TWI263132B - Method and apparatus for restricted execution of security sensitive instructions - Google Patents

Method and apparatus for restricted execution of security sensitive instructions

Info

Publication number
TWI263132B
TWI263132B TW091134582A TW91134582A TWI263132B TW I263132 B TWI263132 B TW I263132B TW 091134582 A TW091134582 A TW 091134582A TW 91134582 A TW91134582 A TW 91134582A TW I263132 B TWI263132 B TW I263132B
Authority
TW
Taiwan
Prior art keywords
security
instructions
security sensitive
processor
restricted execution
Prior art date
Application number
TW091134582A
Other languages
English (en)
Other versions
TW200300880A (en
Inventor
Brian C Barnes
Rodney W Schmidt
Geoffrey S Strongin
Original Assignee
Advanced Micro Devices Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Micro Devices Inc filed Critical Advanced Micro Devices Inc
Publication of TW200300880A publication Critical patent/TW200300880A/zh
Application granted granted Critical
Publication of TWI263132B publication Critical patent/TWI263132B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30145Instruction analysis, e.g. decoding, instruction word fields
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30181Instruction operation extension or modification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Executing Machine-Instructions (AREA)
TW091134582A 2001-12-03 2002-11-28 Method and apparatus for restricted execution of security sensitive instructions TWI263132B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/005,248 US7865948B1 (en) 2001-12-03 2001-12-03 Method and apparatus for restricted execution of security sensitive instructions

Publications (2)

Publication Number Publication Date
TW200300880A TW200300880A (en) 2003-06-16
TWI263132B true TWI263132B (en) 2006-10-01

Family

ID=21714930

Family Applications (1)

Application Number Title Priority Date Filing Date
TW091134582A TWI263132B (en) 2001-12-03 2002-11-28 Method and apparatus for restricted execution of security sensitive instructions

Country Status (8)

Country Link
US (1) US7865948B1 (zh)
EP (1) EP1451665A2 (zh)
JP (1) JP3830942B2 (zh)
KR (1) KR100939328B1 (zh)
CN (1) CN1307502C (zh)
AU (1) AU2002333566A1 (zh)
TW (1) TWI263132B (zh)
WO (1) WO2003048908A2 (zh)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1698958A1 (fr) * 2005-02-25 2006-09-06 Axalto SA Procédé de sécurisation de l'ecriture en mémoire contre des attaques par rayonnement ou autres
US8352713B2 (en) * 2006-08-09 2013-01-08 Qualcomm Incorporated Debug circuit comparing processor instruction set operating mode
US8245307B1 (en) 2006-12-18 2012-08-14 Nvidia Corporation Providing secure access to a secret
US9851969B2 (en) 2010-06-24 2017-12-26 International Business Machines Corporation Function virtualization facility for function query of a processor
US10521231B2 (en) 2010-06-24 2019-12-31 International Business Machines Corporation Function virtualization facility for blocking instruction function of a multi-function instruction of a virtual processor
EP2856377B1 (en) * 2012-06-01 2017-09-27 Intel Corporation Identification and execution of subsets of a plurality of instructions in a more secure execution environment
CN104601353B (zh) * 2013-10-31 2018-07-06 北京神州泰岳软件股份有限公司 一种网络安全生产设备的运维操作方法和系统
CN111382429B (zh) * 2018-12-27 2022-12-27 华为技术有限公司 指令的执行方法、装置及存储介质

