JP6450775B2 - 処理システムにおける情報の暗号保護 - Google Patents
処理システムにおける情報の暗号保護 Download PDFInfo
- Publication number
- JP6450775B2 JP6450775B2 JP2016554448A JP2016554448A JP6450775B2 JP 6450775 B2 JP6450775 B2 JP 6450775B2 JP 2016554448 A JP2016554448 A JP 2016554448A JP 2016554448 A JP2016554448 A JP 2016554448A JP 6450775 B2 JP6450775 B2 JP 6450775B2
- Authority
- JP
- Japan
- Prior art keywords
- information
- cache
- memory access
- access request
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title description 48
- 238000000034 method Methods 0.000 claims description 65
- 230000004044 response Effects 0.000 claims description 40
- 238000013519 translation Methods 0.000 claims description 27
- 238000010586 diagram Methods 0.000 description 23
- 238000004519 manufacturing process Methods 0.000 description 13
- 238000013461 design Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 230000001681 protective effect Effects 0.000 description 10
- 230000000694 effects Effects 0.000 description 8
- 238000002955 isolation Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 3
- 230000015572 biosynthetic process Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 238000003786 synthesis reaction Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000011960 computer-aided design Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012942 design verification Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1027—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
- G06F12/1036—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] for multiple virtual address spaces, e.g. segmentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/40—Specific encoding of data in memory or cache
- G06F2212/402—Encrypted data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Description
Claims (17)
- 第1プロセッサコアにて、第1の要求された情報を識別する仮想アドレスを含む第1メモリアクセス要求を生成することと、
トランスレーションルックアサイドバッファ(TLB)にて、前記仮想アドレスと、前記第1メモリアクセス要求に関連する仮想マシン(VM)タグ値とに基づいて、前記TLBが前記仮想アドレス及び前記VMタグ値のエントリを含むことを識別したことに応じて、前記仮想アドレスに対応するシステム物理アドレスと、前記VMタグ値と、前記第1の要求された情報が暗号保護用に指定されているかどうかの指示と、をキャッシュのキャッシュコントローラに送信することと、
前記キャッシュコントローラにて、前記キャッシュが、前記VMタグ値と、前記システム物理アドレスと、前記第1の要求された情報が暗号保護用に指定されているかどうかの指示と、に対応するエントリを含むことを識別したことに応じて、キャッシュヒットを示し、前記キャッシュにおいて前記第1メモリアクセス要求を満たすことと、
を備える、方法。 - 前記第1メモリアクセス要求の前記仮想アドレスに対応するゲスト物理アドレスに含まれるビットに基づいて、前記第1の要求された情報が暗号保護用に指定されているのを識別すること、
をさらに備える、請求項1の方法。 - 前記ゲスト物理アドレスを含むページテーブルに基づいて、前記ゲスト物理アドレスに含まれるビットを識別すること、
をさらに備える、請求項2の方法。 - 前記第1の要求された情報が暗号保護用に指定されているのを識別したことに応じて、
前記メモリアクセス要求を生成した仮想マシンを示す仮想マシン識別値に基づいて、キーを識別すること、をさらに備え、
前記第1の要求された情報を暗号化することは、前記キーに基づいて前記第1の要求された情報を暗号化することを含む、
請求項1の方法。 - 前記プロセッサコアから分離したセキュリティモジュールから前記キーを受信すること、
をさらに備える、請求項4の方法。 - 前記第1メモリアクセス要求を受信することは、前記プロセッサコアで実行されるハイパーバイザを介して前記第1メモリアクセス要求を受信することを備える、
請求項1の方法。 - メモリコントローラにて、第2の要求された情報をメモリに書き込むための第2メモリアクセス要求を受信することと、
前記第2の要求された情報が暗号保護用に指定されていないのを識別したことに応じて、前記メモリコントローラにて、前記第2の要求された情報を暗号化せずに、前記メモリで記憶するために前記第2の要求された情報を提供することと、
をさらに備える、請求項1の方法。 - 前記キャッシュが前記VMタグ値に対応するエントリを含まないことを識別したことに応じて、キャッシュミスを示すこと、
をさらに備える、請求項1の方法。 - プロセッサのメモリコントローラにて、第1仮想マシンから第1メモリアクセス要求を受信したことに応じて、
前記第1仮想マシンに割り当てられた第1キーを識別することと、
前記第1キーに基づいて、前記第1メモリアクセス要求に関連した第1情報を前記メモリコントローラにて暗号化することと、
前記プロセッサのキャッシュにて、前記第1情報を識別する仮想アドレスを含む第2メモリアクセス要求を受信したことと、トランスレーションルックアサイドバッファ(TLB)にて、前記仮想アドレスと、前記第2メモリアクセス要求に関連する仮想マシンタグ値とに基づいて、前記TLBが前記仮想アドレス及び前記仮想マシンタグ値のエントリを含むことを識別したこととに応じて、前記仮想アドレスに対応するシステム物理アドレスと、前記仮想マシンタグ値と、前記第1情報が暗号保護用に指定されているかどうかの指示と、をキャッシュのキャッシュコントローラに送信することと、
