Page granular curtained memory via mapping control

US 20030200405A1
Filed: 04/17/2002
Published: 10/23/2003
Est. Priority Date: 04/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method of restricting access to memory, the method comprising:

storing data in a memory location;

determining whether the data is trusted or non-trusted data; and

mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods of providing and limiting access to trusted memory are provided. Trusted memory pages are not mapped with page map pages. When a central processor is operated in a page-mapping mode, access to the trusted memory is limited. In particular, without mapping information, software and hardware modules cannot access and modify the contents of trusted memory sections.

78 Citations

View as Search Results

23 Claims

1. A method of restricting access to memory, the method comprising:
- storing data in a memory location;
  
  determining whether the data is trusted or non-trusted data; and
  
  mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - configuring a processor that controls access to the at least one page map page to run in a page-mapping mode.
  - 3. The method of claim 2, further comprising:
    - declaring a security violation when the processor changes from the page-mapping mode.
  - 4. The method of claim 2, further comprising:
    - declaring a security violation when the processor changes to another page-mapping mode.
  - 5. The method of claim 1, further comprising:
    - configuring a processor that controls access to the at least one page map page to run in a segment-mapping mode.
  - 6. The method of claim 5, further comprising:
    - declaring a security violation when the processor changes from the segment-mapping mode.
  - 7. The method of claim 1, further comprising:
    - storing entries in the at least one page map page in read only format.
  - 8. The method of claim 7, further including:
    - declaring a security violation when an attempt is made to write data to a read only page map page entry.
  - 9. The method of claim 8, further including:
    - aborting the attempt when the attempt is not a legal operation.
  - 10. The method of claim 1 wherein the data is trusted data stored in a physical memory page and further comprising:
    - identifying the physical memory page as trusted memory in a trusted page vector.

11. A computer-readable medium contain computer-executable instructions for causing a computer device to perform the steps comprising:
- storing data in a memory location;
  
  determining whether the data is trusted or non-trusted data; and
  
  mapping the memory location with at least one page map page stored in a non-trusted memory section only when the data is non-trusted data.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer-readable medium of claim 11, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - configuring a processor that controls access to the at least one page map page to run in a page-mapping mode.
  - 13. The computer-readable medium of claim 12, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - declaring a security violation when the processor changes from the page-mapping mode.
  - 14. The computer-readable medium of claim 12, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - declaring a security violation when the processor changes to another page-mapping mode.
  - 15. The computer-readable medium of claim 12, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - storing entries in the at least one page map page in read only format.
  - 16. The computer-readable medium of claim 15, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - declaring a security violation when an attempt is made to write data to a read only page map page entry.
  - 17. The computer-readable medium of claim 12, further including computer-executable instructions for causing the computer device to perform the step comprising:
    - identifying the physical memory page as trusted memory in a trusted page vector when the data is trusted data.

18. A device for restricting direct memory access to a first memory, the device coupled to a central processing unit and comprising:
- a second memory containing a direct memory access exclusion vector containing access values that identify physical memory pages that do not allow direct memory access;
  
  a restriction module coupled to the central processing unit, the first memory and the second memory, the restriction module configured to perform the steps comprising;
  
  receiving an identification of a physical memory page in the first memory;
  
  comparing the identification to an access value for the physical memory page in the direct memory access exclusion vector; and
  
  allowing direct memory access to the physical memory page only when the access value allows direct memory access.
- View Dependent Claims (19, 20, 21, 23)
- - 19. The device of claim 18, wherein the first memory and the second memory are implemented in the same memory module.
  - 20. The device of claim 19, wherein the identification of the physical memory page is received from a peripheral device having bus master access.
  - 21. The device of claim 18, further including:
    - a third memory that contains at least one page map page mapping only physical memory pages that are identified as non-trusted.
  - 23. The computer device of claim 20, wherein the central processor unit is operated in a page-mapping mode.

22. A computer device configured to limit access to memory, the computer device comprising:
- a central processor unit configured to operate in a trusted mode and a non-trusted mode;
  
  a first memory containing physical memory pages;
  
  a second memory containing at least one non-trusted page map page that only maps the physical memory pages that are identified as non-trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Willman, Bryan Mark

Granted Patent

US 6,986,006 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/145 the protection being virtua...

G06F 12/1491 in a hierarchical protectio...

Page granular curtained memory via mapping control

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Page granular curtained memory via mapping control

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links