TAMPER RESISTANT MEMORY PROTECTION
First Claim
1. A system for protecting the security of memory in a computing environment, comprising:
- a plurality of memory units;
at least one memory unit of said plurality of memory units configured to house header data, code, sensitive data, and other data;
an encryption layer configured to encrypt at least said header data, said code, and said sensitive data and configured to leave said other data unencrypted, wherein said encryption layer prevents the reading of said header data, said code, and said sensitive data;
a hashing layer configured to hash at least said header data, said code, and said sensitive data, wherein said hashing layer prevents any changes to said header data, said code, and said sensitive data;
a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive said at least one memory unit, and manage dynamic encryption and hashing of said header data, said code, and said sensitive data; and
a module configured to store said encrypted and hashed header data, code, sensitive data, and said other data in dynamic memory of said computing environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.
42 Citations
20 Claims
-
1. A system for protecting the security of memory in a computing environment, comprising:
-
a plurality of memory units; at least one memory unit of said plurality of memory units configured to house header data, code, sensitive data, and other data; an encryption layer configured to encrypt at least said header data, said code, and said sensitive data and configured to leave said other data unencrypted, wherein said encryption layer prevents the reading of said header data, said code, and said sensitive data; a hashing layer configured to hash at least said header data, said code, and said sensitive data, wherein said hashing layer prevents any changes to said header data, said code, and said sensitive data; a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive said at least one memory unit, and manage dynamic encryption and hashing of said header data, said code, and said sensitive data; and a module configured to store said encrypted and hashed header data, code, sensitive data, and said other data in dynamic memory of said computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17)
-
-
14. A method for preventing tampering with memory in computing environments, comprising:
-
receiving a memory unit, comprising header data, code, and sensitive data; encrypting said header data, said code, and said sensitive data; hashing said header data, said code data, and said sensitive data; wherein, said memory unit is dynamically encrypted and hashed on a per-memory unit basis; and storing said encrypted and hashed header data, said code data, and said sensitive data in a dynamic memory of a computing device.
-
-
18. A computer readable medium storing thereon computer executable instructions for increasing memory security and integrity in computing environments, comprising:
-
at least one instruction configured to access a runtime memory; at least one instruction configured to identify in said memory header data, code, and sensitive data; at least one instruction configured to dynamically check a hash of said memory header data, code, and sensitive data; at least one instruction configured to dynamically decrypt said memory header data, code, and sensitive data; at least one instruction configured to process at least one of said checked and decrypted code and sensitive data; at least one instruction configured to dynamically encrypt any information back to said runtime memory; at least one instruction configured to dynamically hash any information back to said runtime memory; and at least one instruction configured to store encrypted and hashed information on said runtime memory. - View Dependent Claims (19, 20)
-
Specification