HK1069450B - An apparatus and method for accessing memory - Google Patents

An apparatus and method for accessing memory Download PDF

Info

Publication number
HK1069450B
HK1069450B HK05101793.2A HK05101793A HK1069450B HK 1069450 B HK1069450 B HK 1069450B HK 05101793 A HK05101793 A HK 05101793A HK 1069450 B HK1069450 B HK 1069450B
Authority
HK
Hong Kong
Prior art keywords
memory
cache
privacy indicator
superset
nodma
Prior art date
Application number
HK05101793.2A
Other languages
Chinese (zh)
Other versions
HK1069450A1 (en
Inventor
罗伯特.J.沙弗拉内克
德伯德拉.达斯.夏尔玛
Original Assignee
英特尔公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/404,881 external-priority patent/US7296127B2/en
Application filed by 英特尔公司 filed Critical 英特尔公司
Publication of HK1069450A1 publication Critical patent/HK1069450A1/en
Publication of HK1069450B publication Critical patent/HK1069450B/en

Links

Description

Apparatus and method for accessing memory
Technical Field
The present invention relates generally to security devices for protecting sensitive data from improper access by I/O devices. More particularly, the present invention relates to a cache for a NoDMA table that tracks memory segments containing sensitive data.
Background
More and more financial and personal transactions are being conducted on computing devices. However, the continuing growth in the number of these financial transactions has also brought about more attacks on the computer systems supporting these transactions and has resulted in a corresponding need for Security Enhancement (SE) environments to prevent unauthorized access to or loss of sensitive data. Loss of sensitive data or unauthorized access (e.g., social security numbers, account numbers, financial data, account balances, passwords, authorization keys, etc.) results in the loss of privacy, the theft of private financial data, and similar pernicious activities.
One technique that has been attempted for accessing protected data is to use memory access requests from the peripheral through a Direct Memory Access (DMA) controller. The DMA controller allows peripheral devices, such as network cards, to read and write to the system memory with minimal use of the central processing unit. Using memory access requests from I/O devices may circumvent security measures provided by the operating system. This may be accomplished by requesting memory access to a section of memory that contains sensitive information outside of the section of system memory allocated for use by the peripheral.
Disclosure of Invention
According to a first aspect of the present invention, there is provided an apparatus comprising a Content Addressable Memory (CAM), a first storage device and a second storage device; wherein a first storage device is to store a first privacy indicator for a first memory segment, the first privacy indicator indicating whether the first memory segment contains protected information, a second storage device is to store a second privacy indicator for a superset of memory, the superset of memory including the first memory segment, the second privacy indicator indicating whether the superset of memory contains protected information.
According to a second aspect of the present invention, there is provided a method comprising: storing an address of a table entry; storing a first privacy indicator for a first section of memory, wherein the first privacy indicator indicates whether the first section of memory contains protected information; and storing a second privacy indicator for a superset, the superset comprising the first memory segment, wherein the second privacy indicator indicates whether the superset contains protected information.
According to a third aspect of the present invention, there is provided an apparatus comprising a bus, a memory device coupled to the bus, a processor coupled to the bus, a cache coupled to the memory device, and a network interface device coupled to the cache. The cache is to store a first privacy indicator for a first section of the storage device and to store a second privacy indicator for a superset of the first section of the storage device, wherein the first privacy indicator indicates whether the first section contains protected information and the second privacy indicator indicates whether the superset contains protected information.
According to a fourth aspect of the present invention, there is provided an apparatus comprising means for content addressable storage, means for storing a first privacy indicator for a first section of a storage device, the second section being a superset of the first section, and second means for storing a second privacy indicator for a second section of the storage device, the first privacy indicator indicating whether the first section contains protected information and the second privacy indicator indicating whether the superset contains protected information.
Drawings
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements. It should be appreciated that references to "an embodiment" or "one embodiment" in the disclosure are not necessarily to the same embodiment, and such references mean at least one
Examples are given.
FIG. 1 is a block diagram of a computer system including a NoDMA cache;
FIG. 2 is a block diagram of input and output data flow through a chipset implementing NoDMA;
FIG. 3 is a diagram of a NoDMA cache structure;
FIG. 4 is a flow diagram of a NoDMA cache system.
Detailed Description
FIG. 1 illustrates computer system 100 of one embodiment, which computer system 100 includes a chipset ("Northbridge") 117, a set of Central Processing Units (CPUs) 105, and system memory 101. In one embodiment, the set of CPUs 105 is coupled to Northbridge 117 via processor bus 119. In one embodiment, computer system 100 includes multiple processors 105 to support multiprocessing in a server environment. In another embodiment, computer system 100 may include a single CPU. System memory 101 is connected to north bridge 117 via memory bus 121. The system memory 101 includes a non-direct memory access (NoDMA) table 103.
In one embodiment, system memory 101 is a set of random access memory devices, such as Synchronous Dynamic Random Access Memory (SDRAM), double data rate random access memory (DDR RAM), or the like. Memory system 101 may also include registers and similar storage devices. A NoDMA table 103 is stored in system memory 101 that tracks the sections of system memory 101 that contain sensitive data. Sensitive data may include social security numbers, financial account numbers, passwords, and the like.
The NoDMA table 103 data may be used by an Operating System (OS) to restrict access to memory segments containing sensitive data by marking entries in the NoDMA table 103 that correspond to memory segments containing sensitive data and allowing only those programs authorized to access the secure information to access protected portions of the memory 101. In one embodiment, system memory 101 is divided into pages. Pages may vary in size, as determined by the operating system. In one embodiment, the size of a page is 4 kbytes.
