METHODS, APPARATUS, AND SYSTEMS FOR SECURE DEMAND PAGING AND OTHER PAGING OPERATIONS FOR PROCESSOR DEVICES
First Claim
1. A secure demand paging system comprising:
- a processor operable for executing instructions;
an internal memory for a first page in a first virtual machine context;
an external memory for a second page in a second virtual machine context;
a security circuit coupled to said processor and to said internal memory for maintaining the first page secure in said internal memory;
the processor operable to execute sets of instructions representing;
a central controller;
an abort handler coupled to supply to said central controller at least one signal representing a page fault by an instruction in said processor;
a scavenger responsive to said central controller and operable to identify the first page as a page to free;
a virtual machine context switcher responsive to said central controller to change from the first virtual machine context to the second virtual machine context; and
a swapper manager operable to swap in the second page from said external memory with decryption and integrity check, to said internal memory in place of the first page.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure demand paging system (1020) includes a processor (1030) operable for executing instructions, an internal memory (1034) for a first page in a first virtual machine context, an external memory (1024) for a second page in a second virtual machine context, and a security circuit (1038) coupled to the processor (1030) and to the internal memory (1034) for maintaining the first page secure in the internal memory (1034). The processor (1030) is operable to execute sets of instructions representing: a central controller (4210), an abort handler (4260) coupled to supply to the central controller (4210) at least one signal representing a page fault by an instruction in the processor (1030), a scavenger (4220) responsive to the central controller (4210) and operable to identify the first page as a page to free, a virtual machine context switcher (4230) responsive to the central controller (4210) to change from the first virtual machine context to the second virtual machine context; and a swapper manager (4240) operable to swap in the second page from the external memory (1024) with decryption and integrity check, to the internal memory (1034) in place of the first page.
473 Citations
14 Claims
-
1. A secure demand paging system comprising:
-
a processor operable for executing instructions; an internal memory for a first page in a first virtual machine context; an external memory for a second page in a second virtual machine context; a security circuit coupled to said processor and to said internal memory for maintaining the first page secure in said internal memory; the processor operable to execute sets of instructions representing; a central controller; an abort handler coupled to supply to said central controller at least one signal representing a page fault by an instruction in said processor; a scavenger responsive to said central controller and operable to identify the first page as a page to free; a virtual machine context switcher responsive to said central controller to change from the first virtual machine context to the second virtual machine context; and a swapper manager operable to swap in the second page from said external memory with decryption and integrity check, to said internal memory in place of the first page.
-
-
2. A method of secure demand paging (SDP) for portable telecommunication device having a processor, a secure internal memory, and an external DRAM comprising:
-
configuring with configuration data indicating pages for confidentiality protection, and pages for integrity protection; multi-threading an SDP process and a non-secure process; executing the SDP process to swap between the external DRAM and the secure internal memory in response to page faults in the secure internal memory so that confidentiality processing is applied specifically to pages for which the configuration data indicates confidentiality protection, and integrity verification is applied specifically to pages for which the configuration data indicates integrity protection; and applying a process for determining when page replacement in the secure internal memory is necessary, and if so then applying a page replacement process for determination of priority for page replacement, that downgrades data pages in priority relative to code pages, downgrades recently loaded or accessed pages in priority relative to earlier loaded or accessed pages, and downgrades dirty pages in priority relative to clean pages in priority for page replacement.
-
-
3. A secure demand paging (SDP) system comprising
a dynamic random access memory (DRAM); -
a microprocessor having a secure internal memory and coupled to said DRAM; and a non-volatile memory storing a representation of operations accessible by said microprocessor including a coded physical representation of operations to configure an SDP space in the DRAM, to organize the SDP space into virtual machine contexts, to organize at least one of the virtual machine contexts into block book keeping blocks and book keeping spaces in the block book keeping blocks, and to execute a secure demand paging process between said secure internal memory and said DRAM.
-
-
4. A demand paging system comprising
a dynamic random access memory (DRAM); -
a microprocessor for executing a protected application having a secure internal memory having a physical address space and coupled to said DRAM; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor and including a coded physical representation of operations to establish a data structure pertaining at least in part to both the secure internal memory and the DRAM, the data structure organizing the protected application in the secure internal memory into virtual pages by a first index for a book keeping element in use, and a second index for a block book keeping block in use, and operations to demand page between the secure internal memory and the DRAM utilizing the data structure.
-
-
5. A secure demand paging (SDP) system comprising
an external volatile memory; -
a microprocessor having a secure internal memory having a physical address space and the microprocessor operable for executing at least one protected application in the secure internal memory; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of operations for run-time initializing SDP including loading a protected application page-wise from the non-volatile memory into the secure internal memory, indexing each page and integrity-flagging pages for which integrity processing is directed, and confidentiality-flagging pages for which confidentiality processing is directed, hashing each integrity-flagged page of the protected application to provide a respective page hash, and encrypting each confidentiality-flagged page together with the respective page hash, providing a header for pages including the page hash, hashing the header, storing the header hash into a hash-field of a book keeping element for the page, and storing each book keeping element and encrypted page into the external volatile memory.
