WO2023061607A1 - Regulating access to memory - Google Patents

Regulating access to memory Download PDF

Info

Publication number
WO2023061607A1
WO2023061607A1 PCT/EP2021/078588 EP2021078588W WO2023061607A1 WO 2023061607 A1 WO2023061607 A1 WO 2023061607A1 EP 2021078588 W EP2021078588 W EP 2021078588W WO 2023061607 A1 WO2023061607 A1 WO 2023061607A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory address
physical memory
output
signal
generate
Prior art date
Application number
PCT/EP2021/078588
Other languages
French (fr)
Inventor
Igor STOPPA
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2021/078588 priority Critical patent/WO2023061607A1/en
Priority to CN202180102085.2A priority patent/CN117916720A/en
Publication of WO2023061607A1 publication Critical patent/WO2023061607A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/109Address translation for multiple virtual address spaces, e.g. segmentation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1016Performance improvement
    • G06F2212/1024Latency reduction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/152Virtualized environment, e.g. logically partitioned system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/65Details of virtual memory and virtual address translation
    • G06F2212/657Virtual address space management

Definitions

  • the present disclosure relates, in general, to memory management. Aspects of the disclosure relate to regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory.
  • software components may be executed separately or in combination by a processor or processors within collections of computing resources referred to as process spaces or processes. Each process can be maintained separately by the processor and includes a collection of computing resources.
  • the collection of computing resources associated with a process space are accessible to software programs executing within the process and may include resources such as a virtual memory space and/or hardware components.
  • the processor will, in general, separate and, when desired, isolate each process space from other process spaces such that programs executing in one process space may be prevented from accessing or modifying the computing resources associated with a different process space.
  • the processor of the apparatus can implement and enforce a system of privilege levels. For example, a process that is executing at one privilege level may not be permitted to view or access computing resources associated with a different process that is executing at the same privilege level or at a lower or more restrictive privilege level that allows access to a smaller set of computing resources compared to another privilege level.
  • a processor can provide multiple privilege levels, also referred to as exception levels.
  • exception level zero EEO
  • unprivileged execution is the lowest privilege level, least privileged, and most restricted
  • exception level three EL3
  • ELI exception level 1
  • OS operating system
  • EL2 exception level 2
  • a process executing at the lowest privilege level is allowed to access and modify computing resources associated with its own process but is not allowed to access or modify computing resources associated with any other processes executing on the computing apparatus.
  • user space applications are typically executed at the lowest privilege level, ELO, which is also the most restrictive privilege level.
  • a process executing at the next higher privilege level can be allowed to access and modify computing resources of processes executing at the lowest privilege level, ELO, but cannot access, view or modify computing resources of any process executing at the same or higher privilege level, such as EL2 or EL3.
  • a computing apparatus will generally divide its memory into physical pages, each with a unique ID (address), which are then mapped to virtual addresses in such a that physical contiguity does not imply virtual contiguity, and vice versa.
  • These mappings can be implemented through a tree-like data structure comprised of physical pages, called a page table.
  • a virtual memory address is used to generate a set of indexes which are used to navigate the tree.
  • the leaves of the tree represent the mappings of virtual addresses into physical addresses. In other words by navigating the tree, it is possible to convert a virtual address into a physical one.
  • Each leaf describes properties of the related physical page, such as whether it contains code that can be executed, write- protected data, etc.
  • mappings As described by the leaves, as gateway for modifying the content of the associated physical pages, in a way that can be exploited to gain additional capabilities.
  • One way of attacking the system is to alter the mapping of a page, for example by making it writable, so that the code itself can be altered.
  • Another way is to inject code into a data page and later on make it executable by changing its mapping properties. Protecting the specific mapping does not help, since a physical page could be mapped at a different virtual address, making its properties modifiable through the alternative rogue mapping (double mapping).
  • privilege levels can be leveraged.
  • a component running in Hypervisor mode can be used to validate and replicate mapping properties set by a kernel in ELI in EL2. Accordingly, even if ELI mappings are compromised it is unlikely that an attacker will be able to tamper with EL2, and any modification of either protected data or code will trigger an exception in EL2. This can work well to prevent tampering with page properties, because it does not add any overhead on regular page operations.
  • ELI new chunks of protected memory
  • a Page Protection Layer can be used to form an enclave inside ELI, retaining kernel context, while expanding on the capabilities (such as accessing/altering protected registers and modifying protected memory).
  • a PPL does not have a second- stage page mapping to self-protect against double-mapping, and therefore it needs to protect all the page tables and perform validation on what gets mapped/unmapped. However, validation of the entire page table adds an overhead to any mapping being performed, which is not desirable from speed perspective. The validation also has to be performed on mappings which are unlikely to be abused.
  • An objective of the present disclosure is to provide a secure mechanism to protect code and critical data of an operating system kernel against attacks which have gained the capability of both reading and writing memory with regular protection.
  • a first aspect of the present disclosure provides a memory management apparatus configured to access a data structure stored in a physical memory of a device, the data structure configured to map a virtual memory address to a physical memory address of the physical memory, the memory management apparatus configured to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the device.
  • code and critical data can be protected whilst avoiding overheads introduced by protection mechanisms, such as PPL for example, which introduce delays when vetting modifications to a page table even when pages affected are not relevant to either the code or critical data in question. Furthermore, access to non-protected context is retained even when operating withing the protected context.
  • the output condition signal can be provided to a processor of the device in the event that the output condition signal represents an exception value.
  • an exception signal can be sent back to, e.g., the system processor.
  • the system processor can then, in an escalated (e.g., privileged) mode of operation determine the nature of the operation that resulted in the exception in order to determine whether an attack is in progress for example. Accordingly, overheads associated with vetting of modifications to a page table are reduced or removed.
  • escalated e.g., privileged
  • the determined physical memory address can be provided to a memory controller of the device in the event that the output condition signal represents an allowed value.
  • the memory management apparatus can determine, using the state signal, whether the processor of the device is operating in a protected state.
  • the memory management apparatus can prevent write access to physical memory addresses within the predetermined physical memory address range.
  • a second aspect of the present disclosure provides a firewall structure for a memory management apparatus of a device, the firewall structure comprising a first comparator unit to receive a first status signal representing an operation for a first virtual memory address, compare the received first status signal with a set of allowed operations for a first physical memory address of a physical memory, the first physical memory address determined from the first virtual memory address using a data structure, and generate a first output based on the comparison for the received first status signal, compare the first physical memory address with a first predetermined physical memory address range, and generate a second output based on the comparison for the determined first physical memory address, and generate a first validation signal using the first output, the second output and a state signal representing a state of operation of the device.
  • a second comparator unit can receive a second status signal representing an operation for a second virtual memory address, compare the received second status signal with a set of allowed operations for a second physical memory address of the physical memory, the second physical memory address determined from the second virtual memory address using the data structure, and generate a third output based on the comparison for the received second status signal, compare the second physical memory address with a second predetermined physical memory address range, and generate a fourth output based on the comparison for the determined second physical memory address, and generate a second validation signal using the third output, the fourth output and the state signal.
  • the firewall structure can generate an output condition signal using the first validation signal and the second validation signal.
  • the firewall structure can generate the output condition signal by performing a logical operation using the first validation signal and the second validation signal.
  • a third aspect of the present disclosure provides an apparatus comprising a processor and a memory management apparatus, the memory management apparatus comprising a data structure configured to map a virtual memory address to a physical memory address for a memory of the apparatus, wherein the memory management apparatus is configured to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus from the processor, receive, from the processor, a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
