Method and system for designating and handling confidential memory allocations
First Claim
1. A method of protecting confidential data, said method comprising:
- receiving a request to allocate space in a virtual memory for confidential data;
marking a portion of the virtual memory as confidential;
determining if a portion of a physical memory has been assigned for the confidential portion of the virtual memory; and
marking the portion of the physical memory that has been assigned for the confidential portion of the virtual memory as having confidential data.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide methods and systems for designating and handling confidential memory allocations of virtual memory. In particular, the operating system provides a memory allocation flag that applications may use to indicate any arbitrary area of physical memory marked with this flag may contain confidential data and should be handled accordingly. The operating system also ensures that memory allocated with this flag can be placed in physical memory. When freeing up memory, the operating system protects any data in the memory allocated with this flag. For example, the operating system may prevent the confidential memory from being swapped out to storage or from being accessible to other applications, such as a debuggers. Alternatively, the operating system may encrypt any data in the confidential memory before it is swapped out to storage.
-
Citations
24 Claims
-
1. A method of protecting confidential data, said method comprising:
-
receiving a request to allocate space in a virtual memory for confidential data;
marking a portion of the virtual memory as confidential;
determining if a portion of a physical memory has been assigned for the confidential portion of the virtual memory; and
marking the portion of the physical memory that has been assigned for the confidential portion of the virtual memory as having confidential data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of protecting data allocated to a confidential area of virtual memory that is stored in physical memory, said method comprising:
-
detecting when contents of the physical memory are being written to another location;
identifying contents of the physical memory that correspond to data allocated to the confidential area of the virtual memory; and
protecting the identified contents of the physical memory. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification