WO2010057065A2 - Method and apparatus to provide secure application execution - Google Patents
Method and apparatus to provide secure application execution Download PDFInfo
- Publication number
- WO2010057065A2 WO2010057065A2 PCT/US2009/064493 US2009064493W WO2010057065A2 WO 2010057065 A2 WO2010057065 A2 WO 2010057065A2 US 2009064493 W US2009064493 W US 2009064493W WO 2010057065 A2 WO2010057065 A2 WO 2010057065A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- epc
- instruction
- data
- processor
- machine
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/3004—Arrangements for executing specific machine instructions to perform operations on memory
- G06F9/30043—LOAD or STORE instructions; Clear instruction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
- G06F9/30032—Movement instructions, e.g. MOVE, SHIFT, ROTATE, SHUFFLE
Definitions
- Embodiments of the invention relate generally to the field of information processing and more specifically, to the field of security in computing systems and microprocessors.
- Figure 1 illustrates a block diagram of a microprocessor, in which at least one embodiment of the invention may be used;
- Figure 2 illustrates a block diagram of a shared bus computer system, in which at least one embodiment of the invention may be used;
- Figure 3 illustrates a block diagram a point-to-point interconnect computer system, in which at least one embodiment of the invention may be used.
- Embodiments of the invention pertain to a technique for providing secure application and data in a flexible but reliable manner.
- the attached document entitled "Secure Enclaves Architecture" is hereby incorporated by referrence as an example of at least one embodiment.
- the incorporated reference is not intended to limit the scope of embodiments of the invention in any way and other embodiments may be used while remaining within the spirit and scope of the invention.
- Figure 1 illustrates a microprocessor in which at least one embodiment of the invention may be used.
- Figure 1 illustrates microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively.
- a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113.
- microprocessor 100 may also include other logic not shown in Figure 1 , such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control.
- each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment.
- the logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations.
- Figure 2 illustrates a front-side-bus (FSB) computer system in which one embodiment of the invention may be used.
- Any processor 201, 205, 210, or 215 may access information from any local level one (Ll) cache memory 220, 225, 230, 235, 240, 245, 250, 255 within or otherwise associated with one of the processor cores 223, 227, 233, 237, 243, 247, 253, 257. Furthermore, any processor 201, 205, 210, or 215 may access information from any one of the shared level two (L2) caches 203, 207, 213, 217 or from system memory 260 via chipset 265.
- L2 shared level two
- One or more of the processors in Figure 2 may include or otherwise be associated with logic 219 to enable secure enclave techniques, in accordance with at least one embodiment.
- P2P point-to-point
- ring interconnect systems may be used in conjunction with various embodiments of the invention, including point-to-point (P2P) interconnect systems and ring interconnect systems.
- the P2P system of Figure 3 may include several processors, of which only two, processors 370, 380 are shown by example.
- Processors 370, 380 may each include a local memory controller hub (MCH) 372, 382 to connect with memory 32, 34.
- MCH local memory controller hub
- Processors 370, 380 may exchange data via a point-to-point (PtP) interface 350 using PtP interface circuits 378, 388.
- PtP point-to-point
- Processors 370, 380 may each exchange data with a chipset 390 via individual PtP interfaces 352, 354 using point to point interface circuits 376, 394, 386, 398.
- Chipset 390 may also exchange data with a high-performance graphics circuit 338 via a high- performance graphics interface 339.
- Embodiments of the invention may be located within any processor having any number of processing cores, or within each of the PtP bus agents of Figure 3.
- any processor core may include or otherwise be associated with a local cache memory (not shown).
- a shared cache (not shown) may be included in either processor outside of both processors, yet connected with the processors via p2p interconnect, such that either or both processors' local cache information may be stored in the shared cache if a processor is placed into a low power mode.
- One or more of the processors or cores in Figure 3 may include or otherwise be associated with logic 319 to enable secure enclave techniques, in accordance with at least one embodiment.