  • the processor can provide the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value.
  • the processor can determine, using the state signal, whether the apparatus is operating in a protected state.
  • the processor can prevent write access to physical memory addresses within the predetermined physical memory address range.
  • a fourth aspect of the present disclosure provides a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the method comprising using the data structure, determining a physical memory address from a virtual memory address, receiving a status signal representing an operation for the virtual memory address, comparing the received status signal with a set of allowed operations for the determined physical memory address, and generating a first output based on the comparison for the received status signal, comparing the determined physical memory address with a predetermined physical memory address range, and generating a second output based on the comparison for the determined physical memory address, and generating an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
  • the method can further comprise providing the output condition signal to a processor of the apparatus in the event that the output condition signal represents an exception value.
  • the method can further comprise providing the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value.
  • the method can further comprise determining, using the state signal, whether the processor of the apparatus is operating in a protected state.
  • the method can further comprise preventing write access to physical memory addresses within the predetermined physical memory address range.
  • a fifth aspect of the present disclosure provides a machine -readable storage medium encoded with instructions for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the instructions executable by a processor of the apparatus, whereby to cause the apparatus to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
  • Figure 1 is a schematic representation of an apparatus according to an example
  • Figure 2 is a schematic representation of a firewall structure according to an example
  • Figure 3 is a schematic representation of a comparator unit according to an example
  • Figure 4 is a schematic representation of use of comparator units according to an example
  • Figure 5 is a schematic representation of a system according to an example.
  • Figure 6 is a schematic representation of a machine according to an example.
  • a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus can protect code and critical data whilst avoiding overheads introduced by protection mechanisms, such as PPL for example, which introduce delays when vetting modifications to the page table even when pages affected are not relevant to either code or critical data.
  • protection mechanisms such as PPL for example
  • access to nonprotected context is retained even when operating withing the protected context.
  • Certain examples described herein make reference to aspects such as privilege levels that can be implemented in an ARM architecture.
  • the present systems and methods are equally applicable to other architectures in which the same concepts can be implemented.
  • the implementation of a Translation Lookaside Buffer can vary between architectures, although the overarching principle of caching (e.g., in view of recently queried address spaces and so on) is universally applicable.
  • overheads can be reduced by confining both code and data to protect to a handful of ranges (e.g., stemming from a single point in a page table) such as kernel code and/or kernel critical data for example.
  • a protection mechanism such as PPL for example, can be used to protect a sub-section of a page table related to the previous point and its roots.
  • Physical pages from a handful of contiguous ranges (ideally just one) can be used, and a hardware firewall can be implemented in order to prevent write access to physical pages within the ranges from the previous point, unless the write operations are performed from within protected mode, such as PPL mode for example.
  • a page table can therefore be implemented such that it comprises both protected and unprotected pages, and in order to alter protected pages, a system can transition into a protected mode of operation, such as a PPL mode.
  • a protected mode of operation such as a PPL mode.
  • non-protected pages can be altered without any overhead, thus improving overall system performance when creating/tearing down temporary mappings.
  • an attacker who has, e.g., gained R/W capability on unprotected kernel data
  • one or more comparator units can be configured to enable a certain operation on a memory bus of a system to be blocked should such an operation prove incompatible with selected predefined ranges that are configured during, e.g., system boot.
  • ranges can be compared with both the address of the operation currently being attempted, and the type of operation attempted.
  • Range configuration can be implemented exclusively in a protected mode of operation of a system. For example, at system boot, a certain range of contiguous physical memory pages can be reserved, and the start/end values can be stored in a status checker comprising a pair of comparators (one for each extreme of the range).
  • An enable line representing the status of a system processor can be used to check whether the system is in a protected mode of operation or not. If it is, the test is skipped. However, if the process is not in a protected mode of operation, and it attempts to write, this can be configured to cause an exception.
  • Figure 1 is a schematic representation of an apparatus according to an example.
  • apparatus 100 comprises a processor 101 and a memory management apparatus 103.
  • memory management apparatus 103 is configured to provide a data structure configured to map a virtual memory address 105 to a physical memory address 107 for a memory 109 of the apparatus 100.
  • the memory management apparatus 103 can use the data structure, which can be provided in a translation lookaside buffer 111 of the memory management apparatus 103 for example, to determine the physical memory address 107 from a virtual memory address 105 received by the memory management apparatus 103 from the processor 101.
  • a status signal 113 representing an operation for the virtual memory address 105 can be received by the memory management apparatus 103 from processor 101.
  • a firewall structure 117 of the memory management apparatus 103 can compare the received status signal 113 with a set of allowed operations for the determined physical memory address 107, and generate a first output based on the comparison for the received status signal.
  • the determined physical memory address 107 can be compared with a predetermined physical memory address range, and the firewall structure 117 of the memory management apparatus 103 can generate a second output based on the comparison for the determined physical memory address 107.
  • An output condition signal can be generated by the memory management apparatus 103 using the first output, the second output and a state signal representing a state of operation of the apparatus. That is, the output condition signal can represent the outcome of a validation as to whether the determined physical memory address is accessible according to the requirements laid out by the status signal in view of the predetermined physical memory address range. If validation fails, an exception signal 115 can be sent back to the processor 101. The exception can be dealt with the processor 101 in a secure mode of operation.
  • the firewall structure prevents changes to physical pages within the protected ranges, unless the system is in a specific mode of operation, such as a privileged mode of operation.
  • Translation operations 111 can be validated in view of the status signal 113, based on the virtual address 105, and operations on the physical address 107 can be validated by the firewall structure 117, also with reference to the status signal 113. This limits overhead only to modifications of the page tables for protected data and code.
  • Figure 2 is a schematic representation of a firewall structure according to an example.
  • the firewall structure 117 comprises a first comparator unit 201 to receive a first status signal 113 representing an operation for a first virtual memory address 105.
  • the status signal 113 can be received from processor 101 for example.
  • the comparator unit 201 can compare the received first status signal 113 with a set of allowed operations for a first physical memory address 107 of a physical memory 109, where the first physical memory address 107 can be determined from the first virtual memory address 105 using a data structure, such as a data structure configured to map a virtual memory address to a physical memory address of the physical memory 109.
  • Comparator unit 201 can generate a first output (described in more detail below) based on the comparison for the received first status signal, and compare the first physical memory address with a first predetermined physical memory address range to generate a second output based on the comparison for the determined first physical memory address.
  • a first validation signal 203 can be generated using the first output, the second output and a state signal representing a state of operation of the device.
  • firewall structure 117 can comprise multiple comparator units, each of which configured to validate an operation being executed against a specific operation and address range. Should the pair (operation, target) match the target of a comparator unit, the output condition signal 205 can signify an exception condition in which an operation is not validated against the predefined criteria.
  • Figure 3 is a schematic representation of a comparator unit according to an example.
  • the comparator unit 201 is configured to signal an error condition when the physical address 107 falls within a programmed range 301 and the status signal 113 indicates a forbidden or otherwise invalid operation.
  • an error condition can be negated (that is, effectively bypassed) using a signal 305 representing a privileged mode of operations.
  • Processor 101 can be used to set the upper and/or lower bound of the range 301 of a comparator unit 201, and also the signal 113 that is used to trigger an error condition if the physical address 107 lies within lower and upper bounds.
  • a comparator unit 201 comprises logic 307 that can be set using, e.g., processor 101, that identifies operations 309 that are permitted for a memory range that falls within the predefined range 301.
  • a comparator unit can perform a validation process within a single clock cycle of the system.
