Method and apparatus for securing and validating paged memory system
First Claim
Patent Images
1. An apparatus comprising:
- at least one host processor;
at least one virtual memory support circuit;
a service processor to monitor a state of the at least one virtual memory support circuit;
a first memory accessible to every host processor and to the service processor; and
a second memory accessible to the service processor only.
1 Assignment
0 Petitions
Accused Products
Abstract
A service processor monitors the state of a physical memory and a virtual memory support circuit of a host processor. A second memory, accessible only to the service processor, stores information to permit the service processor to detect changes to pages of the physical memory. Other similar apparatus, and methods to use such apparatus, are described and claimed.
-
Citations
30 Claims
-
1. An apparatus comprising:
-
at least one host processor;
at least one virtual memory support circuit;
a service processor to monitor a state of the at least one virtual memory support circuit;
a first memory accessible to every host processor and to the service processor; and
a second memory accessible to the service processor only. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a first processor;
a second processor;
a first means for mediating access from the first processor to a memory according to a configuration;
authentication means for computing a hash of a portion of the memory;
protected storage means for recording the hash so that it cannot be accessed by the first processor;
confirmation means for comparing the hash of the portion of the memory to a previously-computed hash of the portion of the memory; and
alarm means for signaling a failed confirmation. - View Dependent Claims (7, 8, 9)
-
-
10. A method comprising:
-
calculating a first hash value of a memory page;
monitoring an association between a virtual memory address and the memory page;
if the association between the virtual memory address and the memory page changes, calculating a second hash value of the memory page and issuing a tampering alert if the first hash value differs from the second hash value. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
registering a first physical page that is mapped at a virtual address of a host agent; and
if a second physical page is mapped at the virtual address of the host agent, verifying the second physical page; and
if a contents of the second physical page differs from a contents of the first physical page, signaling a possible tampering condition. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A system comprising:
-
a service processor;
a plurality of host processors;
a first memory that is accessible to the service processor and to the plurality of host processors;
a second memory that is accessible to the service processor and inaccessible to the plurality of host processors; and
an operating system;
wherein the service processor is to calculate a first hash of a page of the first memory; and
if a state of a virtual memory map is changed, the service processor calculates a second hash of the page of the first memory. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A machine-readable medium containing instructions that, when executed by a service processor, cause the service processor to perform operations comprising:
-
reconstructing a state of a virtual memory support system;
calculating a first hash of a contents of a first physical page that is mapped by the virtual memory support system;
monitoring the virtual memory support system for changes to a mapping; and
calculating a second hash of a contents of a second physical page that is mapped by the virtual memory support system. - View Dependent Claims (28, 29, 30)
-
Specification