Secure execution of program code

US 7,020,772 B2
Filed: 09/22/2003
Issued: 03/28/2006
Est. Priority Date: 04/06/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method of executing program code in a secure manner in a data processor, comprising:

fetching an instruction for execution from a memory;

determining that the instruction has access privileges for accessing a specified location within the memory; and

accessing the specified location only when the instruction has privileges for accessing the specified location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.

135 Citations

View as Search Results

60 Claims

1. A method of executing program code in a secure manner in a data processor, comprising:
- fetching an instruction for execution from a memory;
  
  determining that the instruction has access privileges for accessing a specified location within the memory; and
  
  accessing the specified location only when the instruction has privileges for accessing the specified location.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein determining comprises comparing a privilege for the instruction to a level of privilege required to access the specified location.
  - 3. The method of claim 1 wherein determining comprises comparing a privilege for the instruction to a level of privilege required to access the specified location by control unit, wherein the control unit performs acts of:
    - accepting a virtual address from the instruction;
      
      accepting a first privilege level from the instruction;
      
      converting the virtual address to a physical address corresponding to the specified location;
      
      looking up a second privilege level required in order to access the specified location;
      
      comparing the second privilege level to the first privilege level; and
      
      granting access to the instruction only when the first privilege levels meets or exceeds a threshold privilege level determined by the second privilege level.
  - 4. The method of claim 1 wherein determining comprises comparing a privilege for the instruction to a level of privilege required to access the specified location by control unit, wherein the control unit performs acts of:
    - accepting a virtual address from the instruction;
      
      accepting a first privilege level from the instruction;
      
      converting the virtual address to a physical address corresponding to the specified location;
      
      looking up a second privilege level required in order to access the specified location;
      
      comparing the second privilege level to the first privilege level;
      
      granting access to the instruction only when the first privilege levels meets or exceeds a threshold privilege level determined by the second privilege level; and
      
      halting execution of the instruction when the first privilege level does not meet or exceed a threshold privilege level determined by the second privilege level.
  - 5. The method of claim 1, wherein the specified location is a secure region of the memory.
  - 6. The method of claim 1 where the secure region comprises a range of addresses of the memory.

7. A method of executing program code in a secure manner in a data processor, comprising:
- fetching an instruction for execution;
  
  determining that the instruction that the instruction has access privileges for accessing a specified location within a memory; and
  
  accessing the specified location only when the instruction has privileges for accessing the specified location, where the determining is performed in part by converting the specified location into a physical address via a memory control unit.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 further comprising disabling interrupts before fetching the instruction.
  - 9. The method of claim 7 wherein the memory control unit controls all access to the memory by any instruction.
  - 10. The method of claim 7 where the accessing the specified location comprises accessing code in a secure portion of the memory.
  - 11. The method of claim 7 further comprising:
    - comparing the specified location with a set of predetermined entry locations;
      
      executing the instruction at the specified location only if it is contained in the set of locations, wherein the set of locations corresponds to a table of physical addresses and corresponding access privileges.

12. A method of executing program code in a secure manner in a data processor, comprising:
- fetching an instruction for execution;
  
  determining that the instruction accesses a specified location within a secure region of the memory;
  
  accessing the specified location only when the instruction is accompanied by corresponding current privilege level data, where the determining is carried at least in part via conversion of the specified location to a physical address in the memory; and
  
  further comprising;
  
  comparing the specified location with a set of predetermined entry locations;
  
  executing the instruction at the second location only if it is contained in the set of locations;
  
  comparing the current privilege level with a predetermined required privilege level associated with the second location;
  
  executing the instruction at the second location only if the current privilege level is at least as high as the required privilege level.

13. A method of executing program code in a secure manner in a data processor, comprising:
- fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence;
  
  determining virtual addresses that the code accesses;
  
  converting, by a control logic unit, the specific addresses to corresponding physical addresses;
  
  accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and
  
  executing at least a part of the sequence atomically.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 where executing at least part of the sequence atomically comprises replacing a normal interrupt handler with another handler that prevents accesses to the physical addresses during execution of the code.
  - 15. The method of claim 13 where executing at least part of the sequence atomically comprises restricting the operation of processor interrupts to a processor executing the code while the sequence of instructions is executing.
  - 16. The method of claim 13 where executing at least part of the sequence atomically comprises preventing processor interrupts to a processor executing the code while the sequence of instructions is executing.

