KR102738488B1 - 여러 보안 도메인들에 걸친 보안 메모리의 공유 - Google Patents

여러 보안 도메인들에 걸친 보안 메모리의 공유 Download PDF

Info

Publication number
KR102738488B1
KR102738488B1 KR1020217027020A KR20217027020A KR102738488B1 KR 102738488 B1 KR102738488 B1 KR 102738488B1 KR 1020217027020 A KR1020217027020 A KR 1020217027020A KR 20217027020 A KR20217027020 A KR 20217027020A KR 102738488 B1 KR102738488 B1 KR 102738488B1
Authority
KR
South Korea
Prior art keywords
secure
security
page
address
interface control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020217027020A
Other languages
English (en)
Korean (ko)
Other versions
KR20210118153A (ko
Inventor
파디 부사바
리사 크랜튼 헬러
조나단 브래드버리
Original Assignee
인터내셔널 비지네스 머신즈 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 인터내셔널 비지네스 머신즈 코포레이션 filed Critical 인터내셔널 비지네스 머신즈 코포레이션
Publication of KR20210118153A publication Critical patent/KR20210118153A/ko
Application granted granted Critical
Publication of KR102738488B1 publication Critical patent/KR102738488B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1027Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
    • G06F12/1036Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] for multiple virtual address spaces, e.g. segmentation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1072Decentralised address translation, e.g. in distributed shared memory systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/109Address translation for multiple virtual address spaces, e.g. segmentation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Memory System (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
KR1020217027020A 2019-03-08 2020-03-02 여러 보안 도메인들에 걸친 보안 메모리의 공유 Active KR102738488B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,306 2019-03-08
US16/296,306 US11640361B2 (en) 2019-03-08 2019-03-08 Sharing secure memory across multiple security domains
PCT/EP2020/055469 WO2020182528A1 (en) 2019-03-08 2020-03-02 Sharing secure memory across multiple security domains

Publications (2)

Publication Number Publication Date
KR20210118153A KR20210118153A (ko) 2021-09-29
KR102738488B1 true KR102738488B1 (ko) 2024-12-05

Family

ID=69743236

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020217027020A Active KR102738488B1 (ko) 2019-03-08 2020-03-02 여러 보안 도메인들에 걸친 보안 메모리의 공유

Country Status (9)

Country Link
US (1) US11640361B2 (https=)
EP (1) EP3935496B1 (https=)
JP (1) JP7350868B2 (https=)
KR (1) KR102738488B1 (https=)
CN (1) CN113544644B (https=)
MX (1) MX2021010590A (https=)
SG (1) SG11202105431VA (https=)
TW (1) TWI751492B (https=)
WO (1) WO2020182528A1 (https=)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5817369B2 (ja) 2011-09-13 2015-11-18 ソニー株式会社 スペクトル解析装置及び微小粒子測定装置、並びにスペクトル解析あるいはスペクトルチャート表示のための方法及びプログラム
US11308215B2 (en) * 2019-03-08 2022-04-19 International Business Machines Corporation Secure interface control high-level instruction interception for interruption enablement
US11347529B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
CN112256394B (zh) * 2020-10-23 2022-11-18 海光信息技术股份有限公司 一种进程安全方法、装置、cpu、芯片及计算机设备
CN114328295A (zh) * 2021-11-23 2022-04-12 平头哥(上海)半导体技术有限公司 存储管理装置、处理器、相关装置和相关方法
US12259963B2 (en) * 2022-02-22 2025-03-25 Mellanox Technologies, Ltd Confidential computing with device memory isolation
CN114880074B (zh) * 2022-05-11 2024-11-22 海光信息技术股份有限公司 一种虚拟机的内存管理方法、装置及电子设备
US12353903B2 (en) * 2022-06-10 2025-07-08 Microsoft Technology Licensing, Llc Software isolation of virtual machine resources
CN116933271B (zh) * 2023-08-02 2024-12-13 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120117301A1 (en) * 2010-11-04 2012-05-10 Sonics, Inc. Methods and apparatus for virtualization in an integrated circuit
US20150378930A1 (en) * 2014-06-27 2015-12-31 Ravi L. Sahita Validating virtual address translation
US20170357592A1 (en) * 2016-06-09 2017-12-14 Vmware, Inc. Enhanced-security page sharing in a virtualized computer system
US20190042463A1 (en) * 2018-09-28 2019-02-07 Vedvyas Shanbhogue Apparatus and method for secure memory access using trust domains

