EP1576554A2 - Procede de securisation des systemes informatiques par confinement logiciel - Google Patents
Procede de securisation des systemes informatiques par confinement logicielInfo
- Publication number
- EP1576554A2 EP1576554A2 EP03813940A EP03813940A EP1576554A2 EP 1576554 A2 EP1576554 A2 EP 1576554A2 EP 03813940 A EP03813940 A EP 03813940A EP 03813940 A EP03813940 A EP 03813940A EP 1576554 A2 EP1576554 A2 EP 1576554A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- memory
- memory manager
- owner
- key
- allocation unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
Definitions
- the present invention relates to securing computer systems by logical confinement of data.
- the present invention therefore more particularly aims to overcome these drawbacks.
- the method for securing a computer system by logical confinement of data comprises the separation of said data by owner and their encryption with a dedicated key; this process of separation and encryption is carried out using a procedure comprising the following steps:
- a memory allocation carried out by a memory manager at the request of another component of the operating system which transmits to the memory manager the identity of the requester.
- This requester will become the owner of the allocated memory.
- the transmission of the identity of the requester can be done either by managing a current context, or by passing parameters to the functions of the memory manager; a control by the aforementioned memory manager of all the memory allocation units, each being associated with a possessor of the memory allocation unit.
- Each memory allocation unit can have only one and only one owner; nevertheless several memory allocation units can have the same owner; - an encryption of the data of each owner using a key associated with this owner;
- This secret can typically be supplied to the memory manager by the operating system when the owner is introduced into the system or each time a memory allocation unit is accessed;
- This key can for example be derived from a secret associated with the owner and a so-called "master" key to which only the memory manager has access;
- this attempt can be triggered via the memory manager: in this case, the check carried out by the memory manager automatically leads to the rejection of the request;
- this attempt can be unlawfully triggered, without going through the memory manager, by direct access to the physical memory, in the event that the checks carried out by the hardware are not sufficient to rule out this possibility: the third party may then perform a read, but, not having the decryption key, it will obtain unusable data.
- the method according to the invention does not depend on whether the memory allocation unit is a logical page of fixed size or a block of variable size.
- the process will be refined as follows: when the memory manager receives a request for allocation of a block on behalf of a possessor, it searches for first a page with the same owner; thus, all blocks allocated by a memory allocation unit owner are grouped in one or more dedicated pages.
- the method according to the invention can be improved in several ways (not exclusive):
- the memory manager can associate a key with each possessor and memory allocation unit set. This improvement has two advantages: on the one hand, it reduces the probabilities of discovery of the keys used (in the event of a cryptographic attack) since each key will be used less often; on the other hand, it reduces the risks in case of discovery of a key since only the associated memory allocation unit will be endangered.
- the memory manager can also integrate into each memory unit a zone allowing its integrity to be verified, for example from a simple signed "checksum" or a cryptographic algorithm.
- the data contained in this zone is updated by the memory manager on each write access to the unit. It can be used by the memory manager for verification purposes, either systematically each time the unit is accessed, or periodically. The verification consists simply, before the requested access, of recalculating the integrity data from the content of the unit (data in clear) and comparing it with the data contained in the integrity zone. An untimely or illicit modification of the contents of the unit can then be detected, which will strengthen the security of data management.
- MMU physical protection mechanism
- applications can be grouped into several major categories (possibly, and not limited to, depending on the level of trust that can be placed in them, the first natural distinction being between user applications and operating system applications ), each category being protected from the others by the physical mechanism and the applications being protected from each other by the software confinement method according to the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Microelectronics & Electronic Packaging (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0216933 | 2002-12-24 | ||