- IP cores may be stored on a tangible, machine readable medium (“tape”) and supplied to various customers or manufacturing facilities to load into the fabrication machines that actually make the logic or processor.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Retry When Errors Occur (AREA)
- Multi Processors (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011536548A JP2012508938A (en) | 2008-11-14 | 2009-11-14 | Secure application execution method and apparatus |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US19931808P | 2008-11-14 | 2008-11-14 | |
US61/199,318 | 2008-11-14 | ||
US59076709A | 2009-11-13 | 2009-11-13 | |
US12/590,767 | 2009-11-13 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2010057065A2 true WO2010057065A2 (en) | 2010-05-20 |
WO2010057065A3 WO2010057065A3 (en) | 2010-08-19 |
Family
ID=42170755
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2009/064493 WO2010057065A2 (en) | 2008-11-14 | 2009-11-14 | Method and apparatus to provide secure application execution |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP2012508938A (en) |
WO (1) | WO2010057065A2 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102289386A (en) * | 2010-06-21 | 2011-12-21 | 英特尔公司 | Uniform storage device by partial virtualization machine |
WO2013058781A1 (en) | 2011-10-18 | 2013-04-25 | Intel Corporation | Methods, systems and apparatus to facilitate client-based authentication |
WO2014105160A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Logging in secure enclaves |
WO2014105161A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Memory management in secure enclaves |
WO2014105159A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Paging in secure enclaves |
EP2778899A2 (en) | 2013-03-15 | 2014-09-17 | Intel Corporation | Secure rendering of display surfaces |
US9087200B2 (en) | 2009-12-22 | 2015-07-21 | Intel Corporation | Method and apparatus to provide secure application execution |
EP2889777A3 (en) * | 2013-12-27 | 2015-08-12 | Intel IP Corporation | Modifying memory permissions in a secure processing environment |
US9448950B2 (en) | 2013-12-24 | 2016-09-20 | Intel Corporation | Using authenticated manifests to enable external certification of multi-processor platforms |
US9501668B2 (en) | 2013-09-25 | 2016-11-22 | Intel Corporation | Secure video ouput path |
US9606940B2 (en) | 2015-03-27 | 2017-03-28 | Intel Corporation | Methods and apparatus to utilize a trusted loader in a trusted computing environment |
US9705892B2 (en) | 2014-06-27 | 2017-07-11 | Intel Corporation | Trusted time service for offline mode |
US10552344B2 (en) | 2017-12-26 | 2020-02-04 | Intel Corporation | Unblock instruction to reverse page block during paging |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9430384B2 (en) * | 2013-03-31 | 2016-08-30 | Intel Corporation | Instructions and logic to provide advanced paging capabilities for secure enclave page caches |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5224166A (en) * | 1992-08-11 | 1993-06-29 | International Business Machines Corporation | System for seamless processing of encrypted and non-encrypted data and instructions |
US20040143748A1 (en) * | 2003-01-21 | 2004-07-22 | Kabushiki Kaisha Toshiba | Data access control method for tamper resistant microprocessor using cache memory |
US20050100163A1 (en) * | 2003-11-10 | 2005-05-12 | Broadcom Corporation | System and method for securing executable code |
US20080072004A1 (en) * | 2006-09-20 | 2008-03-20 | Arm Limited | Maintaining cache coherency for secure and non-secure data access requests |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4263976B2 (en) * | 2003-09-24 | 2009-05-13 | 株式会社東芝 | On-chip multi-core tamper resistant processor |
JP4945200B2 (en) * | 2006-08-29 | 2012-06-06 | 株式会社日立製作所 | Computer system and processor control method |
-
2009
- 2009-11-14 WO PCT/US2009/064493 patent/WO2010057065A2/en active Application Filing
- 2009-11-14 JP JP2011536548A patent/JP2012508938A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5224166A (en) * | 1992-08-11 | 1993-06-29 | International Business Machines Corporation | System for seamless processing of encrypted and non-encrypted data and instructions |
US20040143748A1 (en) * | 2003-01-21 | 2004-07-22 | Kabushiki Kaisha Toshiba | Data access control method for tamper resistant microprocessor using cache memory |
US20050100163A1 (en) * | 2003-11-10 | 2005-05-12 | Broadcom Corporation | System and method for securing executable code |