-
-
6. A secure demand paging (SDP) system comprising
an external volatile memory; -
an external non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of operations for an operating system, a client application, an SDP protected application and at least one additional protected application; a microprocessor having a non-secure memory space and a secure memory space having a physical page space and the microprocessor operable to load the SDP protected application from said external non-volatile memory into a portion of the secure memory protected from unauthorized alteration; the SDP protected application including an SDP abort handler and a representation of operations to load the additional protected application page-wise from said external non-volatile memory via decryption, authentication, encryption and integrity protection governed by a page-specific confidentiality flag and page-specific integrity flag into said external volatile memory; said microprocessor further operable to execute an access in non-secure space by the client application directed to the additional protected application, to detect an access abort and to vector the access abort to the SDP abort handler, the SDP protected application including operations to find a pertinent page of the additional protected application in said secure memory and if the page is absent then to load the pertinent page of the additional protected application into said secure memory from said external volatile memory by decryption and authentication governed by the confidentiality flag and the integrity flag, and to initiate re-queue of the access to the pertinent page in said secure memory.
-
-
7. A secure demand paging (SDP) system comprising
an external volatile memory; -
a microprocessor coupled to said external volatile memory, said microprocessor having a secure internal memory having a physical address space, and said microprocessor operable for executing at least one protected application in said secure internal memory; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of operations to establish a code page, a data page, and a stack in said secure internal memory and further to establish a secure demand paging configuration in said secure internal memory, the configuration including a page mapping of physical addresses to virtual addresses for a virtual machine context, an index of the virtual machine context, and at least one page-specific lock for a page in the virtual machine context.
-
-
8. A secure demand paging (SDP) system comprising
an external volatile memory; -
a microprocessor having a secure internal memory having a physical address space and the microprocessor operable for executing at least one protected application in the secure internal memory; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of operations to establish a table identifying pages by page type alternatives code and data and a representation of operations to request by page type a new page that is absent from said secure internal memory, to search physical pages in said secure internal memory to identify a physical page to wipe based on page type of physical page and page type of the requested page, and to access said external volatile memory for a new page.
-
-
9. A secure demand paging (SDP) system comprising
an internal secure memory for pages in a first virtual machine context; -
an external memory for pages in the first virtual machine context and in a second virtual machine context; a processor coupled to said internal secure memory and to said external memory; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of operations to handle an asynchronous message for the second virtual machine context when pages for the first virtual machine context are in said internal secure memory, the operations to handle including operations to freeze execution in the first virtual machine context, to wipe a particular page in internal secure memory occupying a predetermined page slot for handling said asynchronous message, to prepare for handling said asynchronous message, and to receive the asynchronous message into the predetermined page slot.
-
-
10. A secure demand paging system comprising
a secure internal memory; -
an external non-volatile memory having encrypted and integrity-protected code pages; an external volatile memory for swap pages; a processor coupled to said secure internal memory and to said external non-volatile memory and operable to decrypt and verify the integrity of the code pages thereby to transfer code pages to said secure internal memory directly from said external non-volatile memory bypassing said external volatile memory in respect of the code pages, and to swap out and swap in the swap pages between secure internal memory and said external volatile memory bypassing said external non-volatile memory in respect of the swap pages for said external volatile memory.
-
-
11. A secure demand paging system comprising
a processor; -
a cryptographic accelerator; a hash accelerator; and a secure memory coupled to said processor and coupled to transfer the same secure memory data to the cryptographic accelerator and the hash accelerator in parallel, the hashing accelerator operable to securely deliver a hash result directly to said processor.
-
-
12. A process of manufacturing a secure demand paging (SDP) system including
providing a non-volatile memory with a signed SDP certificate including a configuration parameters for the SDP system; -
providing a processor responsive to said non-volatile memory to configure and execute an SDP protected application; and manufacturing a telecommunications end product combining a wireless modem with said non-volatile memory and said processor.
-
-
13. A secure demand paging device comprising
a cryptographic circuit; -
a direct memory access (DMA) circuit coupled to said cryptographic circuit; a secure memory coupled by said DMA circuit to said cryptographic circuit; and a processor operable for page scavenging of the secure memory substantially in parallel time-wise with at least some operation on a first page by said cryptographic circuit.
-
-
14. A secure demand paging (SDP) system comprising
an external volatile memory; -
a microprocessor coupled to said external volatile memory, said microprocessor having a secure internal memory having a physical address space, and said microprocessor operable to execute at least one protected application in the secure internal memory and to execute a client application at intervals and also have at least one interval of lower-activity status; and a non-volatile memory storing a coded physical representation of operations accessible by said microprocessor including a representation of an SDP protected application including a page scavenger, and an operation to schedule the page scavenger for said at least one interval of lower-activity status.
-
Specification