FR0216933A FR2849233B1 (fr) | 2002-12-24 | 2002-12-24 | Procede de securisation des systemes informatiques par confinement logiciel |
PCT/FR2003/003904 WO2004059493A2 (fr) | 2002-12-24 | 2003-12-23 | Procede de securisation des systemes informatiques par confinement logiciel |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1576554A2 true EP1576554A2 (fr) | 2005-09-21 |
Family
ID=32406556
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03813940A Withdrawn EP1576554A2 (fr) | 2002-12-24 | 2003-12-23 | Procede de securisation des systemes informatiques par confinement logiciel |
Country Status (6)
Country | Link |
---|---|
US (1) | US20060059374A1 (zh) |
EP (1) | EP1576554A2 (zh) |
CN (1) | CN100378764C (zh) |
AU (1) | AU2003303410A1 (zh) |
FR (1) | FR2849233B1 (zh) |
WO (1) | WO2004059493A2 (zh) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2423849A (en) * | 2004-01-15 | 2006-09-06 | Matsushita Electric Ind Co Ltd | Information-processing method and apparatus |
DE102005027709A1 (de) | 2005-06-15 | 2006-12-21 | Giesecke & Devrient Gmbh | Verfahren zum Betreiben eines tragbaren Datenträgers |
US20070226795A1 (en) * | 2006-02-09 | 2007-09-27 | Texas Instruments Incorporated | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture |
WO2008084154A2 (fr) * | 2006-12-19 | 2008-07-17 | France Telecom | Traitement de donnee relative a un service numerique |
EP2342641A1 (fr) * | 2008-09-22 | 2011-07-13 | France Telecom | Procède d'allocation de mémoire et procède de gestion de données associe a une application enregistrée dans un module de sécurité associe a un terminal, module de sécurité et terminal associes |
US8555015B2 (en) | 2008-10-23 | 2013-10-08 | Maxim Integrated Products, Inc. | Multi-layer content protecting microcontroller |
US9465755B2 (en) | 2011-07-18 | 2016-10-11 | Hewlett Packard Enterprise Development Lp | Security parameter zeroization |
CN107368754A (zh) * | 2017-06-16 | 2017-11-21 | 天津青创科技有限公司 | 一种保护计算机系统安全的方法 |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5249294A (en) * | 1990-03-20 | 1993-09-28 | General Instrument Corporation | Determination of time of execution of predetermined data processing routing in relation to occurrence of prior externally observable event |
GB9112644D0 (en) * | 1991-06-12 | 1991-07-31 | Int Computers Ltd | Data processing system with cryptographic facility |
US5249231A (en) * | 1992-05-04 | 1993-09-28 | Motorola, Inc. | Memory tagging for object reuse protection |
US5745570A (en) * | 1996-04-15 | 1998-04-28 | International Business Machines Corporation | Object-oriented programming environment that provides object encapsulation via encryption |
US5784459A (en) * | 1996-08-15 | 1998-07-21 | International Business Machines Corporation | Method and apparatus for secure, remote swapping of memory resident active entities |
US5825878A (en) * | 1996-09-20 | 1998-10-20 | Vlsi Technology, Inc. | Secure memory management unit for microprocessor |
US5757919A (en) * | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
US6014745A (en) * | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US7587044B2 (en) * | 1998-01-02 | 2009-09-08 | Cryptography Research, Inc. | Differential power analysis method and apparatus |
US7092523B2 (en) * | 1999-01-11 | 2006-08-15 | Certicom Corp. | Method and apparatus for minimizing differential power attacks on processors |
WO2001077920A1 (fr) * | 2000-04-06 | 2001-10-18 | Sony Corporation | Procede de division de zone de stockage pour dispositif portable |
GB0027280D0 (en) * | 2000-11-08 | 2000-12-27 | Malcolm Peter | An information management system |
JP4074057B2 (ja) * | 2000-12-28 | 2008-04-09 | 株式会社東芝 | 耐タンパプロセッサにおける暗号化データ領域のプロセス間共有方法 |
US20020129274A1 (en) * | 2001-03-08 | 2002-09-12 | International Business Machines Corporation | Inter-partition message passing method, system and program product for a security server in a partitioned processing environment |
JP2002297478A (ja) * | 2001-03-29 | 2002-10-11 | Toshiba Corp | マルチメディアデータ中継システム、マルチメディアデータ中継装置及びマルチメディアデータ中継方法 |
US7428636B1 (en) * | 2001-04-26 | 2008-09-23 | Vmware, Inc. | Selective encryption system and method for I/O operations |
WO2002097746A1 (de) * | 2001-06-01 | 2002-12-05 | Anton Gunzinger | System und verfahren zur übertragung von information, informationsträger |
US7073059B2 (en) * | 2001-06-08 | 2006-07-04 | Hewlett-Packard Development Company, L.P. | Secure machine platform that interfaces to operating systems and customized control programs |
US7353281B2 (en) * | 2001-08-06 | 2008-04-01 | Micron Technology, Inc. | Method and system for providing access to computer resources |
GB0123417D0 (en) * | 2001-09-28 | 2001-11-21 | Memquest Ltd | Improved data processing |
US7194633B2 (en) * | 2001-11-14 | 2007-03-20 | International Business Machines Corporation | Device and method with reduced information leakage |
FR2832824A1 (fr) * | 2001-11-28 | 2003-05-30 | St Microelectronics Sa | Blocage du fonctionnement d'un circuit integre |
US8135962B2 (en) * | 2002-03-27 | 2012-03-13 | Globalfoundries Inc. | System and method providing region-granular, hardware-controlled memory encryption |
KR100619657B1 (ko) * | 2002-06-05 | 2006-09-08 | 후지쯔 가부시끼가이샤 | 메모리 관리 유닛, 코드 검증 장치 및 코드 복호 장치 |
US9158467B2 (en) * | 2006-02-21 | 2015-10-13 | Spectra Logic Corporation | Optional data encryption by partition for a partitionable data storage library |
-
2002
- 2002-12-24 FR FR0216933A patent/FR2849233B1/fr not_active Expired - Fee Related
-
2003
- 2003-12-23 US US10/540,325 patent/US20060059374A1/en not_active Abandoned
- 2003-12-23 EP EP03813940A patent/EP1576554A2/fr not_active Withdrawn
- 2003-12-23 AU AU2003303410A patent/AU2003303410A1/en not_active Abandoned
- 2003-12-23 CN CNB2003801074905A patent/CN100378764C/zh not_active Expired - Lifetime
- 2003-12-23 WO PCT/FR2003/003904 patent/WO2004059493A2/fr not_active Application Discontinuation
Non-Patent Citations (2)
Title |
---|
GILMONT T; LEGAT J-D; QUISQUATER J-J: "An architecture of security management unit for safe hosting of multiple agents", PROCEEDINGS OF THE SPIE, 1999, BELLINGHAM, VA, US, pages 472 - 483, XP002284378 * |
GILMONT T; LEGAT J-D; QUISQUATER J-J: "Enhancing security in the memory management unit", EUROMICRO CONFERENCE, 1999. PROCEEDINGS., 8 September 1999 (1999-09-08) - 10 September 1999 (1999-09-10), LOS ALAMITOS, CA, USA, XP010352217 * |
Also Published As
Publication number | Publication date |
---|---|
WO2004059493A3 (fr) | 2004-12-16 |
FR2849233B1 (fr) | 2005-05-20 |
AU2003303410A1 (en) | 2004-07-22 |
FR2849233A1 (fr) | 2004-06-25 |
US20060059374A1 (en) | 2006-03-16 |
CN100378764C (zh) | 2008-04-02 |
WO2004059493A2 (fr) | 2004-07-15 |
AU2003303410A8 (en) | 2004-07-22 |
CN1732483A (zh) | 2006-02-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20060282681A1 (en) | Cryptographic configuration control | |
EP2284758A3 (en) | Versatile content control with partitioning | |
CN105706066A (zh) | 存储器完整性 | |
CN1203394A (zh) | 在安全存储区中保护应用程序数据的方法和装置 | |
EP0540095A1 (fr) | Microcircuit pour carte à puce à mémoire programmable protégée | |
CN101079882A (zh) | 基于态势的数据保护 | |
EP0743602A1 (en) | Integrated circuit device with function usage control | |
FR2542471A1 (fr) | Procede et appareil pour assurer la securite de l'acces a des fichiers | |
US8886943B2 (en) | Authentication of a vehicle-external device | |
WO2004059493A2 (fr) | Procede de securisation des systemes informatiques par confinement logiciel | |
US20040187035A1 (en) | Control unit | |
US20080022412A1 (en) | System and method for TPM key security based on use count | |
WO2001004728A1 (fr) | Dispositif d'interfaçage entre un port parallele d'un ordinateur et au moins un peripherique comportant une interface pour carte a puce | |
EP3586258A1 (fr) | Système d'authentification à clé segmentée | |
EP1916631B1 (fr) | Procédé de lutte contre le vol de billets, billet, dispositif d'inactivation et dispositif d'activation correspondants | |
US9076007B2 (en) | Portable data support with watermark function | |
EP1337981A1 (fr) | Procede de chargement et de personnalisation des informations et programmes charges dans une carte a puce | |
EP0791877B1 (fr) | Dispositif électronique délivrant une référence temporelle sûre pour la protection d'un logiciel | |
EP1609326B1 (fr) | Procede de protection d'un terminal de telecommunication de type telephone mobile | |
CA1243738A (fr) | Procede et systeme pour chiffrer et dechiffrer des informations transmises entre un dispositif emetteur et un dispositif recepteur | |
US20220374545A1 (en) | Identity and license verification system for working with highly sensitive data | |
WO2003065181A1 (fr) | Procede de controle de l'exploitation de contenus numeriques par un module de securite ou une carte a puce comprenant ledit module | |
EP1850259A2 (fr) | Dispositif de protection des données et codes exécutables d'un système informatique | |
Nagpure et al. | Data Leakage Agent Detection in Cloud Computing | |
WO2008068137A1 (fr) | Systeme de protection des donnees en memoire |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050613 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20061020 |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: MESNIL, CEDRIC Inventor name: LE METAYER, DANIEL Inventor name: HAMEAU, PATRICE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20091020 |