Hard Object: Hardware Protection for Software Objects
First Claim
1. A method of regulating the execution of a program by a microprocessor, said microprocessor having a plurality of data addresses, each data address having data, and said microprocessor having a plurality of instruction addresses, each instruction address having an instruction, at least one instruction being an accessing instruction for accessing data at a data address target, said microprocessorassociating an owner with a data address, where said owner is a subset of said instruction addresses,having a set-owner operation taking as arguments a data address set-owner argument and a new owner set-owner argument, said set-owner operation altering the owner associated with said data address set-owner argument to be said new owner set-owner argument,said method comprising:
- when an accessing instruction at an accessing instruction address accesses data at a data address target, allowing the access if an access condition is met, otherwise issuing a fault, said access conditions comprising;
(a) said accessing instruction address is an element of the owner associated with said data address target,when said set-owner operation executes, allowing said set-owner operation if a set-owner condition is met, otherwise issuing a fault, said set-owner conditions comprising;
(a) at least one instruction of said set-owner operation is an element of the owner associated with said data address set-owner argument.
0 Assignments
0 Petitions
Accused Products
Abstract
In accordance with one embodiment, additions to the standard computer microprocessor architecture hardware are disclosed comprising novel page table entry fields 015 062, special registers 021 022, instructions for modifying these fields 120 122 and registers 124 126, and hardware-implemented 038 runtime checks and operations involving these fields and registers. More specifically, in the above embodiment of a Hard Object system, there is additional meta-data 061 in each page table entry beyond what it commonly holds, and each time a data load or store is issued from the CPU, and the virtual address 032 translated to the physical address 034, the Hard Object system uses its additional PTE meta-data 061 to perform memory access checks additional to those done in current systems. Together with changes to software, these access checks can be arranged carefully to provide more fine-grain access control for data than do current systems.
103 Citations
23 Claims
-
1. A method of regulating the execution of a program by a microprocessor, said microprocessor having a plurality of data addresses, each data address having data, and said microprocessor having a plurality of instruction addresses, each instruction address having an instruction, at least one instruction being an accessing instruction for accessing data at a data address target, said microprocessor
associating an owner with a data address, where said owner is a subset of said instruction addresses, having a set-owner operation taking as arguments a data address set-owner argument and a new owner set-owner argument, said set-owner operation altering the owner associated with said data address set-owner argument to be said new owner set-owner argument, said method comprising: -
when an accessing instruction at an accessing instruction address accesses data at a data address target, allowing the access if an access condition is met, otherwise issuing a fault, said access conditions comprising; (a) said accessing instruction address is an element of the owner associated with said data address target, when said set-owner operation executes, allowing said set-owner operation if a set-owner condition is met, otherwise issuing a fault, said set-owner conditions comprising; (a) at least one instruction of said set-owner operation is an element of the owner associated with said data address set-owner argument. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of regulating the execution of a program by a microprocessor, said microprocessor having a plurality of data addresses, each data address having data, and said microprocessor having a plurality of instruction addresses, each instruction address having an instruction, at least one instruction being an accessing instruction for accessing data at a data address target, said microprocessor
having a permissions map associating an instruction/data address pair with a permission value, the instruction/data address pair comprising a permissions map instruction address and a permissions map data address said method comprising: when an accessing instruction at an accessing instruction address accesses data at a data address target, allowing the access if an access condition is met, otherwise issuing a fault, said access conditions comprising; (a) said access is in accordance with a permission value from said permissions map using the accessing instruction address as the permissions map instruction address and the data address target as the permissions map data address. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
22. A computer comprising at least one microprocessor, said microprocessor having a plurality of data addresses, each data address having data, and said microprocessor having a plurality of instruction addresses, each instruction address having an instruction, at least one instruction being an accessing instruction for accessing data at a data address target, said microprocessor
associating an owner with a data address, where said owner is a subset of said instruction addresses, having a set-owner operation taking as arguments a data address set-owner argument and a new owner set-owner argument, said set-owner operation altering the owner associated with said data address set-owner argument to be said new owner set-owner argument, wherein the computer is programmed to regulate execution of a program by the microprocessor through a method comprising: -
when an accessing instruction at an accessing instruction address accesses data at a data address target, allowing the access if an access condition is met, otherwise issuing a fault, said access conditions comprising; (a) said accessing instruction address is an element of the owner associated with said data address target, when said set-owner operation executes, allowing said set-owner operation if a set-owner condition is met, otherwise issuing a fault, said set-owner conditions comprising; (a) at least one instruction of said set-owner operation is an element of the owner associated with said data address set-owner argument. - View Dependent Claims (23)
-
Specification