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US494238A (en) * 1893-03-28 Windmill
US5027273A (en) 1985-04-10 1991-06-25 Microsoft Corporation Method and operating system for executing programs in a multi-mode microprocessor
JPH0743672B2 (ja) * 1987-02-18 1995-05-15 株式会社東芝 メモリ保護違反検出装置
US4962538A (en) * 1989-02-13 1990-10-09 Comar, Inc. Image analysis counting system
US4962533A (en) 1989-02-17 1990-10-09 Texas Instrument Incorporated Data protection for computer systems
US5469556A (en) * 1989-12-12 1995-11-21 Harris Corporation Resource access security system for controlling access to resources of a data processing system
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5802590A (en) * 1994-12-13 1998-09-01 Microsoft Corporation Method and system for providing secure access to computer resources
JPH08272625A (ja) * 1995-03-29 1996-10-18 Toshiba Corp マルチプログラム実行制御装置及び方法
JP2001510597A (ja) * 1995-11-20 2001-07-31 フィリップス エレクトロニクス ネムローゼ フェンノートシャップ コンピュータプログラム頒布システム
US5835594A (en) 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
JP2000181898A (ja) 1998-12-14 2000-06-30 Nec Corp フラッシュメモリ搭載型シングルチップマイクロコンピュータ
FI991134A (fi) * 1999-05-18 2000-11-19 Sonera Oyj Ohjelmiston testaus
US7178031B1 (en) * 1999-11-08 2007-02-13 International Business Machines Corporation Wireless security access management for a portable data storage cartridge
FR2802666B1 (fr) * 1999-12-17 2002-04-05 Activcard Systeme informatique pour application a acces par accreditation
US7281103B2 (en) 2003-10-01 2007-10-09 Kabushiki Kaisha Toshiba Microcomputer with a security function for accessing a program storage memory

Also Published As

Publication number Publication date
KR20050027084A (ko) 2005-03-17
CN1307502C (zh) 2007-03-28
EP1451665A2 (en) 2004-09-01
AU2002333566A1 (en) 2003-06-17
TW200300880A (en) 2003-06-16
US7865948B1 (en) 2011-01-04
AU2002333566A8 (en) 2003-06-17
CN1613039A (zh) 2005-05-04
KR100939328B1 (ko) 2010-01-28
WO2003048908A2 (en) 2003-06-12
WO2003048908A3 (en) 2004-04-22
JP2005512182A (ja) 2005-04-28
JP3830942B2 (ja) 2006-10-11

Similar Documents

Publication Publication Date Title
ATE404932T1 (de) Sicheres management von lizenzen
BR0209632A (pt) Método e sistema para instalação condicional e execução de serviços em um ambiente computacional seguro
DE69609980D1 (de) Verfahren und system zur erkennung von polymorphen viren
DE60134986D1 (de) Sicherheitsverfahren das auf der prüfung basiert ist
EP1278114A3 (en) Code execution apparatus and code distribution method
ATE383690T1 (de) Anordnung und verfahren zur ausführung von code
ATE550728T1 (de) Zuverlässige computer platform
ATE266226T1 (de) Datenverarbeitungssystem mit bedingter ausführung von erweiterten verbundbefehlen
NO20023964L (no) Styring av et dataprograms tilgang til en ressurs ved bruk av en digital signatur
BR9914551A (pt) Processo e sistema para macro-linguagem extensìvel
IL171906A (en) Instructions to assist the processing of a cipher message
WO2004068339A3 (en) Multithreaded processor with recoupled data and instruction prefetch
DE69906102D1 (de) Genaues verfahren zum inlinen von virtuellen anrufen
TWI263132B (en) Method and apparatus for restricted execution of security sensitive instructions
WO2006055342A3 (en) Energy efficient inter-processor management method and system
ATE326721T1 (de) Verfahren und vorrichtung zur kontexterhaltung unter ausführung von übersetzten befehlen
SE0102564D0 (sv) Arrangement and method in computor system
EP1435557A3 (en) Restricted access of applications to hardware resources
MY145729A (en) Computing system capable of reducing power consumption by distributing execution of instruction across multiple processors and method therefore
SE9901145D0 (sv) A processing system and method
WO2003007632A3 (en) Software modem with privileged mode driver authentication
WO2003032158A3 (en) System and method for specifying access to resources in a mobile code system
ATE268919T1 (de) Prozessorssystem
GB0109722D0 (en) Extendible instruction system
TW200506634A (en) Physical presence determination in a trusted platform

Legal Events

Date Code Title Description
MK4A Expiration of patent term of an invention patent