US20080072004A1 (en) * | 2006-09-20 | 2008-03-20 | Arm Limited | Maintaining cache coherency for secure and non-secure data access requests |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9087200B2 (en) | 2009-12-22 | 2015-07-21 | Intel Corporation | Method and apparatus to provide secure application execution |
US10885202B2 (en) | 2009-12-22 | 2021-01-05 | Intel Corporation | Method and apparatus to provide secure application execution |
US10102380B2 (en) | 2009-12-22 | 2018-10-16 | Intel Corporation | Method and apparatus to provide secure application execution |
JP2012009013A (en) * | 2010-06-21 | 2012-01-12 | Intel Corp | Unified storage device based on partial virtualized machine |
CN102289386A (en) * | 2010-06-21 | 2011-12-21 | 英特尔公司 | Uniform storage device by partial virtualization machine |
WO2013058781A1 (en) | 2011-10-18 | 2013-04-25 | Intel Corporation | Methods, systems and apparatus to facilitate client-based authentication |
US9766889B2 (en) | 2012-12-28 | 2017-09-19 | Intel Corporation | Memory management in secure enclaves |
US9990197B2 (en) | 2012-12-28 | 2018-06-05 | Intel Corporation | Memory management in secure enclaves |
WO2014105160A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Logging in secure enclaves |
US10409597B2 (en) | 2012-12-28 | 2019-09-10 | Intel Corporation | Memory management in secure enclaves |
WO2014105161A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Memory management in secure enclaves |
WO2014105159A1 (en) * | 2012-12-28 | 2014-07-03 | Intel Corporation | Paging in secure enclaves |
US9690704B2 (en) | 2012-12-28 | 2017-06-27 | Intel Corporation | Paging in secure enclaves |
EP2778899A2 (en) | 2013-03-15 | 2014-09-17 | Intel Corporation | Secure rendering of display surfaces |
US9501668B2 (en) | 2013-09-25 | 2016-11-22 | Intel Corporation | Secure video ouput path |
US9448950B2 (en) | 2013-12-24 | 2016-09-20 | Intel Corporation | Using authenticated manifests to enable external certification of multi-processor platforms |
US9355262B2 (en) | 2013-12-27 | 2016-05-31 | Intel Corporation | Modifying memory permissions in a secure processing environment |
EP2889777A3 (en) * | 2013-12-27 | 2015-08-12 | Intel IP Corporation | Modifying memory permissions in a secure processing environment |
US9705892B2 (en) | 2014-06-27 | 2017-07-11 | Intel Corporation | Trusted time service for offline mode |
US9606940B2 (en) | 2015-03-27 | 2017-03-28 | Intel Corporation | Methods and apparatus to utilize a trusted loader in a trusted computing environment |
US10552344B2 (en) | 2017-12-26 | 2020-02-04 | Intel Corporation | Unblock instruction to reverse page block during paging |
Also Published As
Publication number | Publication date |
---|---|
WO2010057065A3 (en) | 2010-08-19 |
JP2012508938A (en) | 2012-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010057065A2 (en) | Method and apparatus to provide secure application execution | |
US20220237123A1 (en) | Apparatuses and methods for a processor architecture | |
US11216556B2 (en) | Side channel attack prevention by maintaining architectural state consistency | |
US7991965B2 (en) | Technique for using memory attributes | |
US8140828B2 (en) | Handling transaction buffer overflow in multiprocessor by re-executing after waiting for peer processors to complete pending transactions and bypassing the buffer | |
US11354240B2 (en) | Selective execution of cache line flush operations | |
EP3552108B1 (en) | Apparatuses and methods for a processor architecture | |
US11709742B2 (en) | Method for migrating CPU state from an inoperable core to a spare core | |
CN108369553B (en) | Systems, methods, and apparatus for range protection | |
US11188341B2 (en) | System, apparatus and method for symbolic store address generation for data-parallel processor | |
TW201732566A (en) | Method and apparatus for recovering from bad store-to-load forwarding in an out-of-order processor | |
CN104102549A (en) | Method, device and chip for realizing mutual exclusion operation of multiple threads | |
US20180336034A1 (en) | Near memory computing architecture | |
US8719500B2 (en) | Technique for tracking shared data in a multi-core processor or multi-processor system | |
US8996923B2 (en) | Apparatus and method to obtain information regarding suppressed faults |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09826885 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011536548 Country of ref document: JP Ref document number: 2340/DELNP/2011 Country of ref document: IN |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09826885 Country of ref document: EP Kind code of ref document: A2 |