In one embodiment, the NoDMA table 103 is structured as a set of consecutive bits, each bit corresponding to a page of the memory 101. If a page contains sensitive data, the operating system will "set" the bit in the NoDMA table 103 corresponding to the page. The base or starting location of the NoDMA table 103 is relocatable in the system memory 101. In one embodiment, the operating system, Basic Input Output System (BIOS), or similar system may relocate the NoDMA table 103, for example, after the system 100 is booted. The NoDMA table 103 is located within the system memory 101 according to a start address stored in a base register. The size of the noddma table 103 is determined according to data stored in a size register (size register). When the NoDMA table 103 is enabled, all accesses by the I/O device must be checked against the table 103.
In one embodiment, the NoDMA table 103 is aligned to start at a page boundary and end at a page boundary. This alignment simplifies the use of the NoDMA table 103. In another embodiment, the NoDMA table 103 may start with any address in the memory 101 that is capable of providing sufficient contiguous space for the table 103. Each bit from the start point to the end point of the NoDMA table 103 indicates access rights to non-CPU accesses to the memory 101 starting from address 0 to every page covering the entire memory address space that needs to be protected. When the north bridge 117 needs to check the access right to a specific address, it can easily determine the access right of the page because the north bridge 117 can obtain the start address of the NoDMA table 103 and the page address of the page to be accessed. In this way, the corresponding NoDMA table 103 entries may be conveniently computed and accessed.
In one embodiment, north bridge 117 controls communication between system memory 101, CPU 105, and I/O devices 115. Northbridge 117 includes a Central Data Buffer (CDB) that handles incoming memory access requests from CPU 105, I/O devices, and source 115. A central control block (CDB interface) 113 controls the initial processing of incoming memory access requests and the final processing of outgoing requests. Memory access requests waiting to be processed by CDB 107 or CDB interface 113 are stored in a queue. The CDB 107 and CDB interface 113 process memory requests from the I/O device 115 and send the requested data from the system memory 101 to the I/O device.
The north bridge 117 includes a set of queues that store incoming and outgoing memory requests (e.g., read and write requests). In one embodiment, the queue is a first-in-first-out queue (FIFO) or a similar queue management mechanism is employed. The north bridge 117 also includes a NoDMA cache 109 that stores the most recently requested NoDMA table entries. The CDB interface 113 maintains and uses the cache 109 prior to accessing the memory 101. The CDB interface 113 also manages incoming and outgoing messages in the respective queues. In one embodiment, the north bridge 117 also includes a set of registers that are functionally related to the NoDMA table 103 and the NoDMA cache 109. These registers include a status register, a base register that indicates the address in memory 101 where the NoDMA table 103 starts, and a size register that indicates the size of the NoDMA table 103 in system memory 101.
In one embodiment, north bridge 117 protects memory 101 from accesses by non-CPU devices. The memory segment containing the protected data cannot be read or written by non-CPU devices. Protected pages are not static and pages can be moved into or out of a protected state. In one embodiment, the north bridge 117 implements the system using the NoDMA table 103 and the NoDMA cache 109. The NoDMA cache 109 facilitates I/O performance. In one embodiment, I/O access to the NoDMA table 103 region of the memory 101 is always denied, even when the NoDMA table 103 is disabled. Any attempt to access this area of system memory 101 will cause an error, which is noted by the north bridge 117 chipset and the system reboots.
The I/O source 115 may be a communications control device ("south bridge") that controls communications between peripheral devices (e.g., storage drives, modems, network cards, and the like) and other peripheral devices or the north bridge 117. The south bridge 115 or the north bridge 117 may have a plurality of I/O units that can be configured as ports of different widths. The I/O units are capable of supporting communication protocols including PCI-Express, Hublink (HL), Peripheral Component Interconnect (PCI), and similar systems. A separate nocdma cache 109 may be dedicated to each I/O unit or a subset of all units to improve the performance of the nocdma check. In another embodiment, the I/O source 115 may be a set of peripherals directly connected to the Northbridge 117.
FIG. 2 is a block diagram of the Northbridge 117. The illustrated architecture of the figure supports memory access requests from peripherals 217 to system memory 101 and the return of requested or outgoing data. Network or peripheral devices 217 communicate with inbound processor or logic 209 and outbound processor or logic 211 of I/O unit 250 through physical layer 215 and link layer 213. The inbound processor 209 receives memory access requests and messages from the link layer 213 and places these messages in the inbound queue 201. In one embodiment, the inbound queue 201 and the outbound queue 203 are each comprised of several queues, each of which controls a particular type of message or request or a defined set of requests or message types. Inbound queue control 207 manages the movement of data through queue 201, queue 201 being read by CDB interface 113. The CDB interface 113 processes the memory access request and may generate a response message that is sent to the outbound queue 203 (e.g., when processing a read operation). The flow of data through outbound queue 203 is controlled by outbound queue controller 205.
In one embodiment, there are multiple inbound and outbound queues 201 and 203 depending on the type of message or memory access used by PCI-Express, HL, PCI or other similar systems. Outbound processor 211 sends response data to peripherals 217 through link layer 213 and physical layer 215. In one embodiment, the outbound logic 211 and inbound processor 209 control data transfers from an I/O communications bus running at a different speed than the Northbridge 117.
In one embodiment, the CDB interface 113 and CDB 107 perform speculative prefetching of requested memory by anticipating in the inbound queue 201. The CDB interface 113 is responsible for making requests to the CDB and servicing those requests. The CDB interface 113 enforces access rights to system memory 101, tracks outstanding requests to CDB 107, services outstanding DMA read requests, performs DMA writes, tracks inbound completion, interrupts, and the like.