  • the operations comprise ‘read’, ‘fetch’, and ‘write’, and refer to the actions which are permitted for a memory address. Any one or more of these operations may be flagged, indicating that the operation(s) in question is not permitted (i.e., forbidden). In an alternative example, no operations may be flagged.
  • the operation ‘fetch’ is flagged, meaning that a physical memory address 107 may not be fetched for execution from its location in the event that it falls within the range defined in block 301.
  • the fact that the other operations in logic 307 of figure 3 are not flagged means that they may be performed for the address 107 irrespective of whether that address falls within the range of 301 or not.
  • the operation in order to be able to perform an operation on a physical memory address within the preselected range 301 defined by the upper and lower bounds, the operation must not be flagged as a forbidden operation .
  • a flagged operation is one that may be permitted.
  • the corresponding adjustments to the logical signals relating to the address range and mode of operation can be made in order to arrive at a desired output to indicate a forbidden operation.
  • the status signal 113 is therefore compared with a set of forbidden operations 309 for the determined physical memory address 107 in order to generate a first output 311.
  • the determined physical memory address 107 is compared with a predetermined physical memory address range 301 in order to generate a second output 313.
  • the output condition signal 203 is generated using the first output 311, the second output 313 and a state signal 305 representing a state of operation of the device.
  • the output condition signal 203 can, in an example, be generated on the basis of logic 315 that takes the first output 311, the second output 313 and the state signal 305 as input.
  • the output of the logic 315 i.e., the signal 203, will be high or binary 1, thereby indicating that i) the physical address 107 is within the preselected range 301, and ii) the desired operation for the physical address 107 is a forbidden action, and iii) the system is not in a privileged mode of operation.
  • any one of the first output 311, the second output 313 and the state signal 305 comprise values that are different from those described above for this specific example, the signal 203 will be different, thereby indicating that one or more of the physical address 107 is not within the preselected range 301, ii) the desired operation for the physical address 107 is an allowed action, iii) the system is in a privileged mode of operation.
  • the status signal 113 may comprise multiple data items representing, e.g., an operation for use by logic 307 and/or a state signal 305.
  • one or more status signals 113 may be transmitted over a bus 207 to multiple comparator units 201.
  • data representing a physical address 107 may be transmitted over a bus 209 to multiple comparator units 201.
  • Figure 4 is a schematic representation of use of comparator units according to an example.
  • three comparator units, 201a-c are depicted in a simplified form (compared to, e.g., figure 3) in which their respective allowed operations 309 are shown circled.
  • forbidden operations for unit 201a are ‘write’ (W) and ‘read’ (R) (only ‘fetch’ (F) is allowed (it is not flagged), i.e., executable memory)
  • forbidden operations for unit 201b are W and F (only R allowed, i.e., read-only data memory)
  • a forbidden operation for unit 201c is F (both R and W allowed, i.e., read-write data memory).
  • Each comparator unit 201a-c is logically mapped to respective contiguous ranges of physical memory addresses 401. For example, comparator unit 201a is mapped to range 403, comparator unit 201b is mapped to range 405, and comparator unit 201c is mapped to range 407.
  • status signal 113 should comprise an allowed (i.e., flagged in the example of figure 3) operation 309, which in the case of unit 201a is F, and the second input 313 should be valid such a physical address 107 in question resides within the preselected range 403 (also presuming that the state signal is off, or low, or binary zero, thereby indicating that the system is not in a privileged mode of operation).
  • allowed (i.e., flagged in the example of figure 3) operation 309 which in the case of unit 201a is F
  • the second input 313 should be valid such a physical address 107 in question resides within the preselected range 403 (also presuming that the state signal is off, or low, or binary zero, thereby indicating that the system is not in a privileged mode of operation).
  • status signal 113 should comprise an allowed (i.e., flagged in the example of figure 3) operation 309, which in the case of unit 201b is R, and the second input 313 should be valid such a physical address 107 in question resides within the preselected range 405, and so on.
  • allowed (i.e., flagged in the example of figure 3) operation 309 which in the case of unit 201b is R, and the second input 313 should be valid such a physical address 107 in question resides within the preselected range 405, and so on.
  • multiple ranges of each type may exist.
  • a processor 101 or a distinct memory management apparatus can pre-configure ranges of physical pages for each type.
  • the content of the physical pages can be migrated and their mapping adjusted accordingly to preserve type-wise contiguity, while making space for further allocations.
  • FIG. 5 is a schematic representation of a system according to an example.
  • memory can be attacked by exploiting a peripheral 501 that is capable of accessing a memory controller 503.
  • a peripheral can, in an example, be firewalled as described above.
  • a processor 505 CPU can control the firewall configuration of the peripheral 501, and handle any violations 507 that might be reported.
  • only certain peripherals might have a “fetch” status line, as not all need to fetch and execute instructions.
  • the examples described above are with reference to a system that can operate according to multiple modes of operation up to, for example, EL2. Should, e.g., a hypervisor be present, running in a higher privilege mode, it will have same or higher access rights, and can implement saving/restoring of an aggregate execution state, including but not limited to configuration of comparator units for example.
  • Examples in the present disclosure can be provided as methods, systems or machine- readable instructions, such as any combination of software, hardware, firmware or the like.
  • Such machine-readable instructions may be included on a computer readable storage medium (including but not limited to disc storage, CD-ROM, optical storage, etc.) having computer readable program codes therein or thereon.
  • the machine -readable instructions may, for example, be executed by a machine such as a general-purpose computer, user equipment such as a smart device, e.g., a smart phone, a special purpose computer, an embedded processor or processors of other programmable data processing devices to realize the functions described in the description and diagrams.
  • a processor or processing apparatus may execute the machine -readable instructions.
  • modules of apparatus for example, a module implementing a comparator unit, or a firewall structure and so on
  • modules of apparatus may be implemented by a processor executing machine readable instructions stored in a memory, or a processor operating in accordance with instructions embedded in logic circuitry.
  • the term 'processor' is to be interpreted broadly to include a CPU, processing unit, ASIC, logic unit, or programmable gate set etc.
  • the methods and modules may all be performed by a single processor or divided amongst several processors.
  • Such machine -readable instructions may also be stored in a computer readable storage that can guide the computer or other programmable data processing devices to operate in a specific mode.
  • the instructions may be provided on a non-transitory computer readable storage medium encoded with instructions, executable by a processor.
  • FIG. 6 is a schematic representation of a machine according to an example.
  • the machine 600 can be, e.g., a system or apparatus (e.g., 100), user equipment, or part thereof.
  • the machine 600 can comprise a firewall structure 601, such as that described above with reference to figures 2 and 3 for example.
  • the machine 600 comprises a processor 603, and a memory 605 to store instructions 607, executable by the processor 603.
  • the machine comprises a storage 609 that can be used to store mappings to/from virtual to physical memory addresses, permitted operations corresponding to memory ranges and so on as described above with reference to figures 1 to 5 for example.
  • the instructions 607 executable by the processor 603, can cause the machine 600 to regulate access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus.
  • the instructions 607 can cause the machine 600 to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
  • the machine 600 can implement a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus.
  • Such machine -readable instructions may also be loaded onto a computer or other programmable data processing devices, so that the computer or other programmable data processing devices perform a series of operations to produce computer-implemented processing, thus the instructions executed on the computer or other programmable devices provide an operation for realizing functions specified by flow(s) in the flow charts and/or block(s) in the block diagrams.
  • teachings herein may be implemented in the form of a computer or software product, such as a non-transitory machine-readable storage medium, the computer software or product being stored in a storage medium and comprising a plurality of instructions, e.g., machine readable instructions, for making a computer device implement the methods recited in the examples of the present disclosure.
  • Cloud-computing environments may provide various services and applications via the Internet. These cloud-based services (e.g., software as a service, platform as a service, infrastructure as a service, etc.) may be accessible through a web browser or other remote interface of the user equipment for example. Various functions described herein may be provided through a remote desktop environment or any other cloud-based computing environment.
  • the embodiments disclosed herein may also be implemented using software modules that perform certain tasks. These software modules may include script, batch, or other executable files that may be stored on a computer-readable storage medium or in a computing system. In some embodiments, these software modules may configure a computing system to perform one or more of the exemplary embodiments disclosed herein. In addition, one or more of the modules described herein may transform data, physical devices, and/or representations of physical devices from one form to another.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