17. A method of executing program code in a secure manner in a data processor, comprising:
- fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence;
  
  determining virtual addresses that the code accesses;
  
  converting, by a control logic unit, the specific addresses to corresponding physical addresses;
  
  determining that the physical addresses correspond to a secure region of a memory;
  
  accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and
  
  destroying at least some data upon occurrence of a specified event.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17 wherein the destroyed data comprises contents of at least some locations in the secure memory.
  - 19. The method of claim 17 wherein the destroyed data comprises contents of at least one register of a processor executing the code.
  - 20. The method of claim 17 where the event is an interrupt sent to a processor executing the code.
  - 21. The method of claim 17 where the event is a reboot of the processor executing the code.
  - 22. The method of claim 17 where the event is an attempt by a device external to the processor executing the code to access the secure memory region.

23. A method of executing program code in a secure manner in a data processor, comprising:
- fetching a sequence of instructions in the code, the sequence of instructions including a privilege level associated with the sequence;
  
  determining virtual addresses that the code accesses;
  
  converting, by a control logic unit, the specific addresses to corresponding physical addresses;
  
  determining that the physical addresses correspond to a secure region of a memory;
  
  accessing the secure memory region only when privilege level associated with the sequence equals or exceeds a privilege level associated with the physical addresses; and
  
  restricting access to the secure memory region by devices external to a processor executing the code.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23 where access is restricted during execution of the code.
  - 25. The method of claim 23 where restricting access to the secure memory region comprises locking a memory bus coupled to the memory.
  - 26. The method of claim 23 where restricting access to the secure memory region comprises preventing a bus master from accessing the region.

27. A method of executing program code in a secure manner in a data processor, comprising:
- fetching a sequence of instructions in the code;
  
  determining specific addresses that the code accesses;
  
  converting, by a control logic unit, the specific addresses to corresponding physical addresses;
  
  determining privilege levels required in order to access the respective physical addresses;
  
  comparing the determined privilege levels to privilege levels associated with the sequence of instructions; and
  
  accessing the secure memory region only when the determined privilege levels meet or exceed a threshold privilege level determined from the associated privilege levels.

28. A method of executing program code in a secure manner in a data processor, comprising:
- fetching code comprising a sequence of instructions, the sequence of instructions including a privilege level associated with the sequence;
  
  determining virtual addresses that the code accesses;
  
  converting, by a control logic unit, the specific addresses to corresponding physical addresses;
  
  determining that the physical addresses correspond to one of multiple secure rings within the memory;
  
  accessing the first ring only if the sequence includes a privilege level corresponding to the first ring to a ring higher in an hierarchy of the multiple secure rings of the memory.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The method of claim 28 where the secure memory region comprises a range of addresses in the memory.
  - 30. The method of claim 28 where the secure rings comprise ranges of addresses within an address range of the secure memory region.
  - 31. The method of claim 28 where the hierarchy has two secure levels within an outer unsecure level.
  - 32. The method of claim 31 where one of the secure rings is higher in the hierarchy than the other ring.
  - 33. The method of claim 28 where the memory has at least first and second subrings within one of the secure rings, and further comprising:
    - determining whether the code accesses the first subring within the first ring;
      
      accessing the first subring only if the code is located within the first subring of the one ring;
      
      determining whether the code accesses the second subring of the one ring; and
      
      accessing the second subring only if the code is located within the second subring of the one ring.
  - 34. The method of claim 33 further comprising:
    - determining whether the code accesses the one ring outside both the first and the second subrings; and
      
      accessing the one ring outside both the first and the second subrings of the first ring if the code is located within either the first or the second subring of the one ring.
  - 35. The method of claim 32 where another of the secure rings is inner to the one ring, and further comprising:
    - determining whether the code accesses the one ring, including the first and second subrings thereof; and
      
      accessing the one ring, including the first and second subrings, if the code is located in the other, inner ring.
  - 36. A medium carrying computer readable representations for causing a computer to carry out the method of claim 28.

37. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory; and
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level corresponds to one or more predetermined regions of the memory.
- View Dependent Claims (38)
- - 38. The data processor of claim 37 where at least one of the predetermined memory regions is defined by a range of addresses in the memory.

39. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory; and
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where at least a portion of one of the predetermined memory regions is implemented in a technology different from that of the remainder of the same portion.

40. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory;
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where at least a portion of one of the predetermined memory regions is implemented in a technology different from that of at least a portion of another one of the regions.

41. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory;
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of a memory, where the memory is on the same module with the instruction decoder, the instruction pointer, and the control logic.
- View Dependent Claims (42, 43, 44, 45, 46)
- - 42. The data processor of claim 41 where the memory is on the same integrated-circuit chip with the instruction decoder, the instruction pointer, and the control logic.
  - 43. The data processor of claim 41 where the memory includes a flash memory for holding the secure code.
  - 44. The data processor of claim 43 where the memory further includes read/write memory accessible to the secure code.
  - 45. The data processor of claim 44 where the instruction decoder responds to one of a defined set of distinguished operation codes for identifying the current instruction as accessing secure code.
  - 46. The data processor of claim 45 where the instruction decoder executes a current instruction having one of the distinguished operation codes only when the current instruction matches one of a set of defined target locations in the memory.

47. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory;
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, where the instruction decoder responds to one of a defined set of distinguished operation codes for identifying the current instruction as accessing secure code, where the processor operates at multiple different privilege levels, and where the instruction decoder executes a current instruction having at least one of the distinguished operation codes only if the processor is currently operating at a particular one of the levels.

48. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction belongs to the secure code when the current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory;
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, and further comprising curtain logic coupled to the instruction decoder for restricting access to a predetermined range of addresses in the memory by any instruction not belonging to the secure code.
- View Dependent Claims (49, 50)
- - 49. The data processor of claim 48 further comprising a bus lock responsive to the curtain logic for prohibiting access to the predetermined address range during execution of the secure code.
  - 50. The data processor of claim 49 where the system includes at least one bus master external to the processor, and where the bus lock disables any bus master during execution of the secure code.

51. A data processor for executing secure code residing in a memory, comprising:
- an instruction decoder for determining that a current instruction belongs to the secure code when the current instruction has an associated privilege level appropriate to a secure portion of a memory;
  
  an instruction pointer for holding an address of a current instruction in the memory;
  
  control logic coupled to the instruction decoder for executing the current instruction only when the associated privilege level is appropriate to the secure portion of the memory, and further comprising an interrupt handler for restricting processing of interrupts during execution of the secure code.
- View Dependent Claims (52, 53)
- - 52. The data processor of claim 51 where the interrupt handler disables interrupts during execution of the secure code.
  - 53. The data processor of claim 51 where the interrupt handler disallows devices external to the processor from accessing at least one of the predetermined memory regions during execution of the secure code.

54. A medium bearing a computer readable representation configured to cause a processor to execute curtained code, wherein the computer readable representation is further configured to cause the processor to execute the curtained code in response to determining that the curtained code corresponds to a privilege level associated with physical addresses corresponding to virtual addresses accessed by the curtained code.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. The medium of claim 54, wherein the computer readable representation is further configured to cause the processor to execute the curtained code from a curtained portion of a memory having multiple portions each bearing a respective security curtain level.
  - 56. The medium of claim 54, wherein the computer readable representation is further configured to cause the processor to execute the curtained code from a curtained portion of a memory that also includes open portions exclusive of the curtained portion.
  - 57. The medium of claim 54, wherein the computer readable representation is further configured to cause the processor to execute the curtained code from a predetermined portion of a memory comprising multiple segregated curtained portions each requiring a different access privilege level to be associated with the code accessing the multiple portions.
  - 58. The medium of claim 54, wherein the computer readable representation is further configured to cause the processor to execute the curtained code atomically.
  - 59. The medium of claim 54, wherein the computer readable representation configured to cause a processor to execute curtained code comprises a computer readable representation configured to:
    - fetch a sequence of instructions in the code;
      
      determine that the sequence has an associated privilege level appropriate to a secure portion of a memory;
      
      determine that the code accesses the secure region;
      
      access the secure memory region only when the associated privilege level is appropriate to the secure portion of the memory; and
      
      destroying at least some data upon occurrence of a specified event.
  - 60. The medium of claim 54, wherein the computer readable representation configured to cause a processor to execute curtained code comprises a computer readable representation configured to:
    - fetch a sequence of instructions in the code;
      
      determine that the sequence has an associated privilege level appropriate to a secure portion of a memory;
      
      determine that the code accesses the secure region of a memory;
      
      access the secure memory region only when the associated privilege level is appropriate to the secure portion of the memory;
      
      destroy at least some data upon occurrence of an interrupt sent to a processor executing the code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Lampson, Butler W.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US10/667,612
Publication Number

US 20040044906A1
Time in Patent Office

918 Days
Field of Search

713/164, 713/166, 713/167, 713/193, 711/152, 711/153, 711/163, 711/164, 707/9, 709/100, 712/205, 712/211, 712/214, 726/26, 726/27
US Class Current

713/166
CPC Class Codes

G06F 12/1491 in a hierarchical protectio...

G06F 21/53 by executing in a restricte...

Secure execution of program code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

135 Citations

60 Claims

Specification

Use Cases

Quick Links

Others

Secure execution of program code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

60 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others