The CDB interface 113 verifies the access rights of the memory access from the I/O device to ensure the security of the system. If the I/O device attempts to access an area of memory where it does not have access rights, the CDB interface 113 denies the requested access. For memory reads and any access that needs to be completed, it sends a master abort (master-abort) response indicating to the requestor that the access is invalid. For memory writes and other transactions that do not require a response, the writes are discarded by the control logic of the CDB interface 113. In either case, the security violation is recorded by the Northbridge 117.
CDB 107 interacts with CDB interface 113, memory bus interface 231, CPU bus interface 227, and other interfaces 229 to route and forward data between input-output unit 250, processor bus 119, and memory bus 121. In one embodiment, CDB 107 also controls inputs and outputs to a system management bus (SMbus), Joint Test Action Group (JTAG)225, or similar interface.
In one embodiment, the north bridge 117 checks the NoDMA cache 109 and the NoDMA table 103 when SMBus, JTAG, and similar interface accesses are received. These interfaces allow system administrators or service personnel to monitor and diagnose the system. Memory accesses from SMBus, JTAG or similar interfaces are handled similarly to peripheral memory accesses. Memory accesses from SMBus, JTAG, or similar interfaces are checked against the NoDMA table 103 and the NoDMA cache 109. This prevents even a system administrator or service person from accessing pages with confidential information, bypassing the page protection mechanism of the OS. In another embodiment, the north bridge 117 may be configured such that SMBus, JTAG, and similar interface accesses are not checked against NoDMA tables, or such that security level settings may be adjusted to enable or disable NoDAM checks on these interfaces.
Fig. 3 is a diagram of the structure of the noddma table cache 109. In one embodiment, the cache 109 reduces bandwidth loss due to accessing the NoDMA table 103 in the system memory 101. The NoDMA table 103 and cache 109 eliminate the need for memory mapped blocks to track private pages. In one embodiment, memory accesses in computer system 100 are optimized according to system cache line size. The system cache is a general purpose cache (general cache) for memory accesses to system memory. In one embodiment, the cache line size is 512 bits.
In one embodiment, the NoDMA cache 109 comprises a Content Addressable Memory (CAM) structure 301 and a secure storage information structure 302. The CAM structure 301 stores information in "rows". Each row corresponds to an entry in the NoDMA table 103 stored in the system memory 101. In one embodiment, the CAM structure 301 stores or inherently includes an index 303. The index is used to identify and replace cache lines in conjunction with a cache replacement mechanism. In one embodiment, the CAM structure 301 does not explicitly store the index 303 because logic in hardware knows which entry corresponds to the index.
The CAM structure 301 is addressed by an address stored in the address identification storage field 305. The "valid" storage bit field 307 indicates whether the entry for the row is valid. If a page corresponding to a cache line is written to or changed, the valid bit will be cleared because the contents of the page are no longer known and therefore it is not known whether protected information is stored in the page.
In one embodiment, CAM structure 301 also stores cache management information, such as least recently used bits 309 (LRU). This field 309 of CAM301 is used to track the relative time of entries so that earlier or less frequently used entries can be replaced with more recent or more frequently used entries. Any cache management and replacement mechanism may be used for the NoDMA cache 109. The secret information storage device 302 stores two separate secret indicators for each entry in the NoDMA table 103. The page privacy field 311 indicates whether the page of memory 101 contains protected information. The privacy indicator of a page may be a bit or set of bits encoding the state (e.g., containing protected information) of the page corresponding to the NoDMA table address in the same line of cache 109.
A super page (superpage) privacy field 313 indicates whether the set of pages to which the page addressed by the entry belongs includes protected information. In one embodiment, a superpage is a set of contiguous pages. The size of the superpage may be set by the operating system, BIOS, or similar software. In one embodiment, there are 512 pages in each superpage. In one embodiment, the bits of the NoDMA table 103 are grouped into superpages corresponding to the size of the system cache line and the size of the memory access. The super page privacy indicator 313 may be a single bit or a set of bits. In one embodiment, superpages are computed when new entries are added to the NoDMA cache 109. Along with the bits corresponding to the particular page of the new entry into cache 109, all bits corresponding to the superpage are retrieved. These bits are logically ORed to determine the value of a single superpage bit. In one embodiment, a superpage is represented by a plurality of bits. The superpage may be computed using a logical OR to determine each subsection of the superpage corresponding to each bit. For example, 512 consecutive pages may be represented by four superpage bits in the NoDMA cache 109, one for each 128-page set. The size of the superpage may be adjusted to correspond to the size of the access. A single superpage or multiple superpages may correspond to the size of the cache line access. In one embodiment, the size of a group of pages is equal to the intrinsic access size of the memory controller.
In one embodiment, the address identifier 305 of the CAM consists of two parts: superpages and page offsets in superpages. When an access is received by I/O unit 250, the incoming address passes through the CAM structure. If the valid bit is set, each row compares the incoming address to the address identification 305. There are three possible outcomes for each row. First, the superpage and page offsets both match (and are set valid), second, only the superpage offset matches the incoming address (and is set valid), and third, neither match or the valid bit is set. At most one row will have a first result. In this case, the corresponding page privacy indicator 311 is used to indicate the access rights of the incoming address of the memory access request. If the incoming address cannot match the super page of the address identification 305 and the page offset, then the cache line with the super page offset match is used. If the superpage privacy indicator 313 indicates that no secrets are present in any page belonging to the superpage, then access rights are granted. No further look-up of the NoDMA table 103 is required. However, if the superpage privacy indicator 313 indicates that at least one of the superpages has secrets, then the Northbridge 117 accesses the NoDMA table 103 to determine whether the requested memory access page contains secrets. It is possible that multiple entries in cache 109 will have matching superpage address identifications 305. In this case, any line of superpage match can be used. If no line in the cache 109 has a matching superpage address, then the NoDMA table 103 needs to be accessed.