前記キャッシュコントローラにて、前記キャッシュが、前記仮想マシンタグ値と、前記システム物理アドレスと、前記第1情報が暗号保護用に指定されているかどうかの指示と、に対応するエントリを含むことを識別したことに応じて、キャッシュヒットを示し、前記キャッシュにおいて前記第1メモリアクセス要求を満たすことによって、暗号化された前記第1情報へのアクセスを提供することと、
を備える、方法。 - 前記メモリコントローラにて、前記第1キーとは異なる第2キーが割り当てられている第2仮想マシンから第3メモリアクセス要求を受信したことに応じて、
前記第2仮想マシンが前記第3メモリアクセス要求に関連する第1情報を正しく解釈できないようにすることと、
をさらに備える、請求項9の方法。 - 前記キャッシュが前記仮想マシンタグ値に対応するエントリを含まないことを識別したことに応じて、キャッシュミスを示すこと、
をさらに備える、請求項9の方法。 - 前記第1情報を暗号化することは、前記第1メモリアクセス要求の前記仮想アドレスに対応するゲスト物理アドレスに含まれるビットに基づいて前記第1情報が暗号保護用に指定されているのを識別したことに応じて、前記第1情報を暗号化することを備える、
請求項9の方法。 - 第1の要求された情報を識別する仮想アドレスを含む第1メモリアクセス要求を生成するプロセッサコアと、
トランスレーションルックアサイドバッファ(TLB)であって、前記仮想アドレスと、前記第1メモリアクセス要求に関連する仮想マシン(VM)タグ値とに基づいて、前記仮想アドレス及び前記VMタグ値のエントリを含むことを識別するTLBと、
前記仮想アドレスに対応するシステム物理アドレスと、前記VMタグ値と、前記第1の要求された情報が暗号保護用に指定されているかどうかの指示と、を前記TLBから受信するキャッシュのキャッシュコントローラであって、前記キャッシュが、前記VMタグ値と、前記システム物理アドレスと、前記第1の要求された情報が暗号保護用に指定されているかどうかの指示と、に対応するエントリを含むことを識別したことに応じて、キャッシュヒットを示し、前記キャッシュにおいて前記第1メモリアクセス要求を満たすキャッシュコントローラと、を備える、
プロセッサ。 - 前記第1の要求された情報が暗号保護用に指定されているかどうかの指示は、前記第1メモリアクセス要求の前記仮想アドレスに対応するゲスト物理アドレスに含まれるビットを備える、
請求項13のプロセッサ。 - 前記ゲスト物理アドレスを含むページテーブルに基づいて、前記ゲスト物理アドレスに含まれるビットを識別するアドレス生成ユニットをさらに備える、
請求項14のプロセッサ。 - 第1仮想マシンから前記第1メモリアクセス要求を受信したことに応じて、前記第1仮想マシンに割り当てられた第1キーを識別し、前記第1メモリアクセス要求に関連する前記第1の要求された情報を前記第1キーに基づいて暗号化するメモリコントローラをさらに備える、
請求項13のプロセッサ。 - 前記キャッシュコントローラは、
前記キャッシュが前記仮想マシンタグ値に対応するエントリを含まないことを識別したことに応じて、キャッシュミスを示す、
請求項13のプロセッサ。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201461946086P | 2014-02-28 | 2014-02-28 | |
PCT/US2015/017925 WO2015178987A2 (en) | 2014-02-28 | 2015-02-27 | Cryptographic protection of information in a processing system |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2017517043A JP2017517043A (ja) | 2017-06-22 |
JP2017517043A5 JP2017517043A5 (ja) | 2018-04-05 |
JP6450775B2 true JP6450775B2 (ja) | 2019-01-09 |
Family
ID=54006834
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016554448A Active JP6450775B2 (ja) | 2014-02-28 | 2015-02-27 | 処理システムにおける情報の暗号保護 |
Country Status (6)
Country | Link |
---|---|
US (2) | US9792448B2 (ja) |
EP (1) | EP3111365B1 (ja) |
JP (1) | JP6450775B2 (ja) |
KR (1) | KR102456084B1 (ja) |
CN (2) | CN106062768B (ja) |
WO (1) | WO2015178987A2 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220222137A1 (en) * | 2021-01-12 | 2022-07-14 | Qualcomm Incorporated | Protected data streaming between memories |
Families Citing this family (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9239909B2 (en) * | 2012-01-25 | 2016-01-19 | Bromium, Inc. | Approaches for protecting sensitive data within a guest operating system |
US9792448B2 (en) | 2014-02-28 | 2017-10-17 | Advanced Micro Devices, Inc. | Cryptographic protection of information in a processing system |
US10095532B2 (en) * | 2014-04-28 | 2018-10-09 | Netkine, Inc. | Providing excess compute resources with virtualization |
US9298647B2 (en) * | 2014-08-25 | 2016-03-29 | HGST Netherlands B.V. | Method and apparatus to generate zero content over garbage data when encryption parameters are changed |
US9875189B2 (en) | 2015-06-12 | 2018-01-23 | Intel Corporation | Supporting secure memory intent |
US9710401B2 (en) | 2015-06-26 | 2017-07-18 | Intel Corporation | Processors, methods, systems, and instructions to support live migration of protected containers |
US9767318B1 (en) * | 2015-08-28 | 2017-09-19 | Frank Dropps | Secure controller systems and associated methods thereof |