Family Cites Families (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4787031A (en) 1985-01-04 1988-11-22 Digital Equipment Corporation Computer with virtual machine mode and multiple protection rings
JP3657665B2 (ja) 1995-02-14 2005-06-08 富士通株式会社 共用メモリに結合される複数の計算機システム及び共用メモリに結合される複数の計算機システムの制御方法
US6314501B1 (en) 1998-07-23 2001-11-06 Unisys Corporation Computer system and method for operating multiple operating systems in different partitions of the computer system and for allowing the different partitions to communicate with one another through shared memory
JP4220476B2 (ja) 2002-11-18 2009-02-04 エイアールエム リミテッド 安全ドメインおよび非安全ドメインを有するシステム内での仮想−物理メモリアドレスマッピング
WO2005036367A2 (en) 2003-10-08 2005-04-21 Unisys Corporation Virtual data center that allocates and manages system resources across multiple nodes
US20050102670A1 (en) 2003-10-21 2005-05-12 Bretl Robert F. Shared object memory with object management for multiple virtual machines
US10768958B2 (en) 2004-11-17 2020-09-08 Vmware, Inc. Using virtual local area networks in a virtual computer system
US7886126B2 (en) * 2005-01-14 2011-02-08 Intel Corporation Extended paging tables to map guest physical memory addresses from virtual memory page tables to host physical memory addresses in a virtual machine system
US7814307B2 (en) 2006-03-16 2010-10-12 Microsoft Corporation Fast booting a computing device to a specialized experience
US7610481B2 (en) 2006-04-19 2009-10-27 Intel Corporation Method and apparatus to support independent systems in partitions of a processing system
JP4952308B2 (ja) 2007-03-09 2012-06-13 日本電気株式会社 メモリ共有システム、方法、及び、プログラム
US8261265B2 (en) 2007-10-30 2012-09-04 Vmware, Inc. Transparent VMM-assisted user-mode execution control transfer
US8527715B2 (en) 2008-02-26 2013-09-03 International Business Machines Corporation Providing a shared memory translation facility
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8041877B2 (en) 2008-06-09 2011-10-18 International Business Machines Corporation Distributed computing utilizing virtual memory having a shared paging space
US8006043B2 (en) 2008-10-06 2011-08-23 Vmware, Inc. System and method for maintaining memory page sharing in a virtual environment
US20100161879A1 (en) 2008-12-18 2010-06-24 Lsi Corporation Efficient and Secure Main Memory Sharing Across Multiple Processors
US8738932B2 (en) 2009-01-16 2014-05-27 Teleputers, Llc System and method for processor-based security
US8984478B2 (en) 2011-10-03 2015-03-17 Cisco Technology, Inc. Reorganization of virtualized computer programs
AU2013297064B2 (en) 2012-08-03 2016-06-16 North Carolina State University Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices
US9311011B2 (en) * 2013-08-07 2016-04-12 Qualcomm Incorporated Dynamic address negotiation for shared memory regions in heterogenous multiprocessor systems
US9430642B2 (en) * 2013-09-17 2016-08-30 Microsoft Technology Licensing, Llc Providing virtual secure mode with different virtual trust levels each having separate memory access protections, interrupt subsystems and private processor states
US10198572B2 (en) 2013-09-17 2019-02-05 Microsoft Technology Licensing, Llc Virtual machine manager facilitated selective code integrity enforcement
US9117081B2 (en) 2013-12-20 2015-08-25 Bitdefender IPR Management Ltd. Strongly isolated malware scanning using secure virtual containers
US10599565B2 (en) * 2013-12-24 2020-03-24 Hewlett-Packard Development Company, L.P. Hypervisor managing memory addressed above four gigabytes
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9652631B2 (en) 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
KR20150128328A (ko) 2014-05-09 2015-11-18 한국전자통신연구원 증거 수집 도구 제공 방법, 도메인 분리 기반 모바일 기기에서 증거 자료 확보 장치 및 방법
WO2016006806A1 (ko) 2014-07-08 2016-01-14 김진숙 임산부용 팬티
US9454497B2 (en) 2014-08-15 2016-09-27 Intel Corporation Technologies for secure inter-virtual-machine shared memory communication
US10599458B2 (en) 2015-01-23 2020-03-24 Unisys Corporation Fabric computing system having an embedded software defined network
US10503405B2 (en) 2015-02-10 2019-12-10 Red Hat Israel, Ltd. Zero copy memory reclaim using copy-on-write
US9870324B2 (en) 2015-04-09 2018-01-16 Vmware, Inc. Isolating guest code and data using multiple nested page tables
US10454845B2 (en) * 2015-04-22 2019-10-22 ColorTokens, Inc. Object memory management unit
KR102327782B1 (ko) * 2015-05-29 2021-11-18 한국과학기술원 전자 장치 및 커널 데이터 접근 방법
GB2539435B8 (en) 2015-06-16 2018-02-21 Advanced Risc Mach Ltd Data processing memory access control, in which an owning process for a region of memory is specified independently of privilege level
US20170063544A1 (en) 2015-08-26 2017-03-02 Rubicon Labs, Inc. System and method for sharing data securely
US9792143B1 (en) 2015-10-23 2017-10-17 Amazon Technologies, Inc. Platform secure execution modes
US10169244B2 (en) * 2016-07-29 2019-01-01 Advanced Micro Devices, Inc. Controlling access to pages in a memory in a computing device
US10585805B2 (en) 2016-07-29 2020-03-10 Advanced Micro Devices, Inc. Controlling access to pages in a memory in a computing device
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US10713177B2 (en) 2016-09-09 2020-07-14 Intel Corporation Defining virtualized page attributes based on guest page attributes
KR102511451B1 (ko) 2016-11-09 2023-03-17 삼성전자주식회사 리치 실행 환경에서 보안 어플리케이션을 안전하게 실행하는 컴퓨팅 시스템
US10169088B2 (en) 2016-11-29 2019-01-01 Red Hat Israel, Ltd. Lockless free memory ballooning for virtual machines
US10447717B2 (en) 2017-01-28 2019-10-15 Qualcomm Incorporated Network attack detection using multi-path verification
CN120448113A (zh) 2018-11-08 2025-08-08 英特尔公司 功能即服务(faas)系统增强
US11461244B2 (en) 2018-12-20 2022-10-04 Intel Corporation Co-existence of trust domain architecture with multi-key total memory encryption technology in servers
US11487906B2 (en) 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
US11531627B2 (en) 2019-03-08 2022-12-20 International Business Machines Corporation Secure storage isolation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120117301A1 (en) * 2010-11-04 2012-05-10 Sonics, Inc. Methods and apparatus for virtualization in an integrated circuit
US20150378930A1 (en) * 2014-06-27 2015-12-31 Ravi L. Sahita Validating virtual address translation
US20170357592A1 (en) * 2016-06-09 2017-12-14 Vmware, Inc. Enhanced-security page sharing in a virtualized computer system
US20190042463A1 (en) * 2018-09-28 2019-02-07 Vedvyas Shanbhogue Apparatus and method for secure memory access using trust domains