In one embodiment, the use of the NoDMA table 103 allows the computer system 100 to be expanded for large system memories 101 (e.g., greater than 4GB) and dynamically adjust memory size (e.g., if the memory is a powered plug-in system). Support for dynamically resizing memory and use of superpages and pages allows for varying levels of granularity in checking memory accesses without requiring a system reboot. A superpage may be comprised of multiple bits to control the level of granularity of the extent size represented by the superpage. The additional bits allow the superpage to represent a smaller section of memory for more accurately indicating the location of the protected information. The superpage, which is represented with fewer bits, reduces the complexity of the NoDMA cache system, particularly the generation of superpage indicators. The implementation of a logical or is simplified when fewer bits are used. This changing the level of granularity by changing the bits representing the superpages allows for a greater degree of design customization to meet the speed and space reduction requirements depending on the system needs.
In one embodiment, the NoDMA cache 109 and the Northbridge 117 process a set of instructions related to the NoDMA cache 109 functions. Cache 109 may be enabled or disabled by different instructions. The enable instruction enables use of the NoDMA cache, clears all valid bits in the cache 109 that store entries, and sets status bits in the Northbridge 117 and cache registers that indicate enablement of the NoDMA cache 109. The disable instruction disables the NoDMA cache 109 and clears status bits in the north bridge 117 and registers of the cache 109 indicating enablement of the cache 109. The NoDMA cache 109 may be disabled when the NoDMA table 103 is enabled. An invalidate instruction clears the valid bits of all entries in the cache.
In one embodiment, a bit or stored value, such as a superpage bit, page bit, LRU bit, or similar stored value, is "set" by storing a logical "1" or set of logical "1" s in the appropriate field. A bit or stored value may be logically "set" by storing any value including a logical "0". The assigned values are defined in connection with a "set" operation. Similarly, a "clear" operation on a bit or stored value may use any assigned value other than the "set" indicator value.
In one embodiment, the NoDMA cache 109 is maintained by software, such as an operating system. When a write operation is allowed, the operating system is responsible for correctly invalidating references to written regions in the NoDMA cache 109. In one embodiment, the OS updates the NoDMA table 103 to identify the private pages. The OS also determines whether other memory accesses are in progress while the NoDMA table 103 or the NoDMA cache 109 is being checked.
Fig. 4 is a flow diagram of the operation of the noddma cache 109. In one embodiment, the memory access request is processed by the CDB 107 and the CDB interface 113 (block 401). The CDB interface 113 checks the noddma cache 109 to determine if the address requested for access is stored in the cache 109. Using the CAM structure 301, the requested address is compared to the address identification 305 stored in the cache 109 (block 403). If an identification 305 matching the requested page address is found in cache 109, the corresponding valid bit is checked to determine if the cache entry is still valid (block 405). If the valid bit is set, the page privacy indicator 311 is checked (block 409). If the privacy indicator is set, the access is denied and an error may be recorded (block 417). If the privacy indicator is not set, the access is allowed (block 419).
In one embodiment, when no entry is found in the cache 109 for the requested page, then the cache 109 is checked to determine if protected information is stored in the superpage. First, the address identifier 305 is checked for a corresponding superpage entry (block 411). If an entry is found, its validity is checked (block 413). If a superpage entry is found and protected data is not stored in the superpage (block 415), the memory access request is allowed to continue (block 419). If the super page privacy indicator 313 is set, the access is denied and an error may be recorded (block 417).
In one embodiment, if the requested superpage address is not found in the cache 109 or the entry is invalid, the page security information is retrieved from the NoDMA table 103 stored in the system memory 101 (block 407). The address identification is stored in an available cache line and the valid bit of the line is cleared. The data accessed from the NoDMA table 103 is then stored in the NoDMA cache 109 (block 421).
The entries created in cache 109 include page privacy indicator 31 and super page privacy indicator 313. The super page privacy indicator 313 is calculated and stored based on the logical OR of the pages in the super page (block 423). In one embodiment, the particular page security information is retrieved and stored as an entry. In another embodiment, the entry would correspond to the first page in a superpage. In another embodiment, an entry may correspond to any one of the superpages. When an entry is created, the valid bit of the entry is set (block 425).
When there is protected information in the page, memory access is not allowed (block 417). Depending on the type of memory access (e.g., read or write), an error response message may be returned (e.g., if a read operation is denied, the normal response message may be replaced with the error response message). The errors and denied accesses are logged for subsequent analysis to determine the cause of the error or to determine whether a malicious request or attack was made. In one embodiment, the type of request that generated the error or security record may be defined (e.g., set by the operating system). In one embodiment, the north bridge 117 responds to an access violation from the NoDMA cache 109 by recording a fatal error and restarting. Errors include accessing pages with secrets when not allowed, or accessing the NoDMA table 103. The error is recorded in an error register. The error register may map the appropriate signaling method for a given detected error. The error register may not be accessible by I/O devices that may request memory accesses.
In one embodiment, the NoDMA cache 109 is implemented in software (e.g., microcode or a higher level computer language). Software implementations may also be used to perform simulations or simulations of the NoDMA cache 109. The software implementation may be stored on a machine-readable medium. A "machine-readable" medium may include any medium that can store or transfer information. Examples of machine-readable media include ROM, floppy disks, CD-ROMs, optical disks, hard disks, Radio Frequency (RF) links, or the like.
In the foregoing specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (16)

