JP7438337B2 - コンピューティング環境における履歴パターン不一致の投機的アクセスの防止 - Google Patents

コンピューティング環境における履歴パターン不一致の投機的アクセスの防止 Download PDF

Info

Publication number
JP7438337B2
JP7438337B2 JP2022516314A JP2022516314A JP7438337B2 JP 7438337 B2 JP7438337 B2 JP 7438337B2 JP 2022516314 A JP2022516314 A JP 2022516314A JP 2022516314 A JP2022516314 A JP 2022516314A JP 7438337 B2 JP7438337 B2 JP 7438337B2
Authority
JP
Japan
Prior art keywords
selected event
computer
address
computing environment
historical pattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2022516314A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022548083A5 (enExample
JP2022548083A (ja
Inventor
オファレル、ウィリアム
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022548083A publication Critical patent/JP2022548083A/ja
Publication of JP2022548083A5 publication Critical patent/JP2022548083A5/ja
Application granted granted Critical
Publication of JP7438337B2 publication Critical patent/JP7438337B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0842Multiuser, multiprocessor or multiprocessing cache systems for multiprocessing or multitasking
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0844Multiple simultaneous or quasi-simultaneous cache accessing
    • G06F12/0855Overlapped cache accessing, e.g. pipeline
    • G06F12/0857Overlapped cache accessing, e.g. pipeline by multiple requestors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3004Arrangements for executing specific machine instructions to perform operations on memory
    • G06F9/30043LOAD or STORE instructions; Clear instruction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3836Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3836Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
    • G06F9/3842Speculative instruction execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/50Control mechanisms for virtual memory, cache or TLB
    • G06F2212/507Control mechanisms for virtual memory, cache or TLB using speculative control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Advance Control (AREA)
JP2022516314A 2019-09-17 2020-09-10 コンピューティング環境における履歴パターン不一致の投機的アクセスの防止 Active JP7438337B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/572,675 US11403394B2 (en) 2019-09-17 2019-09-17 Preventing selective events of a computing environment
US16/572,675 2019-09-17
PCT/EP2020/075363 WO2021052860A1 (en) 2019-09-17 2020-09-10 Preventing historical pattern inconsistent speculative accesses in a computing environment

Publications (3)

Publication Number Publication Date
JP2022548083A JP2022548083A (ja) 2022-11-16
JP2022548083A5 JP2022548083A5 (enExample) 2022-12-12
JP7438337B2 true JP7438337B2 (ja) 2024-02-26

Family

ID=72474307

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2022516314A Active JP7438337B2 (ja) 2019-09-17 2020-09-10 コンピューティング環境における履歴パターン不一致の投機的アクセスの防止

Country Status (5)

Country Link
US (1) US11403394B2 (enExample)
EP (1) EP4031998B1 (enExample)
JP (1) JP7438337B2 (enExample)
CN (1) CN114365099B (enExample)
WO (1) WO2021052860A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11635965B2 (en) 2018-10-31 2023-04-25 Intel Corporation Apparatuses and methods for speculative execution side channel mitigation
US11443044B2 (en) * 2019-09-23 2022-09-13 International Business Machines Corporation Targeted very long delay for increasing speculative execution progression
US11029957B1 (en) * 2020-03-27 2021-06-08 Intel Corporation Apparatuses, methods, and systems for instructions to compartmentalize code
US12130908B2 (en) * 2020-05-01 2024-10-29 Forcepoint Llc Progressive trigger data and detection model
US12008370B2 (en) * 2021-05-06 2024-06-11 Purdue Research Foundation Method for preventing security attacks during speculative execution
US12417099B2 (en) 2022-04-02 2025-09-16 Intel Corporation Circuitry and methods for informing indirect prefetches using capabilities
US20230315640A1 (en) * 2022-04-02 2023-10-05 Intel Corporation Circuitry and methods for implementing capability-directed prefetching

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019025423A1 (en) 2017-08-04 2019-02-07 Bitdefender Ipr Management Ltd SECURE STORAGE DEVICE

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5859992A (en) * 1997-03-12 1999-01-12 Advanced Micro Devices, Inc. Instruction alignment using a dispatch list and a latch list
US6314493B1 (en) * 1998-02-03 2001-11-06 International Business Machines Corporation Branch history cache
US6397296B1 (en) * 1999-02-19 2002-05-28 Hitachi Ltd. Two-level instruction cache for embedded processors
US20020091991A1 (en) * 2000-05-11 2002-07-11 Castro Juan Carlos Unified real-time microprocessor computer
US20040123081A1 (en) * 2002-12-20 2004-06-24 Allan Knies Mechanism to increase performance of control speculation
EP1471421A1 (en) * 2003-04-24 2004-10-27 STMicroelectronics Limited Speculative load instruction control
US20050154859A1 (en) * 2004-01-14 2005-07-14 Arm Limited Branch prediction in a data processing apparatus
US7721054B2 (en) 2005-01-18 2010-05-18 Texas Instruments Incorporated Speculative data loading using circular addressing or simulated circular addressing
EP2115583A2 (en) * 2007-01-30 2009-11-11 Nema Labs Ab Speculative throughput computing
US8117403B2 (en) * 2007-05-14 2012-02-14 International Business Machines Corporation Transactional memory system which employs thread assists using address history tables
US8131974B2 (en) * 2008-04-18 2012-03-06 International Business Machines Corporation Access speculation predictor implemented via idle command processing resources
US9336046B2 (en) * 2012-06-15 2016-05-10 International Business Machines Corporation Transaction abort processing
US9239735B2 (en) 2013-07-17 2016-01-19 Texas Instruments Incorporated Compiler-control method for load speculation in a statically scheduled microprocessor
JP6273733B2 (ja) * 2013-09-20 2018-02-07 富士通株式会社 演算処理装置、情報処理装置、情報処理装置の制御方法および情報処理装置の制御プログラム
US9430273B2 (en) * 2014-02-27 2016-08-30 International Business Machines Corporation Suppressing aborting a transaction beyond a threshold execution duration based on the predicted duration
DE112015001256T5 (de) * 2014-03-14 2016-12-29 Fisher-Rosemount Systems, Inc. Verteilte Big Data in einem Prozesssteuerungssystem
US9639368B2 (en) * 2014-06-13 2017-05-02 International Business Machines Corporation Branch prediction based on correlating events
US9501284B2 (en) * 2014-09-30 2016-11-22 Apple Inc. Mechanism for allowing speculative execution of loads beyond a wait for event instruction
US10140122B2 (en) * 2015-09-23 2018-11-27 Hanan Potash Computer processor with operand/variable-mapped namespace
US9852084B1 (en) * 2016-02-05 2017-12-26 Apple Inc. Access permissions modification
US10642744B2 (en) * 2017-06-28 2020-05-05 Nvidia Corporation Memory type which is cacheable yet inaccessible by speculative instructions
US10963567B2 (en) * 2017-10-12 2021-03-30 Microsoft Technology Licensing, Llc Speculative side-channel attack mitigations
GB2570110B (en) 2018-01-10 2020-04-15 Advanced Risc Mach Ltd Speculative cache storage region
DK3738058T3 (da) * 2018-01-12 2023-02-20 Virsec Systems Inc Forsvar mod spekulativ eksekveringsudnyttelse
US20200159624A1 (en) * 2018-04-25 2020-05-21 Cloud Daddy, Inc. System, Method and Process for Protecting Data Backup from Cyberattack
US11899786B2 (en) * 2019-04-15 2024-02-13 Crowdstrike, Inc. Detecting security-violation-associated event data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019025423A1 (en) 2017-08-04 2019-02-07 Bitdefender Ipr Management Ltd SECURE STORAGE DEVICE

Also Published As

Publication number Publication date
US20210081530A1 (en) 2021-03-18
WO2021052860A1 (en) 2021-03-25
CN114365099A (zh) 2022-04-15
JP2022548083A (ja) 2022-11-16
EP4031998A1 (en) 2022-07-27
US11403394B2 (en) 2022-08-02
EP4031998B1 (en) 2025-12-17
CN114365099B (zh) 2023-03-10

Similar Documents

Publication Publication Date Title
JP7438337B2 (ja) コンピューティング環境における履歴パターン不一致の投機的アクセスの防止
US11194913B2 (en) Unsecure to secure transition of mutable core root of trust
EP3935545B1 (en) Incremental decryption and integrity verification of a secure operating system image
US20180239903A1 (en) Determining and managing application vulnerabilities
AU2020426828B2 (en) Reserving one or more security modules for secure guest
JP2019506666A (ja) ハードウェア管理スタック・アーキテクチャにおける呼び出し元により保護されるスタック・リターンアドレス
WO2023012201A1 (en) Attestation of a secure guest
EP3959634B1 (en) Secure initial program load
EP4381400A1 (en) Confidential data provided to a secure guest via metadata
US12411719B2 (en) Deferred reclaiming of secure guest resources
US20190163894A1 (en) Passwords defined using sequences of images
US11520866B2 (en) Controlling processor instruction execution
US11822922B2 (en) Miss-driven instruction prefetching
JP2024533985A (ja) 仮想マシン実行中のアクセス不可能なプレフィックス・ページ
HK40057636A (en) Incremental decryption and integrity verification of a secure operating system image
HK40057636B (zh) 安全操作系统影像的增量解密和完整性验证

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220518

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20221202

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20230224

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20231005

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20231017

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240116

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240130

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240213

R150 Certificate of patent or registration of utility model

Ref document number: 7438337

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150