Special-use heaps

US 20050246511A1
Filed: 04/30/2004
Published: 11/03/2005
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A system for managing at least two different classes of data comprising:

one or more memory management components that create plural heaps, there being different sets of rules regarding use of data on each of the heaps, said one or more memory management components exposing functions for use by a program, said functions being configured to store and/or consume data, said functions further being configured to;

(1) determine which of said heaps to store data in based on the nature or intended use of the data; and

(2) determine whether a requested use of data is consistent with the rules applicable to the data based on which heap the data is located on; and

wherein said functions take one or more measures to prevent violation of the rules applicable to each of the heaps.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Special purpose heaps are created to store different classes of data to which different rules apply. A library of functions is provided which is designed to respect the different classes of rules that apply to the different heaps, by storing data only on a heap that is designated for use with the proper class of data, and by resisting the performance of actions on data in a heap that is inconsistent with the rules that apply to the heap. The use of plural heaps in this manner discourages programmer error in which an operation is performed on data that is inconsistent with the data, since the programmer would explicitly have to copy data from one heap to the other in order to perform the action. In one example, one heap is designated for the storage of secret data, and another heap is designated for general-purpose (non-secret) data.

Citations

26 Claims

1. A system for managing at least two different classes of data comprising:
- one or more memory management components that create plural heaps, there being different sets of rules regarding use of data on each of the heaps, said one or more memory management components exposing functions for use by a program, said functions being configured to store and/or consume data, said functions further being configured to;
  
  (1) determine which of said heaps to store data in based on the nature or intended use of the data; and
  
  (2) determine whether a requested use of data is consistent with the rules applicable to the data based on which heap the data is located on; and
  
  wherein said functions take one or more measures to prevent violation of the rules applicable to each of the heaps.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein said plural heaps comprise a first heap and a second heap, said first heap being designated to store data whose use is in some manner restricted, said second heap being designated to store data whose use is not restricted.
  - 3. The system of claim 2, wherein said first heap stores data which is to be kept secret.
  - 4. The system of claim 3, wherein a first of said functions comprises an output function, and wherein the first function takes one or more measures to prevent output of data stored on said first heap.
  - 5. The system of claim 3, wherein said data which is to be kept secret comprises one or more cryptographic keys.
  - 6. The system of claim 3, wherein said data which is to be kept secret comprises decrypted ciphertext.
  - 7. The system of claim 1, wherein said one or more components consists of one component.
  - 8. The system of claim 1, wherein each of the heaps is stored within one or more ranges of memory locations, said ranges being known to said one or more components, and wherein said functions determine which of said plural heaps a given datum is located on based on which of the ranges the address of said datum falls into.
  - 9. The system of claim 1, wherein said one or more measures comprise refusing to perform an action on a datum that is inconsistent with the rules applicable to the heap on which said datum is stored.
  - 10. The system of claim 1, wherein said one or more measures comprise generating a warning that an action has been requested to be performed on a datum that is inconsistent with the rules applicable to the heap on which said datum is stored.

11. A computer-readable medium encoded with computer-executable instructions to perform a method comprising:
- creating a plurality of heaps, each of the heaps corresponding to a different class of data;
  
  receiving a first request to perform a first function that involves the storage of first data belonging to a first class;
  
  allocating a first portion of memory from a first of said heaps;
  
  storing said first data in said first portion of memory;
  
  receiving a second request to perform a second function that involves a usage of data stored in said first portion of memory;
  
  either allowing the second request to proceed, or performing at least one action in resistance of said second request proceeding, according to whether said usage of data is permissible for data belonging to said first class.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer-readable medium of claim 11, wherein said plurality of heaps comprises a first heap and a second heap, said first heap corresponding to a class of data that is to be kept secret, said second heap corresponding to a class of data that does not need to be kept secret.
  - 13. The computer-readable medium of claim 11, wherein said first function performs the storage of a secret at said first portion of memory, wherein said second function receives an address of said first portion of memory and is configured to perform an act on data stored at the received address that would disclose the contents of the received address, said second function being configured to resist performing said act if said received address is located on said first heap.
  - 14. The computer-readable medium of claim 13, wherein said act comprises writing the contents of the received address to an output device.
  - 15. The computer-readable medium of claim 11, wherein said at least one action in resistance of said second request proceeding comprises refusing to carry out said second request.
  - 16. The computer-readable medium of claim 11, wherein said at least one action in resistance of said second request proceeding comprises generating a warning prior to carrying out said request.

17. A method of protecting data from misuse comprising:
- providing a first set of functions that handles first data that belongs to a first class, the function storing said first data on a first heap;
  
  providing a second set of functions that handle second data in a manner that is inconsistent with a set of rules that applies to said first class, said second set of functions storing said second data on a second heap, said second set of functions being configured to take at least one measure to prevent the copying of said data on said first heap to said second heap, and further being configured to take at least one measure to resist the use of data on said first heap in a manner that is inconsistent with the set of rules that applies to said first class.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, wherein said set of rules that applies to said first class comprises a requirement that data in said first class be kept secret, and wherein said second class comprises non-secret data.
  - 19. The method of claim 17, wherein said set of rules that applies to said first class comprises a rule that data in said first class should not be transmitted over an output device.
  - 20. The method of claim 17, wherein said first set of functions comprises functions that create or apply cryptographic keys, and wherein data in said first class comprises one or more cryptographic keys.
  - 21. The method of claim 17, wherein said one measure to prevent the copying of said data on said first heap to said second heap comprises determining whether data to be copied to the second heap is located in the first heap and refusing to perform the copy if said data to be copied is located in the first heap.
  - 22. The method of claim 17, wherein said at least one measure to resist the use of data on said first heap in a manner that is inconsistent with the set of rules that applies to said first class comprises refusing to perform a requested use of data located on said first heap.
  - 23. The method of claim 17, wherein said at least one measure to resist the use of data on said first heap in a manner that is inconsistent with the set of rules that applies to said first class comprises generating a warning prior to performing a requested use of data located on said first heap.

24. A computer-readable medium encoded with computer-executable instructions to perform a method comprising:
- creating a plurality of heaps, each of the heaps corresponding to a different class of data;
  
  receiving a request to perform a function that involves a usage of a portion of memory, said portion of memory being located in a first of said plurality of heaps;
  
  either allowing the request to proceed, or performing at least one action in resistance of said request proceeding, according to whether said usage is consistent with rules governing said first heap.
- View Dependent Claims (25, 26)
- - 25. The computer-readable medium of claim 24, wherein said usage comprises writing data to said first portion of memory, and wherein said rules govern either what type of data may be stored on said first heap or under what circumstances data may be written to said first heap.
  - 26. The computer-readable medium of claim 24, wherein said usage comprises reading data from said first portion of memory, and wherein said rules govern either what type of usage may be made of data stored on said first heap, or under what circumstances data may be read or used from said first heap.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lewis, Nathan T., Willman, Bryan Mark

Granted Patent

US 7,284,107 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/023 Free address space management

G06F 12/1416 by checking the object acce...

Special-use heaps

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Special-use heaps

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links