1. An apparatus for accessing memory, comprising:
a content addressable memory;
a first storage device coupled to the content addressable memory to store a first privacy indicator for a first section of the memory, wherein the first privacy indicator indicates whether the first section contains protected information; and
a second storage device coupled to the content addressable memory to store a second privacy indicator for the superset of memory segments, the superset of segments comprising the first segment, wherein the second privacy indicator indicates whether the superset of segments contains protected information.
2. The apparatus of claim 1, further comprising:
the cache manages the storage device.
3. The apparatus of claim 1, further comprising:
circuitry for determining a value of the second privacy indicator.
4. The apparatus of claim 1, wherein the first section is a page.
5. The apparatus of claim 1, wherein the superset of extents is a superpage.
6. The apparatus of claim 1, further comprising:
circuitry for altering data stored in the content addressable memory.
7. A method for accessing memory, comprising:
storing an address of a table entry in the memory;
storing a first privacy indicator for a first section of the memory, wherein the first privacy indicator indicates whether the first section contains protected information; and
storing a second privacy indicator for a superset of segments, the superset of segments comprising the first segment, wherein the second privacy indicator indicates whether the superset of segments contains protected information.
8. The method of claim 7, further comprising:
receiving a memory access request;
comparing the requested address with the stored address; and
determining whether a second privacy bit for the stored address is set.
9. The method of claim 8, further comprising:
determining whether the first privacy indicator is set.
10. The method of claim 8, further comprising:
if the second privacy indicator is set, a violation indicator is generated.
11. The method of claim 10, further comprising:
recording the violation indicator.
12. The method of claim 8, wherein the superset of extents is a superpage.
13. An apparatus for accessing memory, comprising:
a bus;
a memory device coupled to the bus;
a processor coupled to the bus;
a cache coupled to the memory device,
a first privacy indicator to store for a first section of the memory device, wherein the first privacy indicator indicates whether the first section contains protected information, an
A second privacy indicator to store a superset for the first segment of the memory device, wherein the second privacy indicator indicates whether the superset contains protected information; and
a network interface device coupled to the cache.
14. The apparatus of claim 13, wherein the cache comprises cache management circuitry.
15. The apparatus of claim 13, further comprising:
circuitry for determining a value of the second privacy indicator.
16. The apparatus of claim 13, further comprising:
a peripheral coupled to the second bus;
wherein the second bus is coupled to the cache.
HK05101793.2A 2003-03-31 2005-03-01 An apparatus and method for accessing memory HK1069450B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/404,881 2003-03-31
US10/404,881 US7296127B2 (en) 2003-03-31 2003-03-31 NoDMA cache

