WO2003102745A3 - Trusted client utilizing security kernel under secure execution mode - Google Patents

Trusted client utilizing security kernel under secure execution mode Download PDF

Info

Publication number
WO2003102745A3
WO2003102745A3 PCT/US2002/040218 US0240218W WO03102745A3 WO 2003102745 A3 WO2003102745 A3 WO 2003102745A3 US 0240218 W US0240218 W US 0240218W WO 03102745 A3 WO03102745 A3 WO 03102745A3
Authority
WO
WIPO (PCT)
Prior art keywords
routine
request
execution mode
secure execution
security kernel
Prior art date
Application number
PCT/US2002/040218
Other languages
French (fr)
Other versions
WO2003102745A2 (en
Inventor
Rodney W Schmidt
Brian C Barnes
Geoffrey S Strongin
David S Christie
Original Assignee
Advanced Micro Devices Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Micro Devices Inc filed Critical Advanced Micro Devices Inc
Priority to AU2002360617A priority Critical patent/AU2002360617A1/en
Priority to JP2004509764A priority patent/JP4688490B2/en
Priority to GB0427590A priority patent/GB2405976B/en
Priority to KR1020047019257A priority patent/KR100975981B1/en
Priority to EP02795889A priority patent/EP1509839A2/en
Publication of WO2003102745A2 publication Critical patent/WO2003102745A2/en
Publication of WO2003102745A3 publication Critical patent/WO2003102745A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A method and system (400A-B) for performing the method is provided. The method includes executing an insecure routine and receiving a request from the insecure routine. The method also includes performing a first evaluation of the request in hardware, and performing a second evaluation of the request in a secure routine in software. The computer system (400A-B) includes a processor (404) configurable to execute a secure routine and an insecure routine. The computer system (400A-B) also includes hardware coupled to perform a first evaluation of a request associated with the insecure routine. The hardware is further configured to provide a notification of the request to the secure routine. The secure routine is configured to perform a second evaluation of the request. The secure routine is further configured to deny a requested response to the request.
PCT/US2002/040218 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode WO2003102745A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AU2002360617A AU2002360617A1 (en) 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode
JP2004509764A JP4688490B2 (en) 2002-05-31 2002-12-17 Trusted client using high security kernel in high security execution mode
GB0427590A GB2405976B (en) 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode
KR1020047019257A KR100975981B1 (en) 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode
EP02795889A EP1509839A2 (en) 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/160,984 US20030226014A1 (en) 2002-05-31 2002-05-31 Trusted client utilizing security kernel under secure execution mode
US10/160,984 2002-05-31

Publications (2)

Publication Number Publication Date
WO2003102745A2 WO2003102745A2 (en) 2003-12-11
WO2003102745A3 true WO2003102745A3 (en) 2004-03-25

Family

ID=29583316

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/040218 WO2003102745A2 (en) 2002-05-31 2002-12-17 Trusted client utilizing security kernel under secure execution mode

Country Status (9)

