TWI349230B - A computer system and a method for implementating a trusted execution environment - Google Patents

A computer system and a method for implementating a trusted execution environment

Info

Publication number
TWI349230B
TWI349230B TW093125088A TW93125088A TWI349230B TW I349230 B TWI349230 B TW I349230B TW 093125088 A TW093125088 A TW 093125088A TW 93125088 A TW93125088 A TW 93125088A TW I349230 B TWI349230 B TW I349230B
Authority
TW
Taiwan
Prior art keywords
implementating
computer system
execution environment
trusted execution
trusted
Prior art date
Application number
TW093125088A
Other languages
English (en)
Other versions
TW200527293A (en
Inventor
Dale E Gulick
Geoffrey S Strongin
William A Hughes
Original Assignee
Advanced Micro Devices Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Micro Devices Inc filed Critical Advanced Micro Devices Inc
Publication of TW200527293A publication Critical patent/TW200527293A/zh
Application granted granted Critical
Publication of TWI349230B publication Critical patent/TWI349230B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
TW093125088A 2003-09-04 2004-08-20 A computer system and a method for implementating a trusted execution environment TWI349230B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/654,734 US7210009B2 (en) 2003-09-04 2003-09-04 Computer system employing a trusted execution environment including a memory controller configured to clear memory

Publications (2)

Publication Number Publication Date
TW200527293A TW200527293A (en) 2005-08-16
TWI349230B true TWI349230B (en) 2011-09-21

Family

ID=34225999

Family Applications (1)

Application Number Title Priority Date Filing Date
TW093125088A TWI349230B (en) 2003-09-04 2004-08-20 A computer system and a method for implementating a trusted execution environment

Country Status (8)

Country Link
US (1) US7210009B2 (zh)
JP (1) JP4695082B2 (zh)
KR (1) KR101093124B1 (zh)
CN (1) CN100416501C (zh)
DE (1) DE112004001605B4 (zh)
GB (1) GB2422228B (zh)
TW (1) TWI349230B (zh)
WO (1) WO2005026954A1 (zh)