Publications (2)

Publication Number Publication Date
HK1069450A1 HK1069450A1 (en) 2005-05-20
HK1069450B true HK1069450B (en) 2007-08-03

Family

ID=

Similar Documents

Publication Publication Date Title
US7571294B2 (en) NoDMA cache
US7739474B2 (en) Method and system for unifying memory access for CPU and IO operations
US9639482B2 (en) Software cryptoprocessor
US9734092B2 (en) Secure support for I/O in software cryptoprocessor
US7739466B2 (en) Method and apparatus for supporting immutable memory
CN1278244C (en) Memory management system and method providing linear address based memory access security
US20030204693A1 (en) Methods and arrangements to interface memory
EP1898311A1 (en) Method and apparatus for preventing software side channel attacks
KR20040093472A (en) System and method providing region-granular, hardware-controlled memory encryption
CN1511286A (en) Method and device for securing memory part
KR20190142910A (en) Heterogeneous isolated execution for commodity gpus
US7454787B2 (en) Secure direct memory access through system controllers and similar hardware devices
US20180217941A1 (en) Method and System for Using Processor Enclaves and Cache Partitioning to Assist a Software Cryptoprocessor
US11940927B2 (en) Technologies for memory tagging
US7246213B2 (en) Data address security device and method
HK1069450B (en) An apparatus and method for accessing memory
CN116644483A (en) Confidential Computing Using Device Memory Isolation
CN114077496A (en) Pre-POPA request for read on hit
JP6257844B2 (en) Execution control device, execution control method, and execution control program