ENCRYPTION OF EXECUTABLES IN COMPUTATIONAL MEMORY

US 20170052906A1
Filed: 08/17/2015
Published: 02/23/2017
Est. Priority Date: 08/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

traversing, by computational memory, an operating system page table in the computational memory for a page marked as executable;

in response to finding a page marked as executable, determining whether the page marked as executable has been encrypted;

in response to determining that the page marked as executable is not encrypted, generating a key for the page marked as executable; and

encrypting the page marked as executable using the key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure is related to encryption of executables in computational memory. Computational memory can traverse an operating system page table in the computational memory for a page marked as executable. In response to finding a page marked as executable, the computational memory can determine whether the page marked as executable has been encrypted. In response to determining that the page marked as executable is not encrypted, the computational memory can generate a key for the page marked as executable. The computational memory can encrypt the page marked as executable using the key.

Citations

29 Claims

1. A method, comprising:
- traversing, by computational memory, an operating system page table in the computational memory for a page marked as executable;
  
  in response to finding a page marked as executable, determining whether the page marked as executable has been encrypted;
  
  in response to determining that the page marked as executable is not encrypted, generating a key for the page marked as executable; and
  
  encrypting the page marked as executable using the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the method includes, in response to determining that the page marked as executable is encrypted, traversing the operating system page table for an additional page marked as executable.
  - 3. The method of claim 2, wherein the method includes, in response to finding the additional page marked as executable, determining whether the additional page marked as executable has been encrypted;
    - in response to determining that the additional page marked as executable is not encrypted, generating a different key for the additional page marked as executable; and
      
      encrypting the additional page marked as executable using the different key.
  - 4. The method of claim 1, wherein traversing the operating system page table comprises traversing the operating system page table in response to receiving an instruction from a host in association with a page access.
  - 5. The method of claim 1, wherein the method includes granting access to a page marked as read, write, or read/write in the operating system page table without regard to encryption.
  - 6. The method of claim 1, wherein the method includes, in response to a request for the page marked as executable:
    - generating a new key; and
      
      re-encrypting the page marked as executable using the new key; and
      
      storing the re-encrypted page in place of the page marked as executable.
  - 7. The method of claim 6, wherein the method includes, in response to the request for the page marked as executable:
    - decrypting the re-encrypted page; and
      
      storing the decrypted page in cache of the computational memory for transfer to satisfy the request.
  - 8. The method of claim 1, wherein the method includes:
    - receiving a new page, comprising executables;
      
      generating a new key for the new page;
      
      encrypting the new page using the new key;
      
      storing the new page in the computational memory; and
      
      creating an entry in the operating system page table for the new page, including marking the new page as executable and encrypted.

9. A method, comprising:
- traversing, by computational memory, an operating system page table in the computational memory for any page marked as executable;
  
  in response to finding a first page marked as executable, determining whether the first page marked as executable has been encrypted;
  
  in response to determining that the first page marked as executable is not encrypted, generating a first key for the first page marked as executable;
  
  encrypting the first page marked as executable using the first key;
  
  in response to finding a second page marked as executable, determining whether the second page marked as executable has been encrypted;
  
  in response to determining that the second page marked as executable is not encrypted, generating a second key for the second page marked as executable; and
  
  encrypting the second page marked as executable using the second key.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein the method includes:
    - receiving a third page, comprising executables;
      
      generating a third key for the third page;
      
      encrypting the third page using the third key; and
      
      storing the third page in the computational memory.
  - 11. The method of claim 10, wherein the method includes creating an entry in the operating system page table for the third page, including:
    - marking the third page as executable and encrypted; and
      
      storing the third key in the entry.

12. A non-transitory computer readable medium storing instructions executable by computational memory to:
- determine whether a requested page in the computational memory marked as executable has been encrypted;
  
  in response to determining that the requested page is not encrypted;
  
  store the requested page in cache of the computational memory;
  
  generate a key;
  
  encrypt the requested page using the key; and
  
  store the encrypted page in place of the requested page in the computational memory; and
  
  in response to determining that the requested page is encrypted;
  
  generate a new key;
  
  re-encrypt the requested page using the new key;
  
  store the re-encrypted page in place of the requested page in the computational memory; and
  
  decrypt the requested page and store the decrypted page in the cache of the computational memory.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The medium of claim 12, wherein the instructions are executable to transfer the requested page or the decrypted page from the cache to a source of the request.
  - 14. The medium of claim 12, wherein the instructions are executable to, in response to a subsequent request for the requested page, transfer the requested page or the decrypted requested page from the cache to a source of the request.
  - 15. The medium of claim 12, wherein the cache comprises a non-addressable area of the computational memory.
  - 16. The medium of claim 12, wherein the instructions to determine whether the requested page has been encrypted comprise instructions to reference an operating system page table in the computational memory that indicates whether pages are encrypted and whether pages are executable.