In some examples, a memory management apparatus configured to access a data structure stored in a physical memory of a device, the data structure configured to map a virtual memory address to a physical memory address of the physical memory, can be configured to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the device.

Description

REGUEATING ACCESS TO MEMORY
Technical Field
The present disclosure relates, in general, to memory management. Aspects of the disclosure relate to regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory.
Background
In a computing apparatus, software components may be executed separately or in combination by a processor or processors within collections of computing resources referred to as process spaces or processes. Each process can be maintained separately by the processor and includes a collection of computing resources.
The collection of computing resources associated with a process space are accessible to software programs executing within the process and may include resources such as a virtual memory space and/or hardware components. The processor will, in general, separate and, when desired, isolate each process space from other process spaces such that programs executing in one process space may be prevented from accessing or modifying the computing resources associated with a different process space.
To provide security and to prevent one process, such as the user space of the computing apparatus, from inadvertently or maliciously accessing or modifying the computing resources belonging to a different process, the processor of the apparatus can implement and enforce a system of privilege levels. For example, a process that is executing at one privilege level may not be permitted to view or access computing resources associated with a different process that is executing at the same privilege level or at a lower or more restrictive privilege level that allows access to a smaller set of computing resources compared to another privilege level.
A processor can provide multiple privilege levels, also referred to as exception levels. For example, exception level zero (EEO), referred to as unprivileged execution, is the lowest privilege level, least privileged, and most restricted, while exception level three (EL3) is the highest privilege level, most privileged, and least restrictive. By way of example, in a computing apparatus based on the ARM architecture, exception level 1 (ELI) is often used for execution of an operating system (OS) process, and exception level 2 (EL2) is configured to provide hypervisor support. A process executing at the lowest privilege level is allowed to access and modify computing resources associated with its own process but is not allowed to access or modify computing resources associated with any other processes executing on the computing apparatus. Thus, user space applications are typically executed at the lowest privilege level, ELO, which is also the most restrictive privilege level. In contrast, a process executing at the next higher privilege level, such as ELI for example, can be allowed to access and modify computing resources of processes executing at the lowest privilege level, ELO, but cannot access, view or modify computing resources of any process executing at the same or higher privilege level, such as EL2 or EL3.
A computing apparatus will generally divide its memory into physical pages, each with a unique ID (address), which are then mapped to virtual addresses in such a that physical contiguity does not imply virtual contiguity, and vice versa. These mappings can be implemented through a tree-like data structure comprised of physical pages, called a page table. In the page table, a virtual memory address is used to generate a set of indexes which are used to navigate the tree. The leaves of the tree represent the mappings of virtual addresses into physical addresses. In other words by navigating the tree, it is possible to convert a virtual address into a physical one. Each leaf describes properties of the related physical page, such as whether it contains code that can be executed, write- protected data, etc.
Various forms of attack rely on the ability to alter the property of such mappings, as described by the leaves, as gateway for modifying the content of the associated physical pages, in a way that can be exploited to gain additional capabilities. One way of attacking the system is to alter the mapping of a page, for example by making it writable, so that the code itself can be altered. Another way is to inject code into a data page and later on make it executable by changing its mapping properties. Protecting the specific mapping does not help, since a physical page could be mapped at a different virtual address, making its properties modifiable through the alternative rogue mapping (double mapping).
To protect the mappings, privilege levels, as described above, can be leveraged. For example, a component running in Hypervisor mode can be used to validate and replicate mapping properties set by a kernel in ELI in EL2. Accordingly, even if ELI mappings are compromised it is unlikely that an attacker will be able to tamper with EL2, and any modification of either protected data or code will trigger an exception in EL2. This can work well to prevent tampering with page properties, because it does not add any overhead on regular page operations. However, when registering/unregistering new chunks of protected memory, there is a transition from ELI to EL2 (and back). The same type of overhead impacts changes to the content of protected-but-modifiable pages, which, generally speaking, constitutes the vast majority of cases.
A Page Protection Layer (PPL) can be used to form an enclave inside ELI, retaining kernel context, while expanding on the capabilities (such as accessing/altering protected registers and modifying protected memory). A PPL does not have a second- stage page mapping to self-protect against double-mapping, and therefore it needs to protect all the page tables and perform validation on what gets mapped/unmapped. However, validation of the entire page table adds an overhead to any mapping being performed, which is not desirable from speed perspective. The validation also has to be performed on mappings which are unlikely to be abused.
Summary
An objective of the present disclosure is to provide a secure mechanism to protect code and critical data of an operating system kernel against attacks which have gained the capability of both reading and writing memory with regular protection.
The foregoing and other objectives are achieved by the features of the independent claims.
Further implementation forms are apparent from the dependent claims, the description and the Figures.
A first aspect of the present disclosure provides a memory management apparatus configured to access a data structure stored in a physical memory of a device, the data structure configured to map a virtual memory address to a physical memory address of the physical memory, the memory management apparatus configured to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the device.
Accordingly, code and critical data can be protected whilst avoiding overheads introduced by protection mechanisms, such as PPL for example, which introduce delays when vetting modifications to a page table even when pages affected are not relevant to either the code or critical data in question. Furthermore, access to non-protected context is retained even when operating withing the protected context.
In an implementation of the first aspect, the output condition signal can be provided to a processor of the device in the event that the output condition signal represents an exception value.
Thus, in the event that the validation of an operation fails, an exception signal can be sent back to, e.g., the system processor. The system processor can then, in an escalated (e.g., privileged) mode of operation determine the nature of the operation that resulted in the exception in order to determine whether an attack is in progress for example. Accordingly, overheads associated with vetting of modifications to a page table are reduced or removed.
According to an example, the determined physical memory address can be provided to a memory controller of the device in the event that the output condition signal represents an allowed value. The memory management apparatus can determine, using the state signal, whether the processor of the device is operating in a protected state. The memory management apparatus can prevent write access to physical memory addresses within the predetermined physical memory address range.
A second aspect of the present disclosure provides a firewall structure for a memory management apparatus of a device, the firewall structure comprising a first comparator unit to receive a first status signal representing an operation for a first virtual memory address, compare the received first status signal with a set of allowed operations for a first physical memory address of a physical memory, the first physical memory address determined from the first virtual memory address using a data structure, and generate a first output based on the comparison for the received first status signal, compare the first physical memory address with a first predetermined physical memory address range, and generate a second output based on the comparison for the determined first physical memory address, and generate a first validation signal using the first output, the second output and a state signal representing a state of operation of the device.
