TWI804388B - 在處理單元之處理器核心上操作安全碼區段 - Google Patents

在處理單元之處理器核心上操作安全碼區段 Download PDF

Info

Publication number
TWI804388B
TWI804388B TW111126947A TW111126947A TWI804388B TW I804388 B TWI804388 B TW I804388B TW 111126947 A TW111126947 A TW 111126947A TW 111126947 A TW111126947 A TW 111126947A TW I804388 B TWI804388 B TW I804388B
Authority
TW
Taiwan
Prior art keywords
processor core
executing
architectural state
computer
execution
Prior art date
Application number
TW111126947A
Other languages
English (en)
Chinese (zh)
Other versions
TW202324078A (zh
Inventor
塞德瑞 里奇丹拿
雅各布 克里斯托弗 朗
依柏克哈德 帕斯
克里斯汀 伯翠格
Original Assignee
美商萬國商業機器公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 美商萬國商業機器公司 filed Critical 美商萬國商業機器公司
Application granted granted Critical
Publication of TWI804388B publication Critical patent/TWI804388B/zh
Publication of TW202324078A publication Critical patent/TW202324078A/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Executing Machine-Instructions (AREA)
  • Advance Control (AREA)
  • Hardware Redundancy (AREA)
  • Multi Processors (AREA)
TW111126947A 2021-12-03 2022-07-19 在處理單元之處理器核心上操作安全碼區段 TWI804388B (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/457,446 US12602466B2 (en) 2021-12-03 2021-12-03 Operating a secure code segment on a processor core of a processing unit
US17/457,446 2021-12-03

Publications (2)

Publication Number Publication Date
TWI804388B true TWI804388B (zh) 2023-06-01
TW202324078A TW202324078A (zh) 2023-06-16

Family

ID=84363637

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111126947A TWI804388B (zh) 2021-12-03 2022-07-19 在處理單元之處理器核心上操作安全碼區段

Country Status (5)

Country Link
US (1) US12602466B2 (https=)
EP (1) EP4441601A1 (https=)
JP (1) JP2024541488A (https=)
TW (1) TWI804388B (https=)
WO (1) WO2023099137A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12045181B2 (en) * 2022-01-27 2024-07-23 Cypress Semiconductor Corporation System and method for blocking non-secure interrupts
TWI867608B (zh) * 2023-07-04 2024-12-21 新唐科技股份有限公司 處理裝置、韌體更新裝置及其韌體更新方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120147937A1 (en) * 2006-06-19 2012-06-14 Texas Instruments Incorporated Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
US20160124719A1 (en) * 2013-06-18 2016-05-05 Ciambella Ltd. Method and apparatus for code virtualization and remote process call generation
US20170140153A1 (en) * 2014-09-10 2017-05-18 Intel Corporation Providing A Trusted Execution Environment Using A Processor
US20180268130A1 (en) * 2014-12-11 2018-09-20 Sudeep GHOSH System, method and computer readable medium for software protection via composable process-level virtual machines