Also Published As

Publication number Publication date
MX2021010590A (es) 2021-10-13
EP3935496B1 (en) 2024-02-14
JP7350868B2 (ja) 2023-09-26
US11640361B2 (en) 2023-05-02
WO2020182528A1 (en) 2020-09-17
TW202038105A (zh) 2020-10-16
US20200285594A1 (en) 2020-09-10
JP2022522702A (ja) 2022-04-20
CN113544644B (zh) 2025-06-03
TWI751492B (zh) 2022-01-01
KR20210118153A (ko) 2021-09-29
CN113544644A (zh) 2021-10-22
EP3935496C0 (en) 2024-02-14
SG11202105431VA (en) 2021-06-29
EP3935496A1 (en) 2022-01-12

Similar Documents

Publication Publication Date Title
KR102738488B1 (ko) 여러 보안 도메인들에 걸친 보안 메모리의 공유
CN113544686B (zh) 安全域和不安全实体之间的存储共享
KR102551936B1 (ko) 보안 인터페이스 컨트롤 스토리지를 위한 호스트 가상 주소 공간
KR102789374B1 (ko) 보안 인터페이스 컨트롤 보안 스토리지 하드웨어 태깅
JP7410161B2 (ja) ページ変更検出によるセキュアなページング
JP7531509B2 (ja) セキュア・ストレージのクエリおよび提供方法、システム、プログラム
KR102774738B1 (ko) 보안 인터페이스 컨트롤 고-레벨 페이지 관리
CN113544646B (zh) 安全存储隔离
CN113544664B (zh) 用于中断使能的安全接口控件高级指令拦截
CN113544685B (zh) 安全接口控件的通信接口
HK40057638A (en) Secure interface control secure storage hardware tagging
HK40057847A (en) Secure storage isolation
HK40057848B (zh) 安全接口控件的通信接口

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20210824

Patent event code: PA01051R01D

Comment text: International Patent Application

A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20210830

Comment text: Request for Examination of Application

PG1501 Laying open of application
E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20230923

Patent event code: PE09021S01D

E90F Notification of reason for final refusal
PE0902 Notice of grounds for rejection

Comment text: Final Notice of Reason for Refusal

Patent event date: 20240311

Patent event code: PE09021S02D

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20241127

PG1601 Publication of registration