Protecting software environment in isolated execution

US 7,380,278 B2
Filed: 03/21/2006
Issued: 05/27/2008
Est. Priority Date: 03/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A processing system, comprising:

a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;

random access memory responsive to the processor, the random access memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;

an operating system (OS) nub in the processing system;

a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the processing system;

a usage protector to utilize the OSNK to detect modification of a software environment in the processing system; and

wherein the OS nub comprises part of an OS to run on the processing system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.

28 Citations

View as Search Results

14 Claims

1. A processing system, comprising:
- a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
  
  random access memory responsive to the processor, the random access memory to include (a) an ordinary memory area that can be accessed from the normal ring 0 operating mode, and (b) an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode;
  
  an operating system (OS) nub in the processing system;
  
  a key generator to generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the processing system;
  
  a usage protector to utilize the OSNK to detect modification of a software environment in the processing system; and
  
  wherein the OS nub comprises part of an OS to run on the processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A processing system according to claim 1, further comprising:
    - a usage protector to perform at least one operation selected from the group consisting of;
      
      encrypting data from the isolated memory area; and
      
      decrypting data from the isolated memory area.
  - 3. A processing system according to claim 1, comprising:
    - the isolated execution mode to have higher privilege than the normal ring 0 operating mode.
  - 4. A processing system according to claim 1, comprising:
    - the OS nub to reside in the isolated memory area of the processing system.
  - 5. A processing system according to claim 1, comprising:
    - the OSNK to reside in the isolated memory area of the processing system.
  - 6. A processing system according to claim 1, wherein the OSNK is unique to the OS nub.
  - 7. A processing system according to claim 1, further comprising:
    - a software environment to include the OS nub; and
      
      a usage protector to utilize the OSNK to detect modification of the software environment.

8. A method to be performed by a processing system having a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode;
- the method comprising;
  
  establishing an ordinary memory area in a random access memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
  
  establishing an isolated memory area in the random access memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode;
  
  generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the processing system;
  
  utilizing the OSNK to detect modification of a software environment in the processing system; and
  
  wherein the OS nub comprises part of an OS to run on the processing system.
- View Dependent Claims (9, 10, 11)
- - 9. A method according to claim 8, further comprising:
    - loading the OS nub into the isolated memory area during a boot process for the processing system.
  - 10. A method according to claim 8, further comprising at least one operation from the group consisting of:
    - encrypting data from the isolated memory area; and
      
      decrypting data from the isolated memory area.
  - 11. A method according to claim 8, wherein:
    - when the processing system is performing at least part of the method, the isolated execution mode has higher privilege than the normal ring 0 operating mode.

12. A manufacture comprising:
- processor-readable medium; and
  
  instructions in the processor-readable medium, wherein the instructions, when executed in a processing system with a processor capable of operating in (a) a normal ring 0 operating mode, (b) one or more higher ring operating modes above the normal ring 0 operating mode, and (c) an isolated execution mode, cause the processing system to perform operations comprising;
  
  establishing an ordinary memory area in a random access memory responsive to the processor, the ordinary memory area to be accessible from the normal ring 0 operating mode;
  
  establishing an isolated memory area in the random access memory, the isolated memory area to be accessible from the isolated execution mode and inaccessible from the normal ring 0 operating mode;
  
  generating an operating system (OS) nub key (OSNK) based at least in part on (a) an identification of an OS nub in the processing system and (b) a master binding key (BK0) of the processing systemutilizing the OSNK to detect modification of a software environment in the processing system; and
  
  wherein the OS nub comprises part of the part of an OS to run on the processing system.
- View Dependent Claims (13, 14)
- - 13. A manufacture according to claim 12, the instructions to cause the processing system to load the OS nub into the isolated memory area during a boot process for the processing system.
  - 14. A manufacture according to claim 12, the instructions to cause the processing system to perform at least one operation from the group consisting of:
    - encrypting data from the isolated memory area; and
      
      decrypting data from the isolated memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Reneris, Ken, Golliver, Roger A., Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C.
Primary Examiner(s)
Revak; Christopher
Assistant Examiner(s)
Abrishamkar; Kaveh

Application Number

US11/386,269
Publication Number

US 20060206943A1
Time in Patent Office

798 Days
Field of Search

726/26, 713/165, 713/190, 713/164, 380/44, 380/45
US Class Current

726/26
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/562   Static detection

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 2221/2105   Dual mode as a secondary as...

G06F 9/468   Specific access rights for ...

Protecting software environment in isolated execution

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting software environment in isolated execution

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links