In an implementation of the second aspect, a second comparator unit can receive a second status signal representing an operation for a second virtual memory address, compare the received second status signal with a set of allowed operations for a second physical memory address of the physical memory, the second physical memory address determined from the second virtual memory address using the data structure, and generate a third output based on the comparison for the received second status signal, compare the second physical memory address with a second predetermined physical memory address range, and generate a fourth output based on the comparison for the determined second physical memory address, and generate a second validation signal using the third output, the fourth output and the state signal.
The firewall structure can generate an output condition signal using the first validation signal and the second validation signal. The firewall structure can generate the output condition signal by performing a logical operation using the first validation signal and the second validation signal.
A third aspect of the present disclosure provides an apparatus comprising a processor and a memory management apparatus, the memory management apparatus comprising a data structure configured to map a virtual memory address to a physical memory address for a memory of the apparatus, wherein the memory management apparatus is configured to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus from the processor, receive, from the processor, a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
In an implementation of the third aspect, the processor can provide the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value. The processor can determine, using the state signal, whether the apparatus is operating in a protected state. The processor can prevent write access to physical memory addresses within the predetermined physical memory address range.
A fourth aspect of the present disclosure provides a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the method comprising using the data structure, determining a physical memory address from a virtual memory address, receiving a status signal representing an operation for the virtual memory address, comparing the received status signal with a set of allowed operations for the determined physical memory address, and generating a first output based on the comparison for the received status signal, comparing the determined physical memory address with a predetermined physical memory address range, and generating a second output based on the comparison for the determined physical memory address, and generating an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus. The method can further comprise providing the output condition signal to a processor of the apparatus in the event that the output condition signal represents an exception value. The method can further comprise providing the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value. The method can further comprise determining, using the state signal, whether the processor of the apparatus is operating in a protected state. The method can further comprise preventing write access to physical memory addresses within the predetermined physical memory address range.
A fifth aspect of the present disclosure provides a machine -readable storage medium encoded with instructions for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the instructions executable by a processor of the apparatus, whereby to cause the apparatus to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
These and other aspects of the invention will be apparent from the embodiment(s) described below.
Figure imgf000009_0001
In order that the present invention may be more readily understood, embodiments of the invention will now be described, by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a schematic representation of an apparatus according to an example; Figure 2 is a schematic representation of a firewall structure according to an example;
Figure 3 is a schematic representation of a comparator unit according to an example;
Figure 4 is a schematic representation of use of comparator units according to an example;
Figure 5 is a schematic representation of a system according to an example; and
Figure 6 is a schematic representation of a machine according to an example.
Detailed
Example embodiments are described below in sufficient detail to enable those of ordinary skill in the art to embody and implement the systems and processes herein described. It is important to understand that embodiments can be provided in many alternate forms and should not be construed as limited to the examples set forth herein.
Accordingly, while embodiments can be modified in various ways and take on various alternative forms, specific embodiments thereof are shown in the drawings and described in detail below as examples. There is no intent to limit to the particular forms disclosed. On the contrary, all modifications, equivalents, and alternatives falling within the scope of the appended claims should be included. Elements of the example embodiments are consistently denoted by the same reference numerals throughout the drawings and detailed description where appropriate.
The terminology used herein to describe embodiments is not intended to limit the scope. The articles “a,” “an,” and “the” are singular in that they have a single referent, however the use of the singular form in the present document should not preclude the presence of more than one referent. In other words, elements referred to in the singular can number one or more, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “includes,” and/or “including,” when used herein, specify the presence of stated features, items, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, items, steps, operations, elements, components, and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein are to be interpreted as is customary in the art. It will be further understood that terms in common usage should also be interpreted as is customary in the relevant art and not in an idealized or overly formal sense unless expressly so defined herein.
According to an example, there is provided a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus. The method can protect code and critical data whilst avoiding overheads introduced by protection mechanisms, such as PPL for example, which introduce delays when vetting modifications to the page table even when pages affected are not relevant to either code or critical data. In an implementation, access to nonprotected context is retained even when operating withing the protected context. Certain examples described herein make reference to aspects such as privilege levels that can be implemented in an ARM architecture. However, the present systems and methods are equally applicable to other architectures in which the same concepts can be implemented. For example, the implementation of a Translation Lookaside Buffer can vary between architectures, although the overarching principle of caching (e.g., in view of recently queried address spaces and so on) is universally applicable.
In an example, overheads can be reduced by confining both code and data to protect to a handful of ranges (e.g., stemming from a single point in a page table) such as kernel code and/or kernel critical data for example. A protection mechanism, such as PPL for example, can be used to protect a sub-section of a page table related to the previous point and its roots. Physical pages from a handful of contiguous ranges (ideally just one) can be used, and a hardware firewall can be implemented in order to prevent write access to physical pages within the ranges from the previous point, unless the write operations are performed from within protected mode, such as PPL mode for example.
According to an example, a page table can therefore be implemented such that it comprises both protected and unprotected pages, and in order to alter protected pages, a system can transition into a protected mode of operation, such as a PPL mode. In an example, non-protected pages can be altered without any overhead, thus improving overall system performance when creating/tearing down temporary mappings. As a side effect, an attacker (who has, e.g., gained R/W capability on unprotected kernel data) can create double mappings of protected pages, which can exhibit different properties. For example, an attacker could double map a non-protected and writable page as a page which can be modifiable exclusively in a protected mode of operation. However, a double mapping is not an issue, as long as it is not usable. That is, a protected page can be mapped in an arbitrary number of places and ways in ELI, but what matters is that its content is accessed only accordingly to a legitimate mapping which is replicated out of the attacker’s reach, in EL2. Any other access pattern which violates an EL2 mapping will trigger an EL2 exception. This has a significant performance advantage over previous protection systems because legitimate accesses do not incur any performance penalty.
According to an example, one or more comparator units can be configured to enable a certain operation on a memory bus of a system to be blocked should such an operation prove incompatible with selected predefined ranges that are configured during, e.g., system boot. In an example, ranges can be compared with both the address of the operation currently being attempted, and the type of operation attempted. Range configuration can be implemented exclusively in a protected mode of operation of a system. For example, at system boot, a certain range of contiguous physical memory pages can be reserved, and the start/end values can be stored in a status checker comprising a pair of comparators (one for each extreme of the range). An enable line representing the status of a system processor can be used to check whether the system is in a protected mode of operation or not. If it is, the test is skipped. However, if the process is not in a protected mode of operation, and it attempts to write, this can be configured to cause an exception.