US10152612B2 (en) * | 2015-09-25 | 2018-12-11 | Intel Corporation | Cryptographic operations for secure page mapping in a virtual machine environment |
US10664179B2 (en) | 2015-09-25 | 2020-05-26 | Intel Corporation | Processors, methods and systems to allow secure communications between protected container memory and input/output devices |
GB2543520B (en) * | 2015-10-20 | 2019-06-19 | Advanced Risc Mach Ltd | Memory access instructions |
US10102151B2 (en) * | 2015-11-06 | 2018-10-16 | International Business Machines Corporation | Protecting a memory from unauthorized access |
US10146936B1 (en) * | 2015-11-12 | 2018-12-04 | EMC IP Holding Company LLC | Intrusion detection for storage resources provisioned to containers in multi-tenant environments |
CN108496159A (zh) * | 2016-01-21 | 2018-09-04 | 惠普发展公司,有限责任合伙企业 | 数据密码引擎 |
FR3048529B1 (fr) * | 2016-03-01 | 2018-03-23 | Ingenico Group | Procede de modulation d'acces a une ressource, dispositif et programme correspondant |
US20170277903A1 (en) * | 2016-03-22 | 2017-09-28 | Qualcomm Incorporated | Data Protection Using Virtual Resource Views |
US20170277898A1 (en) * | 2016-03-25 | 2017-09-28 | Advanced Micro Devices, Inc. | Key management for secure memory address spaces |
US10348500B2 (en) * | 2016-05-05 | 2019-07-09 | Adventium Enterprises, Llc | Key material management |
US11126565B2 (en) * | 2016-06-27 | 2021-09-21 | Hewlett Packard Enterprise Development Lp | Encrypted memory access using page table attributes |
US10261919B2 (en) * | 2016-07-08 | 2019-04-16 | Hewlett Packard Enterprise Development Lp | Selective memory encryption |
US20180081830A1 (en) * | 2016-09-20 | 2018-03-22 | Advanced Micro Devices, Inc. | Hardware supervision of page tables |
US10459850B2 (en) * | 2016-09-20 | 2019-10-29 | Advanced Micro Devices, Inc. | System and method for virtualized process isolation including preventing a kernel from accessing user address space |
US10740466B1 (en) | 2016-09-29 | 2020-08-11 | Amazon Technologies, Inc. | Securing interfaces of a compute node |
US10176122B2 (en) | 2016-10-19 | 2019-01-08 | Advanced Micro Devices, Inc. | Direct memory access authorization in a processing system |
US20180165224A1 (en) * | 2016-12-12 | 2018-06-14 | Ati Technologies Ulc | Secure encrypted virtualization |
US10417433B2 (en) * | 2017-01-24 | 2019-09-17 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Encryption and decryption of data owned by a guest operating system |
US10496425B2 (en) * | 2017-02-21 | 2019-12-03 | Red Hat, Inc. | Systems and methods for providing processor state protections in a virtualized environment |
US10474359B1 (en) | 2017-02-28 | 2019-11-12 | Amazon Technologies, Inc. | Write minimization for de-allocated memory |
US10404674B1 (en) * | 2017-02-28 | 2019-09-03 | Amazon Technologies, Inc. | Efficient memory management in multi-tenant virtualized environment |
US10901627B1 (en) | 2017-02-28 | 2021-01-26 | Amazon Technologies, Inc. | Tracking persistent memory usage |
US10338951B2 (en) | 2017-03-01 | 2019-07-02 | Red Hat, Inc. | Virtual machine exit support by a virtual machine function |
US10509733B2 (en) | 2017-03-24 | 2019-12-17 | Red Hat, Inc. | Kernel same-page merging for encrypted memory |
US10209917B2 (en) | 2017-04-20 | 2019-02-19 | Red Hat, Inc. | Physical memory migration for secure encrypted virtual machines |
US10379764B2 (en) | 2017-05-11 | 2019-08-13 | Red Hat, Inc. | Virtual machine page movement for encrypted memory |
US10771439B2 (en) * | 2017-06-28 | 2020-09-08 | Microsoft Technology Licensing, Llc | Shielded networks for virtual machines |
US11030117B2 (en) * | 2017-07-14 | 2021-06-08 | Advanced Micro Devices, Inc. | Protecting host memory from access by untrusted accelerators |
US11354420B2 (en) * | 2017-07-21 | 2022-06-07 | Red Hat, Inc. | Re-duplication of de-duplicated encrypted memory |
US10657071B2 (en) * | 2017-09-25 | 2020-05-19 | Intel Corporation | System, apparatus and method for page granular, software controlled multiple key memory encryption |
US20190102324A1 (en) * | 2017-09-29 | 2019-04-04 | Intel Corporation | Cache behavior for secure memory repartitioning systems |
US11281495B2 (en) | 2017-10-26 | 2022-03-22 | Advanced Micro Devices, Inc. | Trusted memory zone |
KR20190075363A (ko) * | 2017-12-21 | 2019-07-01 | 삼성전자주식회사 | 반도체 메모리 장치, 이를 포함하는 메모리 시스템 및 메모리 모듈 |
US10893505B2 (en) | 2018-01-23 | 2021-01-12 | Statum Systems Inc. | Enhanced pager network |
US11074997B2 (en) * | 2018-01-23 | 2021-07-27 | Statum Systems Inc. | Multi-modal encrypted messaging system |
US10838773B2 (en) | 2018-03-30 | 2020-11-17 | Intel Corporation | Techniques for dynamic resource allocation among cryptographic domains |
US10871983B2 (en) * | 2018-05-31 | 2020-12-22 | Intel Corporation | Process-based multi-key total memory encryption |
CN110659226A (zh) * | 2018-06-28 | 2020-01-07 | 晨星半导体股份有限公司 | 用以存取数据的方法以及相关电路 |
GB2576005B (en) * | 2018-07-31 | 2020-10-07 | Advanced Risc Mach Ltd | Handling guard tag loss |
US10838915B2 (en) * | 2018-09-06 | 2020-11-17 | International Business Machines Corporation | Data-centric approach to analysis |
US10838722B2 (en) * | 2018-12-20 | 2020-11-17 | Intel Corporation | Restartable cache write-back and invalidation |
US11829517B2 (en) * | 2018-12-20 | 2023-11-28 | Intel Corporation | Method and apparatus for trust domain creation and destruction |
US10956188B2 (en) * | 2019-03-08 | 2021-03-23 | International Business Machines Corporation | Transparent interpretation of guest instructions in secure virtual machine environment |
US11176054B2 (en) * | 2019-03-08 | 2021-11-16 | International Business Machines Corporation | Host virtual address space for secure interface control storage |
US11403409B2 (en) | 2019-03-08 | 2022-08-02 | International Business Machines Corporation | Program interruptions for page importing/exporting |
US11068310B2 (en) | 2019-03-08 | 2021-07-20 | International Business Machines Corporation | Secure storage query and donation |
US11455398B2 (en) | 2019-03-08 | 2022-09-27 | International Business Machines Corporation | Testing storage protection hardware in a secure virtual machine environment |
US11283800B2 (en) | 2019-03-08 | 2022-03-22 | International Business Machines Corporation | Secure interface control secure storage hardware tagging |
US11182192B2 (en) | 2019-03-08 | 2021-11-23 | International Business Machines Corporation | Controlling access to secure storage of a virtual machine |
US11347869B2 (en) | 2019-03-08 | 2022-05-31 | International Business Machines Corporation | Secure interface control high-level page management |
US11206128B2 (en) | 2019-03-08 | 2021-12-21 | International Business Machines Corporation | Secure paging with page change detection |
EP4004773B1 (en) * | 2019-07-29 | 2023-09-06 | Intertrust Technologies Corporation | Systems and methods for managing state |
US11842227B2 (en) | 2019-10-10 | 2023-12-12 | Advanced Micro Devices, Inc. | Hypervisor secure event handling at a processor |
CN112825041A (zh) * | 2019-11-21 | 2021-05-21 | 上海海思技术有限公司 | 一种内存隔离的装置、内存隔离方法和相关设备 |
US11614956B2 (en) | 2019-12-06 | 2023-03-28 | Red Hat, Inc. | Multicast live migration for encrypted virtual machines |
US11763008B2 (en) | 2020-01-15 | 2023-09-19 | International Business Machines Corporation | Encrypting data using an encryption path and a bypass path |
US11520709B2 (en) * | 2020-01-15 | 2022-12-06 | International Business Machines Corporation | Memory based encryption using an encryption key based on a physical address |
US11567791B2 (en) * | 2020-06-26 | 2023-01-31 | Intel Corporation | Technology for moving data between virtual machines without copies |
CN111949376B (zh) * | 2020-08-24 | 2021-12-17 | 海光信息技术股份有限公司 | 虚拟机系统和用于虚拟机系统的方法 |
US11620377B2 (en) * | 2020-08-27 | 2023-04-04 | Ventana Micro Systems Inc. | Physically-tagged data cache memory that uses translation context to reduce likelihood that entries allocated during execution under one translation context are accessible during execution under another translation context |
US11625479B2 (en) | 2020-08-27 | 2023-04-11 | Ventana Micro Systems Inc. | Virtually-tagged data cache memory that uses translation context to make entries allocated during execution under one translation context inaccessible during execution under another translation context |
US11782127B2 (en) | 2021-02-05 | 2023-10-10 | Nxp Usa, Inc. | Stop criterion for greedy target detection algorithms in radar applications using sparse phased arrays |
US11567676B2 (en) | 2021-04-30 | 2023-01-31 | Nxp B.V. | Inline encryption/decryption for a memory controller |
NL2028534B1 (en) * | 2021-06-24 | 2023-01-02 | Technolution B V | Processor for secure data processing |
CN113688407A (zh) * | 2021-07-30 | 2021-11-23 | 山东云海国创云计算装备产业创新中心有限公司 | 一种数据管理方法及相关装置 |
US12019772B2 (en) | 2021-09-14 | 2024-06-25 | International Business Machines Corporation | Storing diagnostic state of secure virtual machines |
US20230188338A1 (en) * | 2021-12-10 | 2023-06-15 | Amazon Technologies, Inc. | Limiting use of encryption keys in an integrated circuit device |
CN114266082A (zh) * | 2021-12-16 | 2022-04-01 | 北京奕斯伟计算技术有限公司 | 防御控制流攻击的装置、方法、处理器、设备及存储介质 |
US11860797B2 (en) * | 2021-12-30 | 2024-01-02 | Advanced Micro Devices, Inc. | Peripheral device protocols in confidential compute architectures |
Family Cites Families (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5479630A (en) * | 1991-04-03 | 1995-12-26 | Silicon Graphics Inc. | Hybrid cache having physical-cache and virtual-cache characteristics and method for accessing same |
US20030053630A1 (en) | 2001-09-20 | 2003-03-20 | International Business Machines Corporation | Method and system for key usage control in an embedded security system |
US7246245B2 (en) * | 2002-01-10 | 2007-07-17 | Broadcom Corporation | System on a chip for network storage devices |
US7415708B2 (en) | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
US7305592B2 (en) | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
US7886293B2 (en) * | 2004-07-07 | 2011-02-08 | Intel Corporation | Optimizing system behavior in a virtual machine environment |
US20060021066A1 (en) | 2004-07-26 | 2006-01-26 | Ray Clayton | Data encryption system and method |
JP4795812B2 (ja) * | 2006-02-22 | 2011-10-19 | 富士通セミコンダクター株式会社 | セキュアプロセッサ |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
US20080126614A1 (en) * | 2006-09-26 | 2008-05-29 | Giap Yong Ooi | Input/output (I/O) device virtualization using hardware |
US8151262B2 (en) | 2007-03-30 | 2012-04-03 | Lenovo (Singapore) Pte. Ltd. | System and method for reporting the trusted state of a virtual machine |
JP4902460B2 (ja) * | 2007-08-08 | 2012-03-21 | キヤノン株式会社 | 画像処理装置、撮像装置及び画像処理方法 |
US8249257B2 (en) | 2007-09-28 | 2012-08-21 | Intel Corporation | Virtual TPM keys rooted in a hardware TPM |
JP4782871B2 (ja) * | 2007-10-03 | 2011-09-28 | 富士通株式会社 | デバイスアクセス制御プログラム、デバイスアクセス制御方法および情報処理装置 |
US20090113111A1 (en) | 2007-10-30 | 2009-04-30 | Vmware, Inc. | Secure identification of execution contexts |
CN100527098C (zh) * | 2007-11-27 | 2009-08-12 | 北京大学 | 一种虚拟机管理器的动态内存映射方法 |
JP5405799B2 (ja) | 2008-10-30 | 2014-02-05 | 株式会社日立製作所 | 仮想計算機の制御方法、仮想化プログラム及び仮想計算機システム |
US20100175108A1 (en) | 2009-01-02 | 2010-07-08 | Andre Protas | Method and system for securing virtual machines by restricting access in connection with a vulnerability audit |
US8738932B2 (en) | 2009-01-16 | 2014-05-27 | Teleputers, Llc | System and method for processor-based security |
US8219990B2 (en) | 2009-05-28 | 2012-07-10 | Novell, Inc. | Techniques for managing virtual machine (VM) states |
CN101620547B (zh) * | 2009-07-03 | 2012-05-30 | 中国人民解放军国防科学技术大学 | X86计算机虚拟化的物理中断处理方法 |
US8612975B2 (en) | 2009-07-07 | 2013-12-17 | Advanced Micro Devices, Inc. | World switch between virtual machines with selective storage of state information |
US8627112B2 (en) | 2010-03-30 | 2014-01-07 | Novell, Inc. | Secure virtual machine memory |
US8856504B2 (en) | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
JP5707760B2 (ja) * | 2010-07-20 | 2015-04-30 | 株式会社リコー | 情報処理システム、情報処理装置、情報処理方法、情報処理プログラム、及びそのプログラムを記録した記録媒体 |
US20120054740A1 (en) | 2010-08-31 | 2012-03-01 | Microsoft Corporation | Techniques For Selectively Enabling Or Disabling Virtual Devices In Virtual Environments |
US20120179904A1 (en) * | 2011-01-11 | 2012-07-12 | Safenet, Inc. | Remote Pre-Boot Authentication |
US8375221B1 (en) | 2011-07-29 | 2013-02-12 | Microsoft Corporation | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions |
US8788763B2 (en) | 2011-10-13 | 2014-07-22 | International Business Machines Corporation | Protecting memory of a virtual guest |
WO2013061375A1 (en) * | 2011-10-27 | 2013-05-02 | Hitachi, Ltd. | Storage system and its management method |
WO2013112538A1 (en) | 2012-01-23 | 2013-08-01 | Citrix Systems, Inc. | Storage encryption |
US8996887B2 (en) | 2012-02-24 | 2015-03-31 | Google Inc. | Log structured volume encryption for virtual machines |
US8656482B1 (en) | 2012-08-20 | 2014-02-18 | Bitdefender IPR Management Ltd. | Secure communication using a trusted virtual machine |
CN103020535B (zh) * | 2012-12-06 | 2016-05-04 | 苏州国芯科技有限公司 | 一种带比较功能的数据加解密系统 |
US9514313B2 (en) | 2013-03-15 | 2016-12-06 | Netiq Corporation | Techniques for secure data extraction in a virtual or cloud environment |
US9792448B2 (en) | 2014-02-28 | 2017-10-17 | Advanced Micro Devices, Inc. | Cryptographic protection of information in a processing system |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US10193879B1 (en) | 2014-05-07 | 2019-01-29 | Cisco Technology, Inc. | Method and system for software application deployment |
US20180060077A1 (en) | 2016-08-26 | 2018-03-01 | Qualcomm Incorporated | Trusted platform module support on reduced instruction set computing architectures |
-
2014
- 2014-09-24 US US14/494,643 patent/US9792448B2/en active Active
-
2015
- 2015-02-27 KR KR1020167024649A patent/KR102456084B1/ko active IP Right Grant
- 2015-02-27 WO PCT/US2015/017925 patent/WO2015178987A2/en active Application Filing
- 2015-02-27 CN CN201580010043.0A patent/CN106062768B/zh active Active
- 2015-02-27 JP JP2016554448A patent/JP6450775B2/ja active Active
- 2015-02-27 EP EP15796570.8A patent/EP3111365B1/en active Active
- 2015-06-24 US US14/748,883 patent/US10152602B2/en active Active
-
2016
- 2016-06-22 CN CN201680043168.8A patent/CN107851151B/zh active Active
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220222137A1 (en) * | 2021-01-12 | 2022-07-14 | Qualcomm Incorporated | Protected data streaming between memories |
US11630723B2 (en) * | 2021-01-12 | 2023-04-18 | Qualcomm Incorporated | Protected data streaming between memories |
KR20230110370A (ko) * | 2021-01-12 | 2023-07-21 | 퀄컴 인코포레이티드 | 메모리 간 보호된 데이터 스트리밍 |
Also Published As
Publication number | Publication date |
---|---|
EP3111365A4 (en) | 2017-11-01 |
US20160378522A1 (en) | 2016-12-29 |
KR102456084B1 (ko) | 2022-10-18 |
WO2015178987A3 (en) | 2016-01-28 |
CN106062768A (zh) | 2016-10-26 |
US10152602B2 (en) | 2018-12-11 |
WO2015178987A2 (en) | 2015-11-26 |
EP3111365A2 (en) | 2017-01-04 |
KR20160125987A (ko) | 2016-11-01 |
EP3111365B1 (en) | 2024-07-24 |
JP2017517043A (ja) | 2017-06-22 |
CN106062768B (zh) | 2020-06-05 |
US20150248357A1 (en) | 2015-09-03 |
CN107851151B (zh) | 2020-06-30 |
CN107851151A (zh) | 2018-03-27 |
US9792448B2 (en) | 2017-10-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6450775B2 (ja) | 処理システムにおける情報の暗号保護 | |
JP6618658B2 (ja) | 処理システムにおけるダイレクトメモリアクセス認可 | |
CN110447032B (zh) | 管理程序与虚拟机之间的存储器页转换监测 | |
CN109002706B (zh) | 一种基于用户级页表的进程内数据隔离保护方法和系统 | |
JP6620595B2 (ja) | 情報処理システム、情報処理装置、管理装置、処理プログラム、及び処理方法 | |
US10938559B2 (en) | Security key identifier remapping | |
US20200192825A1 (en) | Security for virtualized device | |
CN107526974A (zh) | 一种信息密码保护装置和方法 | |
CN107832589A (zh) | 软件版权保护方法及其系统 | |
JP6696352B2 (ja) | プログラマブルロジック装置、情報処理装置、処理方法、及び処理プログラム | |
JP6672341B2 (ja) | 仮想マシンの状態情報の保護 | |
US20240054071A1 (en) | Hardware mechanism to extend mktme protections to sgx data outside epc | |
US20240202289A1 (en) | Using Ownership Identifiers in Metadata in a Memory for Protecting Encrypted Data Stored in the Memory | |
US20240220417A1 (en) | Segmented non-contiguous reverse map table |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20180222 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20180222 |
|
A871 | Explanation of circumstances concerning accelerated examination |
Free format text: JAPANESE INTERMEDIATE CODE: A871 Effective date: 20180222 |
|
A975 | Report on accelerated examination |
Free format text: JAPANESE INTERMEDIATE CODE: A971005 Effective date: 20180410 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20180417 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20180713 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20180731 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20181030 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20181113 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20181210 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6450775 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |