System and Method for Securely Restoring a Program Context from a Shared Memory

US 20080065907A1
Filed: 09/12/2006
Published: 03/13/2008
Est. Priority Date: 09/12/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for restoring a secured program, the method comprising:

setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode;

receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program;

reading an encrypted context corresponding to the identified secured program from the shared memory;

decrypting the encrypted context using an encryption key;

storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program;

verifying context integrity using a persistent security data that is retrieved from a secure location; and

executing instructions included in the restored secured program in response to the verification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securely restoring software program context is presented. A special purpose processor core is included in a heterogeneous processing environment where each processor can access a shared memory. The isolated special purpose processor core includes an isolated local memory. The isolated special purpose processor core receives an identifier corresponding to the secured program. The identifier is used to read an encrypted context of the secured program from the shared memory. The encrypted context is decrypted using an encryption key. The decrypted context is stored in the isolated special purpose processor core'"'"'s local memory. The secured program'"'"'s context integrity is verified by using a persistent security data that is retrieved from a secure location, such as a persistent storage register that can only be accessed when the special purpose processor core is running in isolation mode. If the context is verified, the secured program is executed.

24 Citations

View as Search Results

23 Claims

1. A computer implemented method for restoring a secured program, the method comprising:
- setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode;
  
  receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program;
  
  reading an encrypted context corresponding to the identified secured program from the shared memory;
  
  decrypting the encrypted context using an encryption key;
  
  storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program;
  
  verifying context integrity using a persistent security data that is retrieved from a secure location; and
  
  executing instructions included in the restored secured program in response to the verification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the verifying further comprises:
    - retrieving the persistent security data from a persistent storage register, wherein the persistent storage data is a nonce;
      
      retrieving a program nonce from the decrypted context; and
      
      comparing the persistent security data to the program nonce, wherein the context integrity is verified when the persistent security data matches the program nonce.
  - 3. The method of claim 1 wherein the verifying further comprises:
    - retrieving the encryption key from a persistent storage register, wherein the persistent storage data is the encryption key; and
      
      encrypting one or more blocks of the encrypted context using the encryption key, wherein the context integrity is verified when the one or more blocks are successfully decrypted using the retrieved encryption key.
  - 4. The method of claim 1 further comprising:
    - retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 5. The method of claim 1 further comprising:
    - loading a secure loader into the isolated special purpose processor core'"'"'s local memory in response to the setting, wherein the secure loader performs the receiving, reading, decrypting, and storing, and wherein the secure loader initiates the executing by;
      
      retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 6. The method of claim 5 wherein the persistent security data is stored in a persistent storage register that is only accessible when the special purpose processor core is in isolation mode, and wherein the loading of the secure loader further comprises:
    - in response to the special purpose processor core being set into the isolation mode;
      
      automatically loading a static copy of the secure loader from a read-only memory so that use of the persistent storage register is controlled by the secure loader.
  - 7. The method of claim 1 wherein the reading of the encrypted context further comprises:
    - reading one or more blocks of the encrypted context from the shared memory; and
      
      writing the encrypted context blocks to an open memory area associated with the isolated special purpose processor core, wherein the open memory area is an unprotected memory area that is accessible by from the general purpose processors.
  - 8. The method of claim 1 further comprising:
    - prior to the decrypting, inputting the encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      comparing the signature result to a previous signature result, wherein the verification of the context integrity is based on the comparison.

9. An information handling system comprising:
- a heterogeneous processor that includes one or more special purpose processor cores, wherein one of the special processors is running in an isolation mode, and one or more general purpose processor cores;
  
  a local memory corresponding to each of the plurality of heterogeneous processors, wherein the local memory corresponding to the isolated special purpose processor core is inaccessible by the other heterogeneous processor cores while the special purpose processor core is running in the isolation mode;
  
  a shared memory accessible by the heterogeneous processors; and
  
  a set of instructions stored in one of the local memories, wherein one or more of the heterogeneous processors executes the set of instructions in order to perform actions of;
  
  receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program;
  
  reading an encrypted context corresponding to the identified secured program from the shared memory;
  
  decrypting the encrypted context using an encryption key;
  
  storing the decrypted context in the isolated special purpose processor core'"'"'s local memory, the decrypted context including the restored secured program;
  
  verifying context integrity using a persistent security data that is retrieved from a secure location; and
  
  executing instructions included in the restored secured program in response to the verification.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The information handling system of claim 9 further comprising:
    - a persistent storage register included in each of the special purpose processor cores, wherein data stored in the persistent storage registers is accessible when the special purpose processor core is in isolation mode and the data stored in the persistent storage registers is inaccessible when the special purpose processor core is running in non-isolation mode, where the set of instructions that perform the verifying further perform actions of;
      
      retrieving the persistent security data from the isolated special purpose processor core'"'"'s persistent storage register, wherein the persistent storage data is a nonce;
      
      retrieving a program nonce from the decrypted context; and
      
      comparing the persistent security data to the program nonce, wherein the context integrity is verified when the persistent security data matches the program nonce.
  - 11. The information handling system of claim 9 further comprising:
    - a persistent storage register included in each of the special purpose processor cores, wherein data stored in the persistent storage registers is accessible when the special purpose processor core is in isolation mode and the data stored in the persistent storage registers is inaccessible when the special purpose processor core is running in non-isolation mode, where the set of instructions that perform the verifying further perform actions of;
      
      retrieving the encryption key from the isolated special purpose processor core'"'"'s persistent storage register, wherein the persistent storage data is the encryption key; and
      
      encrypting one or more blocks of the encrypted context using the encryption key, wherein the context integrity is verified when the one or more blocks are successfully decrypted using the retrieved encryption key.
  - 12. The information handling system of claim 9 further comprising the set of instructions further performing actions of:
    - retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 13. The information handling system of claim 9 further comprising:
    - loading a secure loader into the isolated special purpose processor core'"'"'s local memory in response to the setting, wherein the secure loader performs the receiving, reading, decrypting, and storing, and wherein the secure loader initiates the executing by the executed instructions performing actions of;
      
      retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 14. The information handling system of claim 13 further comprising:
    - a persistent storage register included in each of the special purpose processor cores, wherein data stored in the persistent storage registers is accessible when the special purpose processor core is in isolation mode and the data stored in the persistent storage registers is inaccessible when the special purpose processor core is running in non-isolation mode;
      
      a read-only memory;
      
      a static copy of the secure loader stored in the read-only memory, wherein the set of instructions further perform actions of;
      
      automatically loading the static copy of the secure loader from the read-only memory in response to the special purpose processor core being set into isolation mode.
  - 15. The information handling system of claim 9 further comprising:
    - an open memory area associated with the isolated special purpose processor core, wherein the open memory area is an unprotected memory area that is accessible by from the general purpose processors, wherein the set of instructions further perform actions of;
      
      reading one or more blocks of the encrypted context from the shared memory; and
      
      writing the encrypted context blocks to the isolated special purpose processor core'"'"'s open memory area.
  - 16. The information handling system of claim 9 further comprising the set of instructions further performing actions of:
    - prior to the decrypting, inputting the encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      comparing the signature result to a previous signature result, wherein the verification of the context integrity is based on the comparison.

17. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by a information handling system, causes the information handling system to perform actions that include:
- setting a special purpose processor core in an isolation mode, wherein the special purpose processor core is included in a heterogeneous processor that includes the isolated special purpose processor core and one or more general purpose processor cores that can each access a shared memory, and wherein the isolated special purpose processor core includes a local memory that is inaccessible from the other heterogeneous processing cores while the special purpose processor core is running in the isolation mode;
  
  receiving, at the isolated special purpose processor core, an identifier corresponding to the secured program;
  
  reading an encrypted context corresponding to the identified secured program from the shared memory;
  
  decrypting the encrypted context using an encryption key;
  
  storing the decrypted context in the isolated special purpose processor core'"'"'s local memory;
  
  verifying context integrity using a persistent security data that is retrieved from a secure location; and
  
  executing instructions included in the decrypted context in response to the verification.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer program product of claim 17 wherein the verifying further comprises functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - retrieving the persistent security data from a persistent storage register, wherein the persistent storage data is a nonce;
      
      retrieving a program nonce from the decrypted context; and
      
      comparing the persistent security data to the program nonce, wherein the context integrity is verified when the persistent security data matches the program nonce.
  - 19. The computer program product of claim 17 wherein the verifying further comprises functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - retrieving the encryption key from a persistent storage register, wherein the persistent storage data is the encryption key; and
      
      encrypting one or more blocks of the encrypted context using the encryption key, wherein the context integrity is verified when the one or more blocks are successfully decrypted using the retrieved encryption key.
  - 20. The computer program product of claim 17 further comprising functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 21. The computer program product of claim 17 further comprising functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - loading a secure loader into the isolated special purpose processor core'"'"'s local memory in response to the setting, wherein the secure loader performs the receiving, reading, decrypting, and storing, and wherein the secure loader initiates the executing by;
      
      retrieving a program counter corresponding to a location where the secured program was interrupted; and
      
      branching to the program counter to initiate the execution of the instructions.
  - 22. The computer program product of claim 17 wherein the reading of the encrypted context further comprises functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - reading one or more blocks of the encrypted context from the shared memory; and
      
      writing the encrypted context blocks to an open memory area associated with the isolated special purpose processor core, wherein the open memory area is an unprotected memory area that is accessible by from the general purpose processors.
  - 23. The computer program product of claim 17 further comprising functional descriptive material that, when executed by the information handling system, causes the information handling system to perform additional actions that include:
    - prior to the decrypting, inputting the encrypted context to a signature generation function, the signature generation function resulting in an signature result; and
      
      comparing the signature result to a previous signature result, wherein the verification of the context integrity is based on the comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shimizu, Kanna, Nutter, Mark Richard

Granted Patent

US 7,945,789 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/74   operating in dual or compar...

G06F 9/461   Saving or restoring of prog...

System and Method for Securely Restoring a Program Context from a Shared Memory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

System and Method for Securely Restoring a Program Context from a Shared Memory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others