Country Link
US (1) US20030226014A1 (en)
EP (1) EP1509839A2 (en)
JP (1) JP4688490B2 (en)
KR (1) KR100975981B1 (en)
CN (1) CN1307535C (en)
AU (1) AU2002360617A1 (en)
GB (1) GB2405976B (en)
TW (1) TWI289787B (en)
WO (1) WO2003102745A2 (en)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7130951B1 (en) * 2002-04-18 2006-10-31 Advanced Micro Devices, Inc. Method for selectively disabling interrupts on a secure execution mode-capable processor
US7334123B2 (en) * 2003-05-02 2008-02-19 Advanced Micro Devices, Inc. Computer system including a bus bridge for connection to a security services processor
US8838950B2 (en) * 2003-06-23 2014-09-16 International Business Machines Corporation Security architecture for system on chip
US7089397B1 (en) * 2003-07-03 2006-08-08 Transmeta Corporation Method and system for caching attribute data for matching attributes with physical addresses
US7496958B2 (en) * 2003-10-29 2009-02-24 Qualcomm Incorporated System for selectively enabling operating modes of a device
KR100591555B1 (en) 2004-01-19 2006-06-21 주식회사 전유시스템 PAM authentication based security kernel system and its control method
US8533777B2 (en) * 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
JP2006203564A (en) * 2005-01-20 2006-08-03 Nara Institute Of Science & Technology Microprocessor, node terminal, computer system and program execution certification method
US7617534B1 (en) 2005-08-26 2009-11-10 Symantec Corporation Detection of SYSENTER/SYSCALL hijacking
US20070168574A1 (en) * 2005-09-28 2007-07-19 Dell Products L.P. System and method for securing access to general purpose input/output ports in a computer system
US7685638B1 (en) 2005-12-13 2010-03-23 Symantec Corporation Dynamic replacement of system call tables
US8214296B2 (en) * 2006-02-14 2012-07-03 Microsoft Corporation Disaggregated secure execution environment
EP1865435A1 (en) * 2006-06-06 2007-12-12 Texas Instruments France Enhanced exception handling
US8245307B1 (en) 2006-12-18 2012-08-14 Nvidia Corporation Providing secure access to a secret
US20090144821A1 (en) * 2007-11-30 2009-06-04 Chung Shan Institute Of Science And Technology, Armaments Bureau, M.N.D. Auxiliary method for investigating lurking program incidents
KR101017015B1 (en) * 2008-11-17 2011-02-23 (주)소만사 Network based high performance contents security system and method thereof
US9348784B2 (en) * 2008-12-01 2016-05-24 Micron Technology, Inc. Systems and methods for managing endian mode of a device
CN101833621B (en) * 2010-04-27 2011-11-30 广州广电运通金融电子股份有限公司 Terminal safety audit method and system
US8495750B2 (en) 2010-08-31 2013-07-23 International Business Machines Corporation Filesystem management and security system
KR101895453B1 (en) 2011-11-09 2018-10-25 삼성전자주식회사 Apparatus and method for guarantee security in heterogeneous computing environment
US9225719B2 (en) * 2011-12-12 2015-12-29 Jpmorgan Chase Bank, N.A. System and method for trusted pair security
WO2013128060A1 (en) * 2012-02-27 2013-09-06 Nokia Corporation Access control for hardware units
US9204522B2 (en) 2012-10-16 2015-12-01 Productions Resource Group, LLC Remote communications protocol
US9207940B2 (en) * 2013-03-15 2015-12-08 Intel Corporation Robust and high performance instructions for system call
JP6370098B2 (en) * 2014-05-16 2018-08-08 杉中 順子 Information processing apparatus, information processing monitoring method, program, and recording medium
US20170109526A1 (en) * 2015-10-20 2017-04-20 Intel Corporation Systems and methods for providing anti-malware protection and malware forensics on storage devices
US10375106B1 (en) * 2016-01-13 2019-08-06 National Technology & Engineering Solutions Of Sandia, Llc Backplane filtering and firewalls
WO2017120812A1 (en) * 2016-01-14 2017-07-20 Intel Corporation Secure communication channel for system management mode
CN108345522B (en) * 2017-12-15 2019-03-29 清华大学 For carrying out the methods, devices and systems of safety detection to central processor CPU
US11068310B2 (en) 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11176054B2 (en) 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
US11182192B2 (en) * 2019-03-08 2021-11-23 International Business Machines Corporation Controlling access to secure storage of a virtual machine
US11283800B2 (en) 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging
US11455398B2 (en) 2019-03-08 2022-09-27 International Business Machines Corporation Testing storage protection hardware in a secure virtual machine environment
US10747875B1 (en) * 2020-03-19 2020-08-18 Cyberark Software Ltd. Customizing operating system kernels with secure kernel modules
CN114064051A (en) * 2021-11-22 2022-02-18 上海兆芯集成电路有限公司 Instruction execution method and instruction execution device
CN114064363A (en) * 2021-11-22 2022-02-18 上海兆芯集成电路有限公司 Instruction execution method and instruction execution device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5561788A (en) * 1985-04-10 1996-10-01 Microsoft Corporation Method and system for executing programs using memory wrap in a multi-mode microprocessor
US6249872B1 (en) * 1996-02-09 2001-06-19 Intel Corporation Method and apparatus for increasing security against unauthorized write access to a protected memory

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4621321A (en) * 1984-02-16 1986-11-04 Honeywell Inc. Secure data processing system architecture
US4984272A (en) * 1988-11-30 1991-01-08 At&T Bell Laboratories Secure file handling in a computer operating system
US5471593A (en) * 1989-12-11 1995-11-28 Branigin; Michael H. Computer processor with an efficient means of executing many instructions simultaneously
US5303378A (en) * 1991-05-21 1994-04-12 Compaq Computer Corporation Reentrant protected mode kernel using virtual 8086 mode interrupt service routines
JPH06324910A (en) * 1993-05-13 1994-11-25 Hitachi Ltd Access detector for computer system
US5684948A (en) * 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5881282A (en) * 1996-12-10 1999-03-09 Intel Corporation Controlling ill-behaved computer add-on device through a virtual execution mode
US6282657B1 (en) * 1997-09-16 2001-08-28 Safenet, Inc. Kernel mode protection
US6292798B1 (en) * 1998-09-09 2001-09-18 International Business Machines Corporation Method and system for controlling access to data resources and protecting computing system resources from unauthorized access
US7013296B1 (en) * 1999-06-08 2006-03-14 The Trustees Of Columbia University In The City Of New York Using electronic security value units to control access to a resource
US6880108B1 (en) * 1999-07-29 2005-04-12 International Business Machines Corporation Risk assessment methodology for AIX-based computer systems
US6745306B1 (en) * 1999-07-29 2004-06-01 Microsoft Corporation Method and system for restricting the load of physical address translations of virtual addresses
JP3607540B2 (en) * 1999-08-18 2005-01-05 エヌイーシーシステムテクノロジー株式会社 Program unit memory access attribute management method
US6718485B1 (en) * 1999-11-16 2004-04-06 Parasoft Corporation Software emulating hardware for analyzing memory references of a computer program
US6986052B1 (en) * 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
GB0016835D0 (en) * 2000-07-07 2000-08-30 Messagelabs Limited Method of, and system for, processing email
US6738875B1 (en) * 2000-07-31 2004-05-18 Microsoft Corporation Efficient write-watch mechanism useful for garbage collection in a computer system
US20020083183A1 (en) * 2000-11-06 2002-06-27 Sanjay Pujare Conventionally coded application conversion system for streamed delivery and execution
US7058978B2 (en) * 2000-12-27 2006-06-06 Microsoft Corporation Security component for a computing device
US6789156B1 (en) * 2001-05-22 2004-09-07 Vmware, Inc. Content-based, transparent sharing of memory units
US7130613B2 (en) * 2001-08-30 2006-10-31 Motorola, Inc. Method for reducing fraudulent system access
US8051301B2 (en) * 2001-11-13 2011-11-01 Advanced Micro Devices, Inc. Memory management system and method providing linear address based memory access security
EP1331539B1 (en) * 2002-01-16 2016-09-28 Texas Instruments France Secure mode for processors supporting MMU and interrupts
US7127579B2 (en) * 2002-03-26 2006-10-24 Intel Corporation Hardened extended firmware interface framework