17. An apparatus, comprising:
- a computational memory; and
  
  an operating system page table stored in the computational memory, wherein the operating system page table includes;
  
  an indication of whether a respective page is encrypted;
  
  a respective key for each page that is encrypted;
  
  a virtual address corresponding to the respective page;
  
  a physical address corresponding to the respective page; and
  
  a marking of a type of the respective page; and
  
  wherein the computational memory is configured to maintain the operating system page table.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The apparatus of claim 17, wherein the apparatus includes an entropy source configured to generate the respective keys.
  - 19. The apparatus of claim 17, wherein the computational memory is configured to:
    - traverse the operating system page table for pages that are marked as executable and not indicated as encrypted; and
      
      encrypt the pages marked as executable and not indicted as encrypted using uniquely generated keys.
  - 20. The apparatus of claim 19, wherein the marking of the type of the respective page comprises one of the group of types including readable, writable, readable/writable, and executable;
    - andwherein the type of the respective page indicates whether the respective page stores data or executables.
  - 21. The apparatus of claim 17, wherein the operating system page table includes an indication of a size of the respective page.
  - 22. The apparatus of claim 17, wherein the computational memory includes sensing circuitry configured to perform a logical operation on data stored in memory cells in the computational memory and store the result back to the computational memory without enabling a local input/output line coupled to the sensing circuitry.

23. An apparatus, comprising:
- a computational memory configured to;
  
  encrypt a first page in response to the first page not being encrypted and in response to the first page being marked as executable according to a traversal of an operating system page table in the computational memory by the computational memory;
  
  encrypt a second page marked as executable in response to the second page not being encrypted and in response to the second page being requested; and
  
  re-encrypt a third page marked as executable in response to the third page being encrypted and in response to the third page being requested.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The apparatus of claim 23, wherein the computational memory is configured to use unique keys generated with an entropy source in the computational memory to encrypt or re-encrypt pages in the computational memory.
  - 25. The apparatus of claim 24, wherein the entropy source comprises at least one one of the group of entropy sources including a phase-locked loop frequency, a serial number of the apparatus, and a timer.
  - 26. The apparatus of claim 23, wherein the computational memory is configured to store the second page in a cache in the computational memory, prior to encrypting the second page, for transfer according to the request.
  - 27. The apparatus of claim 26, wherein the computational memory is configured to transfer the second page from the cache in response to a subsequent request for the second page.
  - 28. The apparatus of claim 23, wherein the computational memory is configured to decrypt the third page and store the decrypted third page in cache for transfer according to the request.

29. A method, comprising:
- receiving a request for a page stored in a computational memory;
  
  determining whether the requested page has been marked as executable in an operating system page table in the computational memory;
  
  determining whether the requested page has been indicated as encrypted in the operating system page table in the computational memory; and
  
  in response to determining that the requested page is executable and encrypted;
  
  generating a new key;
  
  re-encrypting the requested page using the new key;
  
  storing the re-encrypted page in place of the requested page in the computational memory;
  
  decrypting the requested page and storing the decrypted page in the cache of the computational memory; and
  
  transferring the decrypted requested page from the cache to satisfy the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Lea, Perry V.

Granted Patent

US 9,996,479 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/0897   with two or more cache hier...

G06F 12/1009   using page tables, e.g. pag...

G06F 12/1408   by using cryptography for d...

G06F 15/7821   Tightly coupled to memory, ...

G06F 21/126   Interacting with the operat...

G06F 21/79   in semiconductor storage me...

G06F 2212/1016   Performance improvement

G06F 2212/1052   Security improvement

ENCRYPTION OF EXECUTABLES IN COMPUTATIONAL MEMORY

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION OF EXECUTABLES IN COMPUTATIONAL MEMORY

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links