JP2024541487A - 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントのスケジューリング - Google Patents

処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントのスケジューリング Download PDF

Info

Publication number
JP2024541487A
JP2024541487A JP2024531095A JP2024531095A JP2024541487A JP 2024541487 A JP2024541487 A JP 2024541487A JP 2024531095 A JP2024531095 A JP 2024531095A JP 2024531095 A JP2024531095 A JP 2024531095A JP 2024541487 A JP2024541487 A JP 2024541487A
Authority
JP
Japan
Prior art keywords
secure
processor core
thread
execution
exclusive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2024531095A
Other languages
English (en)
Japanese (ja)
Other versions
JP2024541487A5 (https=
Inventor
リヒテナウ、セドリック
ラング、ヤコブ
パッシュ、エベルハルト
ボーントレーガー、クリスチャン
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2024541487A publication Critical patent/JP2024541487A/ja
Publication of JP2024541487A5 publication Critical patent/JP2024541487A5/ja
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Executing Machine-Instructions (AREA)
  • Hardware Redundancy (AREA)
JP2024531095A 2021-12-03 2022-11-09 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントのスケジューリング Pending JP2024541487A (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US17/457,449 US12314755B2 (en) 2021-12-03 2021-12-03 Scheduling a secure code segment on a processor core of a processing unit
US17/457,449 2021-12-03
PCT/EP2022/081210 WO2023099136A1 (en) 2021-12-03 2022-11-09 Scheduling a secure code segment on a processor core of a processing unit

Publications (2)

Publication Number Publication Date
JP2024541487A true JP2024541487A (ja) 2024-11-08
JP2024541487A5 JP2024541487A5 (https=) 2024-11-15

Family

ID=84364273

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2024531095A Pending JP2024541487A (ja) 2021-12-03 2022-11-09 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントのスケジューリング

Country Status (4)

Country Link
US (1) US12314755B2 (https=)
EP (1) EP4441600A1 (https=)
JP (1) JP2024541487A (https=)
WO (1) WO2023099136A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010113585A (ja) * 2008-11-07 2010-05-20 Internatl Business Mach Corp <Ibm> 外部資源を排他使用しながら実行される命令の実行時間の遅延を防ぐためのコンピュータ・システム、並びにその方法及びコンピュータ・プログラム
JP2013152636A (ja) * 2012-01-25 2013-08-08 Toyota Motor Corp 情報処理装置、タスクスケジューリング方法
JP2015014966A (ja) * 2013-07-05 2015-01-22 日本電気株式会社 情報処理装置、情報処理方法、および、情報処理プログラム
JP2021089727A (ja) * 2019-12-05 2021-06-10 マーベル アジア ピーティーイー、リミテッド 命令の機密としての動的な指定

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1870814B1 (en) 2006-06-19 2014-08-13 Texas Instruments France Method and apparatus for secure demand paging for processor devices
US7707578B1 (en) 2004-12-16 2010-04-27 Vmware, Inc. Mechanism for scheduling execution of threads for fair resource allocation in a multi-threaded and/or multi-core processing system
US20080271027A1 (en) 2007-04-27 2008-10-30 Norton Scott J Fair share scheduling with hardware multithreading
US8219996B1 (en) 2007-05-09 2012-07-10 Hewlett-Packard Development Company, L.P. Computer processor with fairness monitor
US20090031314A1 (en) 2007-07-25 2009-01-29 Microsoft Corporation Fairness in memory systems
US7996663B2 (en) 2007-12-27 2011-08-09 Intel Corporation Saving and restoring architectural state for processor cores
US8522354B2 (en) 2008-05-24 2013-08-27 Via Technologies, Inc. Microprocessor apparatus for secure on-die real-time clock
US9183399B2 (en) 2013-02-14 2015-11-10 International Business Machines Corporation Instruction set architecture with secure clear instructions for protecting processing unit architected state information
CA2915620C (en) 2013-06-18 2022-12-13 Ciambella Ltd. Method and apparatus for code virtualization and remote process call generation
US9594927B2 (en) 2014-09-10 2017-03-14 Intel Corporation Providing a trusted execution environment using a processor
WO2016094840A2 (en) 2014-12-11 2016-06-16 Ghosh Sudeep System, method & computer readable medium for software protection via composable process-level virtual machines
US10719420B2 (en) 2015-02-10 2020-07-21 International Business Machines Corporation System level testing of multi-threading functionality including building independent instruction streams while honoring architecturally imposed common fields and constraints
US11354128B2 (en) 2015-03-04 2022-06-07 Intel Corporation Optimized mode transitions through predicting target state
DE102015213263A1 (de) 2015-07-15 2017-01-19 Siemens Aktiengesellschaft Prozessor mit wahlweise einschaltbaren Sicherheitsfunktionen
US9864879B2 (en) * 2015-10-06 2018-01-09 Micron Technology, Inc. Secure subsystem
US10534725B2 (en) 2017-07-25 2020-01-14 International Business Machines Corporation Computer system software/firmware and a processor unit with a security module
US10783240B2 (en) * 2017-09-29 2020-09-22 Stmicroelectronics, Inc. Secure environment in a non-secure microcontroller
CN109858288B (zh) 2018-12-26 2021-04-13 中国科学院信息工程研究所 实现虚拟机安全隔离的方法与装置
US11372647B2 (en) 2019-12-05 2022-06-28 Marvell Asia Pte, Ltd. Pipelines for secure multithread execution
CN111753311B (zh) 2020-08-28 2020-12-15 支付宝(杭州)信息技术有限公司 超线程场景下安全进入可信执行环境的方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010113585A (ja) * 2008-11-07 2010-05-20 Internatl Business Mach Corp <Ibm> 外部資源を排他使用しながら実行される命令の実行時間の遅延を防ぐためのコンピュータ・システム、並びにその方法及びコンピュータ・プログラム
JP2013152636A (ja) * 2012-01-25 2013-08-08 Toyota Motor Corp 情報処理装置、タスクスケジューリング方法
JP2015014966A (ja) * 2013-07-05 2015-01-22 日本電気株式会社 情報処理装置、情報処理方法、および、情報処理プログラム
JP2021089727A (ja) * 2019-12-05 2021-06-10 マーベル アジア ピーティーイー、リミテッド 命令の機密としての動的な指定

Also Published As

Publication number Publication date
US20230176901A1 (en) 2023-06-08
WO2023099136A1 (en) 2023-06-08
EP4441600A1 (en) 2024-10-09
US12314755B2 (en) 2025-05-27

Similar Documents

Publication Publication Date Title
US20160239335A1 (en) Management of virtual machine migration in an operating environment
US9697128B2 (en) Prefetch threshold for cache restoration
US10331481B2 (en) Automatic reconfiguration of high performance computing job schedulers based on user behavior, user feedback, and job performance monitoring
AU2015330266B2 (en) Efficient interruption routing for a multithreaded processor
US10884749B2 (en) Control of speculative demand loads
US20170116030A1 (en) Low latency scheduling on simultaneous multi-threading cores
JP2024541488A (ja) 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントの動作
US10552812B2 (en) Scenario based logging
US8935516B2 (en) Enabling portions of programs to be executed on system z integrated information processor (zIIP) without requiring programs to be entirely restructured
JP2024541487A (ja) 処理ユニットのプロセッサ・コア上のセキュア・コード・セグメントのスケジューリング
US10162754B2 (en) Lateral cast out of cache memory
US10599479B2 (en) Resource sharing management of a field programmable device
US10002022B2 (en) Processing interrupt requests
US10545891B2 (en) Configurable interrupts for allowing an application to independently handle interrupts
US10303580B2 (en) Controlling debug processing
KR101820269B1 (ko) 마이그레이션 방법 및 시스템
US9811396B2 (en) Direct application-level control of multiple asynchronous events
US9628323B1 (en) Selective routing of asynchronous event notifications
US10324728B2 (en) Lightweight interrupts for condition checking
HK1237089A1 (en) Efficient interruption routing for a multithreaded processor

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20241105

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20250415

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20260120

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20260210

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20260421