2007-01-30 2009-11-11 Nema Labs Ab Speculative throughput computing
US8117403B2 (en) * 2007-05-14 2012-02-14 International Business Machines Corporation Transactional memory system which employs thread assists using address history tables
US8131974B2 (en) * 2008-04-18 2012-03-06 International Business Machines Corporation Access speculation predictor implemented via idle command processing resources
US9239735B2 (en) 2013-07-17 2016-01-19 Texas Instruments Incorporated Compiler-control method for load speculation in a statically scheduled microprocessor
JP6273733B2 (ja) * 2013-09-20 2018-02-07 富士通株式会社 演算処理装置、情報処理装置、情報処理装置の制御方法および情報処理装置の制御プログラム
US9430273B2 (en) * 2014-02-27 2016-08-30 International Business Machines Corporation Suppressing aborting a transaction beyond a threshold execution duration based on the predicted duration
DE112015001256T5 (de) * 2014-03-14 2016-12-29 Fisher-Rosemount Systems, Inc. Verteilte Big Data in einem Prozesssteuerungssystem
US9639368B2 (en) * 2014-06-13 2017-05-02 International Business Machines Corporation Branch prediction based on correlating events
US9501284B2 (en) * 2014-09-30 2016-11-22 Apple Inc. Mechanism for allowing speculative execution of loads beyond a wait for event instruction
US10140122B2 (en) * 2015-09-23 2018-11-27 Hanan Potash Computer processor with operand/variable-mapped namespace
US9852084B1 (en) * 2016-02-05 2017-12-26 Apple Inc. Access permissions modification
US10642744B2 (en) * 2017-06-28 2020-05-05 Nvidia Corporation Memory type which is cacheable yet inaccessible by speculative instructions
US20190042781A1 (en) * 2017-08-04 2019-02-07 Bitdefender IPR Management Ltd. Secure Storage Device
US10963567B2 (en) * 2017-10-12 2021-03-30 Microsoft Technology Licensing, Llc Speculative side-channel attack mitigations
GB2570110B (en) 2018-01-10 2020-04-15 Advanced Risc Mach Ltd Speculative cache storage region
DK3738058T3 (da) * 2018-01-12 2023-02-20 Virsec Systems Inc Forsvar mod spekulativ eksekveringsudnyttelse
US20200159624A1 (en) * 2018-04-25 2020-05-21 Cloud Daddy, Inc. System, Method and Process for Protecting Data Backup from Cyberattack
US11899786B2 (en) * 2019-04-15 2024-02-13 Crowdstrike, Inc. Detecting security-violation-associated event data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104335164A (zh) * 2012-06-15 2015-02-04 国际商业机器公司 事务中止处理

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks;Peinan Li .etc;《2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)》;20190216;第264-276页 *
Peinan Li .etc.Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks.《2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)》.2019,1-13. *
Speculative prefecthing;Y .Jegou .etc;《Proceedings of the 7th international conference on supercomputing》;19930801;57-66 *

Also Published As

Publication number Publication date
US20210081530A1 (en) 2021-03-18
WO2021052860A1 (en) 2021-03-25
CN114365099A (zh) 2022-04-15
JP2022548083A (ja) 2022-11-16
JP7438337B2 (ja) 2024-02-26
EP4031998A1 (en) 2022-07-27
US11403394B2 (en) 2022-08-02
EP4031998B1 (en) 2025-12-17

Similar Documents

Publication Publication Date Title
CN114365099B (zh) 防止计算环境中的历史模式不一致的推测性访问
US11194913B2 (en) Unsecure to secure transition of mutable core root of trust
KR102551935B1 (ko) 보안 운영 체제 이미지의 점진적 복호화 및 무결성 검증
US11475167B2 (en) Reserving one or more security modules for a secure guest
US11048635B2 (en) Controlling a rate of prefetching based on bus bandwidth
JP2024528834A (ja) メタデータを介した、機密データのセキュアなゲストへの提供
US12411719B2 (en) Deferred reclaiming of secure guest resources
JP2024522818A (ja) ローカルバッファを含む暗号化データ処理設計
US11841961B2 (en) Management of computing secrets
US11520866B2 (en) Controlling processor instruction execution
US11822922B2 (en) Miss-driven instruction prefetching
HK40057636B (zh) 安全操作系统影像的增量解密和完整性验证
HK40057636A (en) Incremental decryption and integrity verification of a secure operating system image

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant