JP7393846B2 - セキュア・インターフェイス制御の高レベルのページ管理 - Google Patents

セキュア・インターフェイス制御の高レベルのページ管理 Download PDF

Info

Publication number
JP7393846B2
JP7393846B2 JP2021549895A JP2021549895A JP7393846B2 JP 7393846 B2 JP7393846 B2 JP 7393846B2 JP 2021549895 A JP2021549895 A JP 2021549895A JP 2021549895 A JP2021549895 A JP 2021549895A JP 7393846 B2 JP7393846 B2 JP 7393846B2
Authority
JP
Japan
Prior art keywords
secure
page
host
guest
interface control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2021549895A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022523522A (ja
JP2022523522A5 (https=
JPWO2020182638A5 (https=
Inventor
シュヴィデフスキー、マーティン
カーステンス、ハイコ
ブラッドベリー、ジョナサン
ヘラー、リサ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022523522A publication Critical patent/JP2022523522A/ja
Publication of JP2022523522A5 publication Critical patent/JP2022523522A5/ja
Publication of JPWO2020182638A5 publication Critical patent/JPWO2020182638A5/ja
Application granted granted Critical
Publication of JP7393846B2 publication Critical patent/JP7393846B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
JP2021549895A 2019-03-08 2020-03-06 セキュア・インターフェイス制御の高レベルのページ管理 Active JP7393846B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,457 2019-03-08
US16/296,457 US11347869B2 (en) 2019-03-08 2019-03-08 Secure interface control high-level page management
PCT/EP2020/055966 WO2020182638A1 (en) 2019-03-08 2020-03-06 Secure interface control high-level page management

Publications (4)

Publication Number Publication Date
JP2022523522A JP2022523522A (ja) 2022-04-25
JP2022523522A5 JP2022523522A5 (https=) 2022-08-12
JPWO2020182638A5 JPWO2020182638A5 (https=) 2022-08-12
JP7393846B2 true JP7393846B2 (ja) 2023-12-07

Family

ID=69770912

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021549895A Active JP7393846B2 (ja) 2019-03-08 2020-03-06 セキュア・インターフェイス制御の高レベルのページ管理

Country Status (10)

Country Link
US (1) US11347869B2 (https=)
EP (1) EP3935509B1 (https=)
JP (1) JP7393846B2 (https=)
KR (1) KR102774738B1 (https=)
CN (1) CN113544654B (https=)
ES (1) ES3014595T3 (https=)
SG (1) SG11202105433TA (https=)
TW (1) TWI748338B (https=)
WO (1) WO2020182638A1 (https=)
ZA (1) ZA202105809B (https=)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11206128B2 (en) 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US11308215B2 (en) * 2019-03-08 2022-04-19 International Business Machines Corporation Secure interface control high-level instruction interception for interruption enablement
US11347529B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
CN118503993A (zh) * 2023-02-16 2024-08-16 华为技术有限公司 权限管理方法、相关装置及系统

Family Cites Families (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4456954A (en) * 1981-06-15 1984-06-26 International Business Machines Corporation Virtual machine system with guest architecture emulation using hardware TLB's for plural level address translations
US5343527A (en) 1993-10-27 1994-08-30 International Business Machines Corporation Hybrid encryption method and system for protecting reusable software components
US5757919A (en) 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
US6021201A (en) 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US6983365B1 (en) 2000-05-05 2006-01-03 Microsoft Corporation Encryption systems and methods for identifying and coalescing identical objects encrypted with different keys
US20020049878A1 (en) * 2000-10-23 2002-04-25 Giora Biran Data communications interfaces
US6996748B2 (en) * 2002-06-29 2006-02-07 Intel Corporation Handling faults associated with operation of guest software in the virtual-machine architecture
WO2005036367A2 (en) 2003-10-08 2005-04-21 Unisys Corporation Virtual data center that allocates and manages system resources across multiple nodes
EP1870814B1 (en) 2006-06-19 2014-08-13 Texas Instruments France Method and apparatus for secure demand paging for processor devices
US7653819B2 (en) 2004-10-01 2010-01-26 Lenovo Singapore Pte Ltd. Scalable paging of platform configuration registers
US7886363B2 (en) 2006-05-24 2011-02-08 Noam Camiel System and method for virtual memory and securing memory in programming languages
EP1870813B1 (en) 2006-06-19 2013-01-30 Texas Instruments France Page processing circuits, devices, methods and systems for secure demand paging and other operations
US20080077767A1 (en) 2006-09-27 2008-03-27 Khosravi Hormuzd M Method and apparatus for secure page swapping in virtual memory systems
US8261265B2 (en) 2007-10-30 2012-09-04 Vmware, Inc. Transparent VMM-assisted user-mode execution control transfer
US8176280B2 (en) * 2008-02-25 2012-05-08 International Business Machines Corporation Use of test protection instruction in computing environments that support pageable guests
GB2460393B (en) 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8833437B2 (en) 2009-05-06 2014-09-16 Holtec International, Inc. Heat exchanger apparatus for converting a shell-side liquid into a vapor
US8904190B2 (en) 2010-10-20 2014-12-02 Advanced Micro Devices, Inc. Method and apparatus including architecture for protecting sensitive code and data
US20120185699A1 (en) 2011-01-14 2012-07-19 International Business Machines Corporation Space-efficient encryption with multi-block binding
WO2012164721A1 (ja) 2011-06-02 2012-12-06 三菱電機株式会社 鍵情報生成装置及び鍵情報生成方法
KR101323858B1 (ko) 2011-06-22 2013-11-21 한국과학기술원 가상화 시스템에서 메모리 접근을 제어하는 장치 및 방법
US8681813B2 (en) 2011-11-29 2014-03-25 Wyse Technology L.L.C. Bandwidth optimization for remote desktop protocol
EP4036721B1 (en) 2012-06-26 2025-03-26 Lynx Software Technologies Inc. Systems and methods involving features of hardware virtualization such as separation kernel hypervisors, hypervisors, hypervisor guest context, hypervisor context, rootkit detection prevention and further features
US8910238B2 (en) 2012-11-13 2014-12-09 Bitdefender IPR Management Ltd. Hypervisor-based enterprise endpoint protection
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
US8931108B2 (en) 2013-02-18 2015-01-06 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US9792448B2 (en) 2014-02-28 2017-10-17 Advanced Micro Devices, Inc. Cryptographic protection of information in a processing system
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9390267B2 (en) 2014-05-15 2016-07-12 Lynx Software Technologies, Inc. Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features
US9251090B1 (en) * 2014-06-03 2016-02-02 Amazon Technologies, Inc. Hypervisor assisted virtual memory obfuscation
US9454497B2 (en) 2014-08-15 2016-09-27 Intel Corporation Technologies for secure inter-virtual-machine shared memory communication
US9672354B2 (en) * 2014-08-18 2017-06-06 Bitdefender IPR Management Ltd. Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine
US9305661B2 (en) 2014-09-03 2016-04-05 Microsemi Storage Solutions (U.S.), Inc. Nonvolatile memory system that uses programming time to reduce bit errors
CN105512559B (zh) 2014-10-17 2019-09-17 阿里巴巴集团控股有限公司 一种用于提供访问页面的方法与设备
US9703720B2 (en) * 2014-12-23 2017-07-11 Intel Corporation Method and apparatus to allow secure guest access to extended page tables
US10599458B2 (en) 2015-01-23 2020-03-24 Unisys Corporation Fabric computing system having an embedded software defined network
US10157146B2 (en) * 2015-02-12 2018-12-18 Red Hat Israel, Ltd. Local access DMA with shared memory pool
US9870324B2 (en) * 2015-04-09 2018-01-16 Vmware, Inc. Isolating guest code and data using multiple nested page tables
US9875047B2 (en) * 2015-05-27 2018-01-23 Red Hat Israel, Ltd. Exit-less host memory locking in a virtualized environment
US9842065B2 (en) 2015-06-15 2017-12-12 Intel Corporation Virtualization-based platform protection technology
US9720721B2 (en) 2015-07-01 2017-08-01 International Business Machines Corporation Protected guests in a hypervisor controlled system
US9734088B2 (en) * 2015-08-12 2017-08-15 International Business Machines Corporation Memory management unit and method for accessing data
US9942035B2 (en) 2015-08-18 2018-04-10 Intel Corporation Platform migration of secure enclaves
US10742603B2 (en) 2015-08-26 2020-08-11 B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University System and method for monitoring and protecting an untrusted operating system by means of a trusted operating system
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
US20170277898A1 (en) * 2016-03-25 2017-09-28 Advanced Micro Devices, Inc. Key management for secure memory address spaces
US10116630B2 (en) * 2016-04-04 2018-10-30 Bitdefender IPR Management Ltd. Systems and methods for decrypting network traffic in a virtualized environment
WO2017211651A1 (en) 2016-06-08 2017-12-14 Thomson Licensing Devices and methods for core dump deduplication
US10671542B2 (en) * 2016-07-01 2020-06-02 Intel Corporation Application execution enclave memory method and apparatus
US10237245B2 (en) 2016-07-15 2019-03-19 International Business Machines Corporation Restricting guest instances in a shared environment
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US10176122B2 (en) * 2016-10-19 2019-01-08 Advanced Micro Devices, Inc. Direct memory access authorization in a processing system
US10169577B1 (en) * 2017-03-28 2019-01-01 Symantec Corporation Systems and methods for detecting modification attacks on shared physical memory
KR102257320B1 (ko) * 2017-03-29 2021-05-27 어드밴스드 마이크로 디바이시즈, 인코포레이티드 하이퍼바이저 및 가상 머신 간 메모리 페이지 이행의 모니터링
US20180341529A1 (en) 2017-05-26 2018-11-29 Microsoft Technology Licensing, Llc Hypervisor-based secure container
US10693844B2 (en) 2017-08-24 2020-06-23 Red Hat, Inc. Efficient migration for encrypted virtual machines by active page copying
US11206128B2 (en) 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US11403409B2 (en) 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SEONGWOOK JIN; ET AL,ARCHITECTURAL SUPPORT FOR SECURE VIRTUALIZATION UNDER A VULNERABLE HYPERVISOR,PROCEEDINGS OF THE 44TH ANNUAL IEEE/ACM INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE,米国,2011年,PAGE(S):272-283,http://dx.doi.org/10.1145/2155620.2155652

Also Published As

Publication number Publication date
ES3014595T3 (en) 2025-04-23
CN113544654A (zh) 2021-10-22
JP2022523522A (ja) 2022-04-25
US11347869B2 (en) 2022-05-31
SG11202105433TA (en) 2021-06-29
ZA202105809B (en) 2023-02-22
CN113544654B (zh) 2025-06-03
TW202101265A (zh) 2021-01-01
EP3935509A1 (en) 2022-01-12
EP3935509C0 (en) 2025-02-12
US20200285758A1 (en) 2020-09-10
EP3935509B1 (en) 2025-02-12
TWI748338B (zh) 2021-12-01
KR102774738B1 (ko) 2025-02-27
KR20210118877A (ko) 2021-10-01
WO2020182638A1 (en) 2020-09-17

Similar Documents

Publication Publication Date Title
JP7379512B2 (ja) セキュア・ドメインと非セキュア・エンティティとの間のストレージ共用
JP7410161B2 (ja) ページ変更検出によるセキュアなページング
JP7350868B2 (ja) 複数のセキュリティ・ドメインにわたるセキュア・メモリの共用
JP7379516B2 (ja) セキュア・インターフェース制御ストレージのためのホスト仮想アドレス空間使用方法、システム、プログラム
EP3935510B1 (en) Secure interface control secure storage hardware tagging
JP7373578B2 (ja) セキュア仮想マシン環境におけるストレージ保護ハードウェアのテスト方法、システム、プログラム
US11182192B2 (en) Controlling access to secure storage of a virtual machine
JP7531509B2 (ja) セキュア・ストレージのクエリおよび提供方法、システム、プログラム
JP7393846B2 (ja) セキュア・インターフェイス制御の高レベルのページ管理
JP7436495B2 (ja) セキュア・ストレージの分離
JP7398472B2 (ja) 割り込みイネーブルのためのセキュア・インターフェース制御ハイレベル命令インターセプト
JP7525234B2 (ja) セキュア・インターフェース・コントロールの通信インターフェース
HK40057638A (en) Secure interface control secure storage hardware tagging

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220512

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220803

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20220824

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20230816

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20230829

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20231016

RD12 Notification of acceptance of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7432

Effective date: 20231016

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20231108

RD14 Notification of resignation of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7434

Effective date: 20231110

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20231122

R150 Certificate of patent or registration of utility model

Ref document number: 7393846

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150