GB2594905B - Secure paging with page change detection - Google Patents

Secure paging with page change detection Download PDF

Info

Publication number
GB2594905B
GB2594905B GB2113007.5A GB202113007A GB2594905B GB 2594905 B GB2594905 B GB 2594905B GB 202113007 A GB202113007 A GB 202113007A GB 2594905 B GB2594905 B GB 2594905B
Authority
GB
United Kingdom
Prior art keywords
change detection
page change
secure paging
paging
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB2113007.5A
Other languages
English (en)
Other versions
GB2594905A (en
GB202113007D0 (en
Inventor
David Bradbury Jonathan
Borntraeger Christian
Carstens Heiko
Schwidefsky Martin
Theodor Buendgen Reinhard
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB202113007D0 publication Critical patent/GB202113007D0/en
Publication of GB2594905A publication Critical patent/GB2594905A/en
Application granted granted Critical
Publication of GB2594905B publication Critical patent/GB2594905B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/151Emulated environment, e.g. virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
GB2113007.5A 2019-03-08 2020-03-06 Secure paging with page change detection Active GB2594905B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/296,303 US11206128B2 (en) 2019-03-08 2019-03-08 Secure paging with page change detection
PCT/IB2020/051941 WO2020183308A1 (en) 2019-03-08 2020-03-06 Secure paging with page change detection

Publications (3)

Publication Number Publication Date
GB202113007D0 GB202113007D0 (en) 2021-10-27
GB2594905A GB2594905A (en) 2021-11-10
GB2594905B true GB2594905B (en) 2022-04-20

Family

ID=72335881

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2113007.5A Active GB2594905B (en) 2019-03-08 2020-03-06 Secure paging with page change detection

Country Status (6)

Country Link
US (1) US11206128B2 (https=)
JP (1) JP7410161B2 (https=)
CN (1) CN113544652B (https=)
DE (1) DE112020000286B4 (https=)
GB (1) GB2594905B (https=)
WO (1) WO2020183308A1 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11308215B2 (en) * 2019-03-08 2022-04-19 International Business Machines Corporation Secure interface control high-level instruction interception for interruption enablement
US11347529B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
US11347869B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11971993B2 (en) * 2021-06-01 2024-04-30 Microsoft Technology Licensing, Llc Firmware-based secure tenancy transfer
US20230188324A1 (en) * 2021-12-09 2023-06-15 Sap Se Initialization vector handling under group-level encryption
US12487759B1 (en) * 2022-03-31 2025-12-02 Amazon Technologies, Inc. Secure monitors for memory page protection
US12436790B2 (en) * 2022-04-22 2025-10-07 Red Hat, Inc. Scalable asynchronous communication for encrypted virtual machines
US12443429B2 (en) * 2022-08-30 2025-10-14 Red Hat, Inc. Memory deduplication for encrypted virtual machines

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080077767A1 (en) * 2006-09-27 2008-03-27 Khosravi Hormuzd M Method and apparatus for secure page swapping in virtual memory systems
US20130136125A1 (en) * 2011-11-29 2013-05-30 Wyse Technology Inc. Bandwidth optimization for remote desktop protocol
CN103583013A (zh) * 2011-06-02 2014-02-12 三菱电机株式会社 密钥信息生成装置以及密钥信息生成方法
WO2017211651A1 (en) * 2016-06-08 2017-12-14 Thomson Licensing Devices and methods for core dump deduplication

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5343527A (en) 1993-10-27 1994-08-30 International Business Machines Corporation Hybrid encryption method and system for protecting reusable software components
US5757919A (en) * 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
US6021201A (en) 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US6983365B1 (en) 2000-05-05 2006-01-03 Microsoft Corporation Encryption systems and methods for identifying and coalescing identical objects encrypted with different keys
US6996748B2 (en) 2002-06-29 2006-02-07 Intel Corporation Handling faults associated with operation of guest software in the virtual-machine architecture
WO2005036367A2 (en) 2003-10-08 2005-04-21 Unisys Corporation Virtual data center that allocates and manages system resources across multiple nodes
EP1870814B1 (en) 2006-06-19 2014-08-13 Texas Instruments France Method and apparatus for secure demand paging for processor devices
US7653819B2 (en) 2004-10-01 2010-01-26 Lenovo Singapore Pte Ltd. Scalable paging of platform configuration registers
US20070106986A1 (en) * 2005-10-25 2007-05-10 Worley William S Jr Secure virtual-machine monitor
US7886363B2 (en) 2006-05-24 2011-02-08 Noam Camiel System and method for virtual memory and securing memory in programming languages
EP1870813B1 (en) 2006-06-19 2013-01-30 Texas Instruments France Page processing circuits, devices, methods and systems for secure demand paging and other operations
US8261265B2 (en) 2007-10-30 2012-09-04 Vmware, Inc. Transparent VMM-assisted user-mode execution control transfer
GB2460393B (en) 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8738932B2 (en) 2009-01-16 2014-05-27 Teleputers, Llc System and method for processor-based security
US8833437B2 (en) 2009-05-06 2014-09-16 Holtec International, Inc. Heat exchanger apparatus for converting a shell-side liquid into a vapor
US8904190B2 (en) 2010-10-20 2014-12-02 Advanced Micro Devices, Inc. Method and apparatus including architecture for protecting sensitive code and data
US20120185699A1 (en) * 2011-01-14 2012-07-19 International Business Machines Corporation Space-efficient encryption with multi-block binding
JP5316592B2 (ja) 2011-06-09 2013-10-16 富士通セミコンダクター株式会社 セキュアプロセッサ用プログラム
KR101323858B1 (ko) 2011-06-22 2013-11-21 한국과학기술원 가상화 시스템에서 메모리 접근을 제어하는 장치 및 방법
EP4036721B1 (en) 2012-06-26 2025-03-26 Lynx Software Technologies Inc. Systems and methods involving features of hardware virtualization such as separation kernel hypervisors, hypervisors, hypervisor guest context, hypervisor context, rootkit detection prevention and further features
US8910238B2 (en) 2012-11-13 2014-12-09 Bitdefender IPR Management Ltd. Hypervisor-based enterprise endpoint protection
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
US8931108B2 (en) 2013-02-18 2015-01-06 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US9792448B2 (en) 2014-02-28 2017-10-17 Advanced Micro Devices, Inc. Cryptographic protection of information in a processing system
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9390267B2 (en) 2014-05-15 2016-07-12 Lynx Software Technologies, Inc. Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features
US9251090B1 (en) 2014-06-03 2016-02-02 Amazon Technologies, Inc. Hypervisor assisted virtual memory obfuscation
US9454497B2 (en) 2014-08-15 2016-09-27 Intel Corporation Technologies for secure inter-virtual-machine shared memory communication
US9672354B2 (en) 2014-08-18 2017-06-06 Bitdefender IPR Management Ltd. Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine
US9305661B2 (en) 2014-09-03 2016-04-05 Microsemi Storage Solutions (U.S.), Inc. Nonvolatile memory system that uses programming time to reduce bit errors
CN105512559B (zh) 2014-10-17 2019-09-17 阿里巴巴集团控股有限公司 一种用于提供访问页面的方法与设备
WO2016097954A1 (en) 2014-12-15 2016-06-23 International Business Machines Corporation System and method for supporting secure objects using memory access control monitor
US10599458B2 (en) 2015-01-23 2020-03-24 Unisys Corporation Fabric computing system having an embedded software defined network
US10157146B2 (en) 2015-02-12 2018-12-18 Red Hat Israel, Ltd. Local access DMA with shared memory pool
US9842065B2 (en) 2015-06-15 2017-12-12 Intel Corporation Virtualization-based platform protection technology
US9720721B2 (en) 2015-07-01 2017-08-01 International Business Machines Corporation Protected guests in a hypervisor controlled system
US9942035B2 (en) 2015-08-18 2018-04-10 Intel Corporation Platform migration of secure enclaves
US10742603B2 (en) 2015-08-26 2020-08-11 B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University System and method for monitoring and protecting an untrusted operating system by means of a trusted operating system
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
US10116630B2 (en) 2016-04-04 2018-10-30 Bitdefender IPR Management Ltd. Systems and methods for decrypting network traffic in a virtualized environment
US10210323B2 (en) * 2016-05-06 2019-02-19 The Boeing Company Information assurance system for secure program execution
US10237245B2 (en) 2016-07-15 2019-03-19 International Business Machines Corporation Restricting guest instances in a shared environment
US10303899B2 (en) * 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US10176122B2 (en) 2016-10-19 2019-01-08 Advanced Micro Devices, Inc. Direct memory access authorization in a processing system
US10169577B1 (en) 2017-03-28 2019-01-01 Symantec Corporation Systems and methods for detecting modification attacks on shared physical memory
KR102257320B1 (ko) 2017-03-29 2021-05-27 어드밴스드 마이크로 디바이시즈, 인코포레이티드 하이퍼바이저 및 가상 머신 간 메모리 페이지 이행의 모니터링
US20180341529A1 (en) 2017-05-26 2018-11-29 Microsoft Technology Licensing, Llc Hypervisor-based secure container
US10693844B2 (en) 2017-08-24 2020-06-23 Red Hat, Inc. Efficient migration for encrypted virtual machines by active page copying
US11347869B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11403409B2 (en) 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080077767A1 (en) * 2006-09-27 2008-03-27 Khosravi Hormuzd M Method and apparatus for secure page swapping in virtual memory systems
CN103583013A (zh) * 2011-06-02 2014-02-12 三菱电机株式会社 密钥信息生成装置以及密钥信息生成方法
US20130136125A1 (en) * 2011-11-29 2013-05-30 Wyse Technology Inc. Bandwidth optimization for remote desktop protocol
WO2017211651A1 (en) * 2016-06-08 2017-12-14 Thomson Licensing Devices and methods for core dump deduplication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SUH, G. Edward. "Efficient Memory Integrity Verification and Encryption for Secure Processors" "Proceedings. 36th Annual IEEE/CAM International Symposium on Microarchitecture, 2003, MICRO-36", 05 December 2003 the whole document *

Also Published As

Publication number Publication date
CN113544652B (zh) 2025-06-20
DE112020000286T5 (de) 2021-09-09
DE112020000286B4 (de) 2024-07-25
WO2020183308A1 (en) 2020-09-17
US20200287709A1 (en) 2020-09-10
GB2594905A (en) 2021-11-10
JP2022522664A (ja) 2022-04-20
JP7410161B2 (ja) 2024-01-09
CN113544652A (zh) 2021-10-22
US11206128B2 (en) 2021-12-21
GB202113007D0 (en) 2021-10-27

Similar Documents

Publication Publication Date Title
GB2594905B (en) Secure paging with page change detection
IL282594A (en) Bcl xl inhibitory compounds with low cell permeability and antibody-drug conjugates comprising the same
GB201917183D0 (en) Battery swelling detection
SG11202010447VA (en) Paging design with short message indicator
GB202018989D0 (en) Malware detection
GB201801029D0 (en) Detecting vehicles in low light conditions
GB2568513B (en) Paging systems
ES3062537T3 (en) State detection
GB2579677B (en) Load detection
GB201805013D0 (en) Wrong-way vehicle detection
GB2575052B (en) Phishing detection
GB201715014D0 (en) Particulate matter detection
DK2969721T3 (da) Støttesystem og cykel udrustet med støttesystemet
IL251156B (en) Identification of disability with environmental considerations
GB2575831B (en) Projectile detection
GB201802283D0 (en) Vehicle with water detection
PL3685671T3 (pl) Wykrywanie klipsa
EP3218934A4 (en) Large scale, low cost nanosensor, nano-needle, and nanopump arrays
SG11202008128UA (en) Detection system
GB201707743D0 (en) Three dimensional structure with sensor capability
ES1161733Y (es) Soporte de impresión con lectura facilitada
GB201818633D0 (en) Nox slip detection
GB2568553B (en) Activity detection
GB2557974B (en) Lamp with improved UV output sensing
GB2555448B (en) Fuel filter with water sensor, and sensor therefor