Figure 1 is a schematic representation of an apparatus according to an example. In the example of figure 1, apparatus 100 comprises a processor 101 and a memory management apparatus 103. In an example, memory management apparatus 103 is configured to provide a data structure configured to map a virtual memory address 105 to a physical memory address 107 for a memory 109 of the apparatus 100. The memory management apparatus 103 can use the data structure, which can be provided in a translation lookaside buffer 111 of the memory management apparatus 103 for example, to determine the physical memory address 107 from a virtual memory address 105 received by the memory management apparatus 103 from the processor 101. A status signal 113 representing an operation for the virtual memory address 105 can be received by the memory management apparatus 103 from processor 101. A firewall structure 117 of the memory management apparatus 103 can compare the received status signal 113 with a set of allowed operations for the determined physical memory address 107, and generate a first output based on the comparison for the received status signal.
The determined physical memory address 107 can be compared with a predetermined physical memory address range, and the firewall structure 117 of the memory management apparatus 103 can generate a second output based on the comparison for the determined physical memory address 107. An output condition signal can be generated by the memory management apparatus 103 using the first output, the second output and a state signal representing a state of operation of the apparatus. That is, the output condition signal can represent the outcome of a validation as to whether the determined physical memory address is accessible according to the requirements laid out by the status signal in view of the predetermined physical memory address range. If validation fails, an exception signal 115 can be sent back to the processor 101. The exception can be dealt with the processor 101 in a secure mode of operation.
Accordingly, it is possible to utilise the page protection layer to protect sub-sections of the page table associated with protected data and code, and use physical pages exclusively from a handful of contiguous ranges. The firewall structure prevents changes to physical pages within the protected ranges, unless the system is in a specific mode of operation, such as a privileged mode of operation. Translation operations 111 can be validated in view of the status signal 113, based on the virtual address 105, and operations on the physical address 107 can be validated by the firewall structure 117, also with reference to the status signal 113. This limits overhead only to modifications of the page tables for protected data and code.
Figure 2 is a schematic representation of a firewall structure according to an example. In the example of figure 2, the firewall structure 117 comprises a first comparator unit 201 to receive a first status signal 113 representing an operation for a first virtual memory address 105. The status signal 113 can be received from processor 101 for example. The comparator unit 201 can compare the received first status signal 113 with a set of allowed operations for a first physical memory address 107 of a physical memory 109, where the first physical memory address 107 can be determined from the first virtual memory address 105 using a data structure, such as a data structure configured to map a virtual memory address to a physical memory address of the physical memory 109. Comparator unit 201 can generate a first output (described in more detail below) based on the comparison for the received first status signal, and compare the first physical memory address with a first predetermined physical memory address range to generate a second output based on the comparison for the determined first physical memory address. A first validation signal 203 can be generated using the first output, the second output and a state signal representing a state of operation of the device.
As can be seen from figure 2, multiple such comparator units can be provided in a firewall structure 117 according to an example. Each such comparator unit can generate a validation signal, and these can be used to determine the output condition signal 205. Accordingly, firewall structure 117 can comprise multiple comparator units, each of which configured to validate an operation being executed against a specific operation and address range. Should the pair (operation, target) match the target of a comparator unit, the output condition signal 205 can signify an exception condition in which an operation is not validated against the predefined criteria.
Figure 3 is a schematic representation of a comparator unit according to an example. The comparator unit 201 is configured to signal an error condition when the physical address 107 falls within a programmed range 301 and the status signal 113 indicates a forbidden or otherwise invalid operation. In an example, an error condition can be negated (that is, effectively bypassed) using a signal 305 representing a privileged mode of operations. Processor 101 can be used to set the upper and/or lower bound of the range 301 of a comparator unit 201, and also the signal 113 that is used to trigger an error condition if the physical address 107 lies within lower and upper bounds.
Referring to figure 3, a comparator unit 201 comprises logic 307 that can be set using, e.g., processor 101, that identifies operations 309 that are permitted for a memory range that falls within the predefined range 301. In an example, a comparator unit can perform a validation process within a single clock cycle of the system.
In the example of figure 3, the operations comprise ‘read’, ‘fetch’, and ‘write’, and refer to the actions which are permitted for a memory address. Any one or more of these operations may be flagged, indicating that the operation(s) in question is not permitted (i.e., forbidden). In an alternative example, no operations may be flagged. In the example of figure 3, the operation ‘fetch’ is flagged, meaning that a physical memory address 107 may not be fetched for execution from its location in the event that it falls within the range defined in block 301. The fact that the other operations in logic 307 of figure 3 are not flagged means that they may be performed for the address 107 irrespective of whether that address falls within the range of 301 or not. That is, according to an example, in order to be able to perform an operation on a physical memory address within the preselected range 301 defined by the upper and lower bounds, the operation must not be flagged as a forbidden operation . The converse may equally be possible, such that, for example, a flagged operation is one that may be permitted. In this case, the corresponding adjustments to the logical signals relating to the address range and mode of operation can be made in order to arrive at a desired output to indicate a forbidden operation.
In the example of figure 3, the status signal 113 is therefore compared with a set of forbidden operations 309 for the determined physical memory address 107 in order to generate a first output 311. The determined physical memory address 107 is compared with a predetermined physical memory address range 301 in order to generate a second output 313. The output condition signal 203 is generated using the first output 311, the second output 313 and a state signal 305 representing a state of operation of the device. The output condition signal 203 can, in an example, be generated on the basis of logic 315 that takes the first output 311, the second output 313 and the state signal 305 as input. In the example of figure 3, when the first output 311 is e.g., high or binary 1, thereby indicating that the status signal 113 comprises a forbidden (i.e., flagged in the example of figure 3) operation 309, and the second input 313 is valid (e.g., high or binary 1), thereby indicating that the physical address 107 is within the preselected range 301, and the state signal is off, or low, or binary zero, thereby indicating that the system is not in a privileged mode of operation, the output of the logic 315, i.e., the signal 203, will be high or binary 1, thereby indicating that i) the physical address 107 is within the preselected range 301, and ii) the desired operation for the physical address 107 is a forbidden action, and iii) the system is not in a privileged mode of operation. In the case that any one of the first output 311, the second output 313 and the state signal 305 comprise values that are different from those described above for this specific example, the signal 203 will be different, thereby indicating that one or more of the physical address 107 is not within the preselected range 301, ii) the desired operation for the physical address 107 is an allowed action, iii) the system is in a privileged mode of operation.
Accordingly, with reference to figure 3 and in terms of the logic presented therein, when a forbidden operation is attempted, it will generate a match (i.e., logic 1) as input to the AND gate 315. Similarly, if the address range falls within the address range programmed in the comparator, it will also generate a logic 1. If the processor is not in a privileged mode, that will mean an input of logic 0, which will then be converted to a logic 1, by the NOT on that specific input of the AND gate 315. The overall result will be therefore that a forbidden operation performed on the programmed range will give rise to an error unless the processor is in a privileged (e.g., PPL) mode. In an example, the status signal 113 may comprise multiple data items representing, e.g., an operation for use by logic 307 and/or a state signal 305. With reference to figure 2 for example, one or more status signals 113 may be transmitted over a bus 207 to multiple comparator units 201. Similarly, data representing a physical address 107 may be transmitted over a bus 209 to multiple comparator units 201.