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5561788A (en) * 1985-04-10 1996-10-01 Microsoft Corporation Method and system for executing programs using memory wrap in a multi-mode microprocessor
US6249872B1 (en) * 1996-02-09 2001-06-19 Intel Corporation Method and apparatus for increasing security against unauthorized write access to a protected memory

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
STÉPHANE ERANIAN, DAVID MOSBERGER: "The Linux/ia64 Project: Kernel Design and Status Update", HP TECHNICAL DOCUMENTS, 21 July 2000 (2000-07-21), pages 1 - 18, XP002268094, Retrieved from the Internet <URL:http://www.hpl.hp.com/techreports/2000/HPL-2000-85.ps> [retrieved on 20040126] *

Also Published As

Publication number Publication date
EP1509839A2 (en) 2005-03-02
GB2405976A (en) 2005-03-16
JP4688490B2 (en) 2011-05-25
TW200307216A (en) 2003-12-01
CN1307535C (en) 2007-03-28
TWI289787B (en) 2007-11-11
GB2405976B (en) 2007-02-21
AU2002360617A8 (en) 2003-12-19
JP2005528686A (en) 2005-09-22
AU2002360617A1 (en) 2003-12-19
WO2003102745A2 (en) 2003-12-11
GB0427590D0 (en) 2005-01-19
KR20050006282A (en) 2005-01-15
CN1630849A (en) 2005-06-22
KR100975981B1 (en) 2010-08-16
US20030226014A1 (en) 2003-12-04

Similar Documents

Publication Publication Date Title
WO2003102745A3 (en) Trusted client utilizing security kernel under secure execution mode
US7653727B2 (en) Cooperative embedded agents
US8656147B2 (en) Methods and apparatus for integrity measurement of virtual machine monitor and operating system via secure launch
US10083296B2 (en) Detection of malicious thread suspension
US11443035B2 (en) Behavioral user security policy
WO2006017774A3 (en) Method for preventing virus infection in a computer
US20090204964A1 (en) Distributed trusted virtualization platform
US7370188B2 (en) Input/output scanning
EP1253502A3 (en) Trusted computer system
WO2017052947A1 (en) Hardware-assisted software verification and secure execution
US20180248847A1 (en) System and method for monitoring and protecting an untrusted operating system by means of a trusted operating system
WO2003093989A3 (en) Computer software management
HK1055827A1 (en) Evidence-based security policy manager
WO2004046916A3 (en) Exception types within a secure processing system
WO2004051966A3 (en) System and methodology providing intelligent resource fork
WO2005043335A3 (en) System for invoking a privileged function in a device
TW200634620A (en) Mechanism to determine trust of out-of-band management agents
CA2365315A1 (en) Method for permitting debugging and testing of software on a mobile communication device in a secure environment
WO2005038598A3 (en) Policy-based network security management
CA2390184A1 (en) Public network access server having a user-configurable firewall
US20080005320A1 (en) Secure input method based on virtual machine
US20090070467A1 (en) Enabling access to remote entities in access controlled networks
WO2017003589A1 (en) Enterprise reputations for uniform resource locators
KR20060093932A (en) Method that can secure keyboard key stroke using secure input filter driver and keyboard secure input bho of internet explorer in windows operating system
WO2020198178A1 (en) Cached file reputations

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1020047019257

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2004509764

Country of ref document: JP

Ref document number: 20028290577

Country of ref document: CN

ENP Entry into the national phase

Ref document number: 0427590

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20021217

REEP Request for entry into the european phase

Ref document number: 2002795889

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2002795889

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020047019257

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2002795889

Country of ref document: EP