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7765381B2 (en) * 2003-04-04 2010-07-27 Oracle America, Inc. Multi-node system in which home memory subsystem stores global to local address translation information for replicating nodes
US7228400B2 (en) * 2003-12-31 2007-06-05 Intel Corporation Control of multiply mapped memory locations
US7380069B2 (en) * 2004-11-19 2008-05-27 Marvell International Technology Ltd. Method and apparatus for DMA-generated memory write-back
JP2006203564A (ja) * 2005-01-20 2006-08-03 Nara Institute Of Science & Technology マイクロプロセッサ、ノード端末、コンピュータシステム及びプログラム実行証明方法
US20070192826A1 (en) * 2006-02-14 2007-08-16 Microsoft Corporation I/O-based enforcement of multi-level computer operating modes
US8060744B2 (en) * 2006-03-23 2011-11-15 Harris Corporation Computer architecture for an electronic device providing single-level secure access to multi-level secure file system
US8041947B2 (en) * 2006-03-23 2011-10-18 Harris Corporation Computer architecture for an electronic device providing SLS access to MLS file system with trusted loading and protection of program execution memory
US8127145B2 (en) * 2006-03-23 2012-02-28 Harris Corporation Computer architecture for an electronic device providing a secure file system
US7979714B2 (en) * 2006-06-02 2011-07-12 Harris Corporation Authentication and access control device
US7877558B2 (en) * 2007-08-13 2011-01-25 Advanced Micro Devices, Inc. Memory controller prioritization scheme
US7757039B2 (en) * 2007-09-18 2010-07-13 Nikos Kaburlasos DRAM selective self refresh
US7937449B1 (en) * 2007-10-08 2011-05-03 Empirix, Inc. System and method for enabling network stack processes in user mode and kernel mode to access kernel memory locations
US20090144332A1 (en) * 2007-11-29 2009-06-04 Wallace Paul Montgomery Sideband access based method and apparatus for determining software integrity
US8250354B2 (en) * 2007-11-29 2012-08-21 GlobalFoundries, Inc. Method and apparatus for making a processor sideband interface adhere to secure mode restrictions
CN101493877B (zh) * 2008-01-22 2012-12-19 联想(北京)有限公司 数据处理方法及系统
US9274573B2 (en) * 2008-02-07 2016-03-01 Analog Devices, Inc. Method and apparatus for hardware reset protection
US8117642B2 (en) * 2008-03-21 2012-02-14 Freescale Semiconductor, Inc. Computing device with entry authentication into trusted execution environment and method therefor
JP5286943B2 (ja) * 2008-05-30 2013-09-11 富士通株式会社 メモリクリア機構
US7831816B2 (en) * 2008-05-30 2010-11-09 Globalfoundries Inc. Non-destructive sideband reading of processor state information
FR2934697B1 (fr) * 2008-07-29 2010-09-10 Thales Sa Procede et systeme permettant de securiser un logiciel
US20100138597A1 (en) * 2008-11-28 2010-06-03 Kabushiki Kaisha Toshiba Information Processing System, System Controller, and Memory Control Method
US8880854B2 (en) * 2009-02-11 2014-11-04 Via Technologies, Inc. Out-of-order execution microprocessor that speculatively executes dependent memory access instructions by predicting no value change by older instructions that load a segment register
EP2270708A1 (en) * 2009-06-29 2011-01-05 Thomson Licensing Data security in solid state memory
CN102656588B (zh) * 2009-08-14 2015-07-15 本质Id有限责任公司 具有防篡改和抗老化系统的物理不可克隆函数
US20120036308A1 (en) * 2010-08-06 2012-02-09 Swanson Robert C Supporting a secure readable memory region for pre-boot and secure mode operations
US8458486B2 (en) * 2010-10-13 2013-06-04 International Business Machines Corporation Problem-based account generation
WO2013078085A1 (en) * 2011-11-22 2013-05-30 Mips Technologies, Inc. Processor with kernel mode access to user space virtual addresses
TWI464746B (zh) * 2012-03-30 2014-12-11 Wistron Corp 記憶體之清除電路
CN103368928B (zh) * 2012-04-11 2018-04-27 富泰华工业(深圳)有限公司 帐号密码重置系统及方法
US8775757B2 (en) 2012-09-25 2014-07-08 Apple Inc. Trust zone support in system on a chip having security enclave processor
US8873747B2 (en) 2012-09-25 2014-10-28 Apple Inc. Key management using security enclave processor
US9047471B2 (en) 2012-09-25 2015-06-02 Apple Inc. Security enclave processor boot control
US8832465B2 (en) 2012-09-25 2014-09-09 Apple Inc. Security enclave processor for a system on a chip
US9043632B2 (en) 2012-09-25 2015-05-26 Apple Inc. Security enclave processor power control
US20150089245A1 (en) * 2013-09-26 2015-03-26 Asher M. Altman Data storage in persistent memory
US9594927B2 (en) * 2014-09-10 2017-03-14 Intel Corporation Providing a trusted execution environment using a processor
US9547778B1 (en) 2014-09-26 2017-01-17 Apple Inc. Secure public key acceleration
US10127406B2 (en) * 2015-03-23 2018-11-13 Intel Corporation Digital rights management playback glitch avoidance
CN105630351A (zh) * 2015-12-23 2016-06-01 深圳市嘉兰图设计股份有限公司 具有一键清理后台程序功能的按键系统
US10884952B2 (en) * 2016-09-30 2021-01-05 Intel Corporation Enforcing memory operand types using protection keys
US10353858B2 (en) * 2017-12-18 2019-07-16 GM Global Technology Operations LLC System and method for managing system memory integrity in suspended electronic control units
US11681965B2 (en) * 2019-10-25 2023-06-20 Georgetown University Specialized computing environment for co-analysis of proprietary data