Figure 4 is a schematic representation of use of comparator units according to an example. In the example of figure 4, three comparator units, 201a-c, are depicted in a simplified form (compared to, e.g., figure 3) in which their respective allowed operations 309 are shown circled. Accordingly, forbidden operations for unit 201a are ‘write’ (W) and ‘read’ (R) (only ‘fetch’ (F) is allowed (it is not flagged), i.e., executable memory), forbidden operations for unit 201b are W and F (only R allowed, i.e., read-only data memory), and a forbidden operation for unit 201c is F (both R and W allowed, i.e., read-write data memory). Each comparator unit 201a-c is logically mapped to respective contiguous ranges of physical memory addresses 401. For example, comparator unit 201a is mapped to range 403, comparator unit 201b is mapped to range 405, and comparator unit 201c is mapped to range 407. Accordingly, and with reference to figure 3, in order for an operation to be executed with respect to one or more of the physical memory addresses in the range 403, status signal 113 should comprise an allowed (i.e., flagged in the example of figure 3) operation 309, which in the case of unit 201a is F, and the second input 313 should be valid such a physical address 107 in question resides within the preselected range 403 (also presuming that the state signal is off, or low, or binary zero, thereby indicating that the system is not in a privileged mode of operation). Similarly, for an operation to be executed with respect to one or more of the physical memory addresses in the range 405, status signal 113 should comprise an allowed (i.e., flagged in the example of figure 3) operation 309, which in the case of unit 201b is R, and the second input 313 should be valid such a physical address 107 in question resides within the preselected range 405, and so on. Depending on availability of Comparator Units, multiple ranges of each type may exist.
According to an example, a processor 101, or a distinct memory management apparatus can pre-configure ranges of physical pages for each type. Thus, once the available comparator units are allocated, the content of the physical pages can be migrated and their mapping adjusted accordingly to preserve type-wise contiguity, while making space for further allocations.
Figure 5 is a schematic representation of a system according to an example. With reference to figure 5, it is possible that memory can be attacked by exploiting a peripheral 501 that is capable of accessing a memory controller 503. Such a peripheral can, in an example, be firewalled as described above. For example, it is possible to replicate the same scheme that was described for a memory management apparatus. A difference is that a processor 505 CPU can control the firewall configuration of the peripheral 501, and handle any violations 507 that might be reported. In an example, only certain peripherals might have a “fetch” status line, as not all need to fetch and execute instructions. The examples described above are with reference to a system that can operate according to multiple modes of operation up to, for example, EL2. Should, e.g., a hypervisor be present, running in a higher privilege mode, it will have same or higher access rights, and can implement saving/restoring of an aggregate execution state, including but not limited to configuration of comparator units for example.
Examples in the present disclosure can be provided as methods, systems or machine- readable instructions, such as any combination of software, hardware, firmware or the like. Such machine-readable instructions may be included on a computer readable storage medium (including but not limited to disc storage, CD-ROM, optical storage, etc.) having computer readable program codes therein or thereon.
The present disclosure is described with reference to flow charts and/or block diagrams of the method, devices and systems according to examples of the present disclosure. Although the flow diagrams described above show a specific order of execution, the order of execution may differ from that which is depicted. Blocks described in relation to one flow chart may be combined with those of another flow chart. In some examples, some blocks of the flow diagrams may not be necessary and/or additional blocks may be added. It shall be understood that each flow and/or block in the flow charts and/or block diagrams, as well as combinations of the flows and/or diagrams in the flow charts and/or block diagrams can be realized by machine readable instructions.
The machine -readable instructions may, for example, be executed by a machine such as a general-purpose computer, user equipment such as a smart device, e.g., a smart phone, a special purpose computer, an embedded processor or processors of other programmable data processing devices to realize the functions described in the description and diagrams. In particular, a processor or processing apparatus may execute the machine -readable instructions. Thus, modules of apparatus (for example, a module implementing a comparator unit, or a firewall structure and so on) may be implemented by a processor executing machine readable instructions stored in a memory, or a processor operating in accordance with instructions embedded in logic circuitry. The term 'processor' is to be interpreted broadly to include a CPU, processing unit, ASIC, logic unit, or programmable gate set etc. The methods and modules may all be performed by a single processor or divided amongst several processors.
Such machine -readable instructions may also be stored in a computer readable storage that can guide the computer or other programmable data processing devices to operate in a specific mode. For example, the instructions may be provided on a non-transitory computer readable storage medium encoded with instructions, executable by a processor.
Figure 6 is a schematic representation of a machine according to an example. The machine 600 can be, e.g., a system or apparatus (e.g., 100), user equipment, or part thereof. The machine 600 can comprise a firewall structure 601, such as that described above with reference to figures 2 and 3 for example. The machine 600 comprises a processor 603, and a memory 605 to store instructions 607, executable by the processor 603. The machine comprises a storage 609 that can be used to store mappings to/from virtual to physical memory addresses, permitted operations corresponding to memory ranges and so on as described above with reference to figures 1 to 5 for example.
The instructions 607, executable by the processor 603, can cause the machine 600 to regulate access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus. The instructions 607 can cause the machine 600 to using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus, receive a status signal representing an operation for the virtual memory address, compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal, compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address, and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
Accordingly, the machine 600 can implement a method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus.
Such machine -readable instructions may also be loaded onto a computer or other programmable data processing devices, so that the computer or other programmable data processing devices perform a series of operations to produce computer-implemented processing, thus the instructions executed on the computer or other programmable devices provide an operation for realizing functions specified by flow(s) in the flow charts and/or block(s) in the block diagrams.
Further, the teachings herein may be implemented in the form of a computer or software product, such as a non-transitory machine-readable storage medium, the computer software or product being stored in a storage medium and comprising a plurality of instructions, e.g., machine readable instructions, for making a computer device implement the methods recited in the examples of the present disclosure.
In some examples, some methods can be performed in a cloud-computing or networkbased environment. Cloud-computing environments may provide various services and applications via the Internet. These cloud-based services (e.g., software as a service, platform as a service, infrastructure as a service, etc.) may be accessible through a web browser or other remote interface of the user equipment for example. Various functions described herein may be provided through a remote desktop environment or any other cloud-based computing environment.
While various embodiments have been described and/or illustrated herein in the context of fully functional computing systems, one or more of these exemplary embodiments may be distributed as a program product in a variety of forms, regardless of the particular type of computer-readable-storage media used to actually carry out the distribution. The embodiments disclosed herein may also be implemented using software modules that perform certain tasks. These software modules may include script, batch, or other executable files that may be stored on a computer-readable storage medium or in a computing system. In some embodiments, these software modules may configure a computing system to perform one or more of the exemplary embodiments disclosed herein. In addition, one or more of the modules described herein may transform data, physical devices, and/or representations of physical devices from one form to another.
The preceding description has been provided to enable others skilled in the art to best utilize various aspects of the exemplary embodiments disclosed herein. This exemplary description is not intended to be exhaustive or to be limited to any precise form disclosed.
Many modifications and variations are possible without departing from the spirit and scope of the instant disclosure. The embodiments disclosed herein should be considered in all respects illustrative and not restrictive. Reference should be made to the appended claims and their equivalents in determining the scope of the instant disclosure.