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7225333B2 (en) * 1999-03-27 2007-05-29 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US7003676B1 (en) * 2001-05-10 2006-02-21 Advanced Micro Devices, Inc. Locking mechanism override and disable for personal computer ROM access protection
US7707578B1 (en) 2004-12-16 2010-04-27 Vmware, Inc. Mechanism for scheduling execution of threads for fair resource allocation in a multi-threaded and/or multi-core processing system
US20080271027A1 (en) 2007-04-27 2008-10-30 Norton Scott J Fair share scheduling with hardware multithreading
US8219996B1 (en) 2007-05-09 2012-07-10 Hewlett-Packard Development Company, L.P. Computer processor with fairness monitor
US20090031314A1 (en) 2007-07-25 2009-01-29 Microsoft Corporation Fairness in memory systems
US7996663B2 (en) 2007-12-27 2011-08-09 Intel Corporation Saving and restoring architectural state for processor cores
US8522354B2 (en) * 2008-05-24 2013-08-27 Via Technologies, Inc. Microprocessor apparatus for secure on-die real-time clock
JP4778035B2 (ja) 2008-11-07 2011-09-21 インターナショナル・ビジネス・マシーンズ・コーポレーション 外部資源を排他使用しながら実行される命令の実行時間の遅延を防ぐためのコンピュータ・システム、並びにその方法及びコンピュータ・プログラム
JP2013152636A (ja) 2012-01-25 2013-08-08 Toyota Motor Corp 情報処理装置、タスクスケジューリング方法
WO2014108743A1 (en) * 2013-01-09 2014-07-17 Freescale Semiconductor, Inc. A method and apparatus for using a cpu cache memory for non-cpu related tasks
US9183399B2 (en) 2013-02-14 2015-11-10 International Business Machines Corporation Instruction set architecture with secure clear instructions for protecting processing unit architected state information
JP2015014966A (ja) 2013-07-05 2015-01-22 日本電気株式会社 情報処理装置、情報処理方法、および、情報処理プログラム
US10719420B2 (en) 2015-02-10 2020-07-21 International Business Machines Corporation System level testing of multi-threading functionality including building independent instruction streams while honoring architecturally imposed common fields and constraints
US11354128B2 (en) * 2015-03-04 2022-06-07 Intel Corporation Optimized mode transitions through predicting target state
DE102015213263A1 (de) * 2015-07-15 2017-01-19 Siemens Aktiengesellschaft Prozessor mit wahlweise einschaltbaren Sicherheitsfunktionen
US9864879B2 (en) 2015-10-06 2018-01-09 Micron Technology, Inc. Secure subsystem
US10534725B2 (en) 2017-07-25 2020-01-14 International Business Machines Corporation Computer system software/firmware and a processor unit with a security module
US10783240B2 (en) 2017-09-29 2020-09-22 Stmicroelectronics, Inc. Secure environment in a non-secure microcontroller
JP7021594B2 (ja) 2018-04-02 2022-02-17 大日本印刷株式会社 デバイス、プログラム、インジケータ情報送信方法、及びインジケータ情報表示方法
CN109858288B (zh) 2018-12-26 2021-04-13 中国科学院信息工程研究所 实现虚拟机安全隔离的方法与装置
US11307857B2 (en) 2019-12-05 2022-04-19 Marvell Asia Pte, Ltd. Dynamic designation of instructions as sensitive for constraining multithreaded execution
US11372647B2 (en) 2019-12-05 2022-06-28 Marvell Asia Pte, Ltd. Pipelines for secure multithread execution
CN111753311B (zh) 2020-08-28 2020-12-15 支付宝(杭州)信息技术有限公司 超线程场景下安全进入可信执行环境的方法及装置
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit
US12314755B2 (en) 2021-12-03 2025-05-27 International Business Machines Corporation Scheduling a secure code segment on a processor core of a processing unit
US12185029B2 (en) * 2021-12-13 2024-12-31 Hanwha Vision Co., Ltd. Apparatus and method for transmitting images and apparatus and method for receiving images
US12368908B2 (en) * 2022-04-19 2025-07-22 Nvidia Corporation Video streaming scaling using virtual resolution adjustment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160234019A1 (en) * 2004-06-23 2016-08-11 Texas Instruments Incorporated Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
US20120147937A1 (en) * 2006-06-19 2012-06-14 Texas Instruments Incorporated Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
US20160124719A1 (en) * 2013-06-18 2016-05-05 Ciambella Ltd. Method and apparatus for code virtualization and remote process call generation
US20170140153A1 (en) * 2014-09-10 2017-05-18 Intel Corporation Providing A Trusted Execution Environment Using A Processor
US20180268130A1 (en) * 2014-12-11 2018-09-20 Sudeep GHOSH System, method and computer readable medium for software protection via composable process-level virtual machines

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12602466B2 (en) 2021-12-03 2026-04-14 International Business Machines Corporation Operating a secure code segment on a processor core of a processing unit

Also Published As

Publication number Publication date
EP4441601A1 (en) 2024-10-09
WO2023099137A1 (en) 2023-06-08
TW202324078A (zh) 2023-06-16
JP2024541488A (ja) 2024-11-08
US12602466B2 (en) 2026-04-14
US20230177143A1 (en) 2023-06-08

Similar Documents

Publication Publication Date Title
TWI804388B (zh) 在處理單元之處理器核心上操作安全碼區段
JP6802052B2 (ja) 透明で安全なインターセプション処理のための方法、コンピュータ・システム、ファームウェア、ハイパーバイザおよびコンピュータ・プログラム
US10831501B2 (en) Managing an issue queue for fused instructions and paired instructions in a microprocessor
US20120131574A1 (en) Virtual machine data structures corresponding to nested virtualization levels
TWI664530B (zh) 用於測試待處理外部中斷指令之電腦程式產品、電腦系統及電腦實施方法
US20160139955A1 (en) Quiesce handling in multithreaded environments
US9678830B2 (en) Recovery improvement for quiesced systems
US12314755B2 (en) Scheduling a secure code segment on a processor core of a processing unit
US11934220B2 (en) Clock comparator sign control
US20170371732A1 (en) Method for debugging static memory corruption
US20170123800A1 (en) Selective resource activation based on privilege level
US20170300336A1 (en) Fpscr sticky bit handling for out of order instruction execution
US20170031850A1 (en) Processing interrupt requests
US10528352B2 (en) Blocking instruction fetching in a computer processor
US10552162B2 (en) Variable latency flush filtering
US20190213055A1 (en) Operation of a multi-slice processor implementing a hardware level transfer of an execution thread
US11977890B2 (en) Stateful microcode branching
JP2023552560A (ja) 制御シーケンス内の依存関係の識別方法、システム、プログラム