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US200402A (en) * 1878-02-19 Improvement in toy money-boxes
US200405A (en) * 1878-02-19 Improvement in feed-water regulators
JPS62169218A (ja) * 1986-01-17 1987-07-25 インタ−ナショナル ビジネス マシ−ンズ コ−ポレ−ション 情報処理システムのアプリケ−シヨン中断再開装置
AU640181B2 (en) * 1989-12-26 1993-08-19 Digital Equipment Corporation Method for securing terminal and terminal apparatus for use with the method
JPH07219885A (ja) * 1994-02-04 1995-08-18 Canon Inc 情報処理システム及び電子機器及び制御方法
JP3393521B2 (ja) * 1995-10-19 2003-04-07 日本電信電話株式会社 端末プログラム改ざん検出方法、および情報センタ
JPH09128232A (ja) * 1995-11-01 1997-05-16 Fujitsu Ltd プログラム正常性確認装置
JP3715711B2 (ja) * 1996-04-19 2005-11-16 キヤノン株式会社 画像処理装置及びその画像処理方法
US5987604A (en) * 1997-10-07 1999-11-16 Phoenix Technologies, Ltd. Method and apparatus for providing execution of system management mode services in virtual mode
US6330670B1 (en) * 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6243831B1 (en) * 1998-10-31 2001-06-05 Compaq Computer Corporation Computer system with power loss protection mechanism
US6175454B1 (en) * 1999-01-13 2001-01-16 Behere Corporation Panoramic imaging arrangement
US6367022B1 (en) 1999-07-14 2002-04-02 Visteon Global Technologies, Inc. Power management fault strategy for automotive multimedia system
JP2001202289A (ja) * 2000-01-18 2001-07-27 Casio Comput Co Ltd セキュリティ管理方法およびそのプログラム記録媒体
US6938164B1 (en) 2000-11-22 2005-08-30 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
US6546472B2 (en) * 2000-12-29 2003-04-08 Hewlett-Packard Development Company, L.P. Fast suspend to disk
JP2002323939A (ja) * 2001-04-25 2002-11-08 Casio Comput Co Ltd 起動処理制御装置
JP2003037719A (ja) * 2001-05-17 2003-02-07 Sharp Corp 画像処理装置
US6854046B1 (en) * 2001-08-03 2005-02-08 Tensilica, Inc. Configurable memory management unit
US7024555B2 (en) * 2001-11-01 2006-04-04 Intel Corporation Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
US6922783B2 (en) * 2002-01-16 2005-07-26 Hewlett-Packard Development Company, L.P. Method and apparatus for conserving power on a multiprocessor integrated circuit
US20030154392A1 (en) * 2002-02-11 2003-08-14 Lewis Timothy A. Secure system firmware using interrupt generation on attempts to modify shadow RAM attributes
US6986006B2 (en) 2002-04-17 2006-01-10 Microsoft Corporation Page granular curtained memory via mapping control
US7058768B2 (en) 2002-04-17 2006-06-06 Microsoft Corporation Memory isolation through address translation data edit control
US7392415B2 (en) * 2002-06-26 2008-06-24 Intel Corporation Sleep protection
US6925627B1 (en) * 2002-12-20 2005-08-02 Conexant Systems, Inc. Method and apparatus for power routing in an integrated circuit
US7284136B2 (en) * 2003-01-23 2007-10-16 Intel Corporation Methods and apparatus for implementing a secure resume

Also Published As

Publication number Publication date
US7210009B2 (en) 2007-04-24
CN1846195A (zh) 2006-10-11
CN100416501C (zh) 2008-09-03
KR101093124B1 (ko) 2011-12-13
DE112004001605B4 (de) 2010-05-06
JP2007504553A (ja) 2007-03-01
GB2422228B (en) 2007-02-14
KR20060061832A (ko) 2006-06-08
US20050055524A1 (en) 2005-03-10
GB2422228A (en) 2006-07-19
WO2005026954A1 (en) 2005-03-24
JP4695082B2 (ja) 2011-06-08
GB0604581D0 (en) 2006-04-19
DE112004001605T5 (de) 2006-07-06
TW200527293A (en) 2005-08-16

Similar Documents

Publication Publication Date Title
TWI349230B (en) A computer system and a method for implementating a trusted execution environment
AU2003297864A8 (en) System and method for software application development in a portal environment
AU2003267881A1 (en) Method and apparatus for booting a computer system
EP1407349A4 (en) SOFTWARE APPLICATION EXECUTION METHOD AND SYSTEM
GB0224112D0 (en) System and method for installing applications in a trusted environment
GB2382419B (en) Apparatus and method for creating a trusted environment
EP1815327A4 (en) SYSTEM AND METHOD FOR PROGRAMMING ISOLATED COMPUTER ENVIRONMENT
TWI366105B (en) Programming interface for a computer platform and system and method for programming and application
EP1685458A4 (en) TECHNIQUE AND SYSTEM FOR THE RESPONSE TO INTRUSIVE ATTACKS AGAINST COMPUTERS
AU2003207509A8 (en) System and method for simulating an electronic trading environment
IL179889A0 (en) A method and system for blocking phishing scams
ZA200505253B (en) System and method for preference application installation and execution
GB2420432B (en) System and methods for dependent trust in a computer system
GB0506508D0 (en) Method, system and software tool for processing an electronic form
GB0326903D0 (en) System and method for software debugging
EP1472525A4 (en) SYSTEM AND METHOD FOR ADAPTING SOFTWARE CONTROL IN AN OPERATING ENVIRONMENT
AU2002341482A1 (en) A unit and a method for handling a data object
PL1941705T3 (pl) Sposób i system ochrony łącza dostępu do serwera
GB0526204D0 (en) Method and data processor for reduced pipeline stalling
IL164620A0 (en) Method and system for managing a computer system
IL179954A0 (en) Method and apparatus for booting a computer system
AU2002313608A1 (en) Calibration method, device and computer program
EP1834243A4 (en) SYSTEM AND METHOD FOR FINDING MALWARE
GB0229724D0 (en) Apparatus,method and computer program for defining a data mapping between two or more data structures
GB2402236B (en) A method and apparatus for securing a computer system