Claims

Claims
1. A memory management apparatus configured to access a data structure stored in a physical memory of a device, the data structure configured to map a virtual memory address to a physical memory address of the physical memory, the memory management apparatus configured to: using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus; receive a status signal representing an operation for the virtual memory address; compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal; compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address; and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the device.
2. The memory management apparatus as claimed in claim 1, further configured to: provide the output condition signal to a processor of the device in the event that the output condition signal represents an exception value.
3. The memory management apparatus as claimed in claim 1 or 2, further configured to: provide the determined physical memory address to a memory controller of the device in the event that the output condition signal represents an allowed value.
4. The memory management apparatus as claimed in any preceding claim, further configured to determine, using the state signal, whether the processor of the device is operating in a protected state.
5. The memory management apparatus as claimed in any preceding claim, further configured to prevent write access to physical memory addresses within the predetermined physical memory address range.
6. A firewall structure for a memory management apparatus of a device, the firewall structure comprising a first comparator unit to: receive a first status signal representing an operation for a first virtual memory address; compare the received first status signal with a set of allowed operations for a first physical memory address of a physical memory, the first physical memory address determined from the first virtual memory address using a data structure, and generate a first output based on the comparison for the received first status signal; compare the first physical memory address with a first predetermined physical memory address range, and generate a second output based on the comparison for the determined first physical memory address; and generate a first validation signal using the first output, the second output and a state signal representing a state of operation of the device.
7. The firewall structure as claimed in claim 6, further comprising a second comparator unit to: receive a second status signal representing an operation for a second virtual memory address; compare the received second status signal with a set of allowed operations for a second physical memory address of the physical memory, the second physical memory address determined from the second virtual memory address using the data structure, and generate a third output based on the comparison for the received second status signal; compare the second physical memory address with a second predetermined physical memory address range, and generate a fourth output based on the comparison for the determined second physical memory address; and generate a second validation signal using the third output, the fourth output and the state signal.
8. The firewall structure as claimed in claim 7, further configured to: generate an output condition signal using the first validation signal and the second validation signal.
9. The firewall structure as claimed in claim 8, further configured to generate the output condition signal by performing a logical operation using the first validation signal and the second validation signal.
10. An apparatus comprising a processor and a memory management apparatus, the memory management apparatus comprising a data structure configured to map a virtual memory address to a physical memory address for a memory of the apparatus, wherein the memory management apparatus is configured to: using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus from the processor; receive, from the processor, a status signal representing an operation for the virtual memory address; compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal; compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address; and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
11. The apparatus as claimed in claim 10, wherein the processor is further configured to: provide the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value.
12. The apparatus as claimed in claim 10 or 11, wherein the processor is further configured to: determine, using the state signal, whether the apparatus is operating in a protected state.
13. The apparatus as claimed in claim 10, wherein the processor is further configured to: prevent write access to physical memory addresses within the predetermined physical memory address range.
14. A method for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the method comprising: using the data structure, determining a physical memory address from a virtual memory address; receiving a status signal representing an operation for the virtual memory address; comparing the received status signal with a set of allowed operations for the determined physical memory address, and generating a first output based on the comparison for the received status signal; comparing the determined physical memory address with a predetermined physical memory address range, and generating a second output based on the comparison for the determined physical memory address; and generating an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
15. The method as claimed in claim 14, further comprising: providing the output condition signal to a processor of the apparatus in the event that the output condition signal represents an exception value.
16. The method as claimed in claim 14 or 15, further comprising: providing the determined physical memory address to a memory controller of the apparatus in the event that the output condition signal represents an allowed value.
17. The method as claimed in any of claims 14 to 16, further comprising: determining, using the state signal, whether the processor of the apparatus is operating in a protected state.
18. The method as claimed in any of claims 14 to 17, further comprising: preventing write access to physical memory addresses within the predetermined physical memory address range.
19. A machine -readable storage medium encoded with instructions for regulating access to a predetermined set of content in a data structure defining a mapping between a set of virtual memory addresses and a set of physical memory addresses of a physical memory for an apparatus, the instructions executable by a processor of the apparatus, whereby to cause the apparatus to: using the data structure, determine a physical memory address from a virtual memory address received by the memory management apparatus; receive a status signal representing an operation for the virtual memory address; compare the received status signal with a set of allowed operations for the determined physical memory address, and generate a first output based on the comparison for the received status signal; compare the determined physical memory address with a predetermined physical memory address range, and generate a second output based on the comparison for the determined physical memory address; and generate an output condition signal using the first output, the second output and a state signal representing a state of operation of the apparatus.
PCT/EP2021/078588 2021-10-15 2021-10-15 Regulating access to memory WO2023061607A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/EP2021/078588 WO2023061607A1 (en) 2021-10-15 2021-10-15 Regulating access to memory
CN202180102085.2A CN117916720A (en) 2021-10-15 2021-10-15 Regulating access to memory

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/078588 WO2023061607A1 (en) 2021-10-15 2021-10-15 Regulating access to memory

Publications (1)

Publication Number Publication Date
WO2023061607A1 true WO2023061607A1 (en) 2023-04-20

Family

ID=78212123

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/078588 WO2023061607A1 (en) 2021-10-15 2021-10-15 Regulating access to memory

Country Status (2)

Country Link
CN (1) CN117916720A (en)
WO (1) WO2023061607A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2396930A (en) * 2002-11-18 2004-07-07 Advanced Risc Mach Ltd Managing access to secure and non-secure memory with descriptor tables
WO2014122415A1 (en) * 2013-02-05 2014-08-14 Arm Limited Virtualisation supporting guest operating systems using memory protection units

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2396930A (en) * 2002-11-18 2004-07-07 Advanced Risc Mach Ltd Managing access to secure and non-secure memory with descriptor tables
WO2014122415A1 (en) * 2013-02-05 2014-08-14 Arm Limited Virtualisation supporting guest operating systems using memory protection units

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
EVTYUSHKIN DMITRY ET AL: "Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution", 2014 47TH ANNUAL IEEE/ACM INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE; [PROCEEDINGS OF THE ANNUAL ACM/IEEE INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE], IEEE COMPUTER SOCIETY, 1730 MASSACHUSETTS AVE., NW WASHINGTON, DC 20036-1992 USA, 13 December 2014 (2014-12-13), pages 190 - 202, XP032725067, ISSN: 1072-4451, ISBN: 978-0-7695-3047-5, [retrieved on 20150115], DOI: 10.1109/MICRO.2014.25 *
WANG JIE WANGJIE@IIE AC CN ET AL: "TrustICT an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors", COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2020, ACMPUB27, NEW YORK, NY, USA, 16 November 2020 (2020-11-16), pages 271 - 284, XP058660184, ISBN: 978-1-4503-7590-0, DOI: 10.1145/3384419.3430718 *

Also Published As

Publication number Publication date
CN117916720A (en) 2024-04-19

Similar Documents

Publication Publication Date Title
US10073986B2 (en) Regulating access to and protecting portions of applications of virtual machines
US7631160B2 (en) Method and apparatus for securing portions of memory
US10198578B2 (en) Secure privilege level execution and access protection
JP6652491B2 (en) Area specifying operation for specifying the area of the memory attribute unit corresponding to the target memory address
US7401358B1 (en) Method of controlling access to control registers of a microprocessor
US7043616B1 (en) Method of controlling access to model specific registers of a microprocessor
US9390031B2 (en) Page coloring to associate memory pages with programs
RU2510074C2 (en) System and method of checking executable code before execution thereof
KR102189296B1 (en) Event filtering for virtual machine security applications
JP7304359B2 (en) Apparatus and method for storing bounded pointers
US7130977B1 (en) Controlling access to a control register of a microprocessor
US20080077767A1 (en) Method and apparatus for secure page swapping in virtual memory systems
US7082507B1 (en) Method of controlling access to an address translation data structure of a computer system
US9158710B2 (en) Page coloring with color inheritance for memory pages
WO2013101208A1 (en) Hardware enforced memory access permissions
CN116583840A (en) Fast peripheral component interconnect protection controller
US7512768B2 (en) Dynamically sharing a stack between different code segments
KR20230101826A (en) Techniques for restricting access to memory using capabilities
WO2023061607A1 (en) Regulating access to memory
KR20240004738A (en) Techniques for restricting access to memory using capabilities
WO2013074071A1 (en) Regulating access to and protecting portions of applications of virtual machines
WO2022128142A1 (en) Apparatus and method for managing access to data memory by executable codes based on execution context
JP2009104555A (en) Method and apparatus for preventing alteration of software agent operating in vt environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21793918

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202180102085.2

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21793918

Country of ref document: EP

Kind code of ref document: A1