Watchdog processors in multicore systems

US 7,958,396 B2
Filed: 05/19/2006
Issued: 06/07/2011
Est. Priority Date: 05/19/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first processor;

at least one second processor, wherein each second processor comprises a respective internal component, each internal component performing a discrete function;

a third processor; and

a bus coupling said first processor, said at least one second processor, and the third processor, wherein the third processor is configured to monitor at least one interaction between the first processor and the at least one second processor via the bus,the third processor and each respective internal component of the at least one second processor being in direct connection via one or more wire connections, each of the one or more wire connections being independent of said bus, and said third processor being configured to monitor each internal component of the at least one second processor via a respective wire connection of the one or more wire connections, the third processor monitoring the at least one interaction between the first processor and the at least one second processor and each internal component, the third processor enforcing one of a plurality of selectable interaction policies between the first processor and the at least one second processor, andthe enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the at least one second processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for securing a multicore computer chip with a watchdog processor. In a system with a watchdog process and any number of other processors and components, the watchdog processor monitors bus communications between the second processor and at least one third component. The watchdog processor may be further independently coupled to at least one of the other components so that it can monitor internal operations of such component, thereby acquiring detailed information about the specific operations of at least one component in the system. The watchdog processor can enforce an interaction policy on bus communications between components, as well as enforce an independent security policy on the monitored components.

53 Citations

View as Search Results

19 Claims

1. A system comprising:
- a first processor;
  
  at least one second processor, wherein each second processor comprises a respective internal component, each internal component performing a discrete function;
  
  a third processor; and
  
  a bus coupling said first processor, said at least one second processor, and the third processor, wherein the third processor is configured to monitor at least one interaction between the first processor and the at least one second processor via the bus,the third processor and each respective internal component of the at least one second processor being in direct connection via one or more wire connections, each of the one or more wire connections being independent of said bus, and said third processor being configured to monitor each internal component of the at least one second processor via a respective wire connection of the one or more wire connections, the third processor monitoring the at least one interaction between the first processor and the at least one second processor and each internal component, the third processor enforcing one of a plurality of selectable interaction policies between the first processor and the at least one second processor, andthe enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the at least one second processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said first processor, at least one second processor, and third processor are located on a single computer chip.
  - 3. The system of claim 1, wherein each respective internal component is a register.
  - 4. The system of claim 1, wherein each respective internal component is a stack pointer table.
  - 5. The system of claim 1, wherein the enforced interaction policy dictates an action to be taken by the third processor upon detection of disapproved behavior between the first processor and at least one second processor.
  - 6. The system of claim 1, wherein the enforced interaction policy is applied depending upon at least one process executing on the first processor.
  - 7. The system of claim 1, wherein the third processor monitors at least one of:
    - system calls, child processes, a program counter, or a pointer access.

8. A system comprising:
- a first processor;
  
  a functional group coupled to said first processor, wherein the functional group comprises a second processor, and a third processor, the third processor comprising a respective internal component, each internal component performing a discrete function; and
  
  a software application comprising a set of application functions and a plurality of selectable interaction policies, wherein said set of application functions are executed by said functional group, and wherein one interaction policy of the plurality of selectable interaction policies is enforced against said functional group by said first processor, and the enforced one interaction policy detects at least one system call that launches a command shell,the enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the third processor.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein said first processor is configured such that the first processor can halt a process running on said third processor.
  - 10. The system of claim 8, wherein said second processor, said third processor and said at least one component are located on a single computer chip.
  - 11. The system of claim 8, wherein said enforced one interaction policy detects if a child process is started on said third processor.
  - 12. The system of claim 8, wherein said enforced one interaction policy identifies a plurality of legal jump instructions.
  - 13. The system of claim 8, wherein said enforced one interaction policy identifies a plurality of legal call instructions.
  - 14. The system of claim 8, wherein said enforced one interaction policy identifies a read access to uninitialized memory.
  - 15. The system of claim 8, wherein the at least one component is one of:
    - a shared memory, a cache, a crypto-processor, or a storage unit.
  - 16. The system of claim 8, wherein said enforced one interaction policy is a dynamically evolving processor policy.

17. A system comprising:
- a first processor coupled to a bus, and configured to monitor an interaction of a second processor and a third processor, wherein said first processor is configured to enforce one of a plurality of selectable interaction policies against said second processor and third processor;
  
  at least one wire connection for monitoring an internal component of the second processor, wherein the first processor monitors the interaction between the second processor and the third processor and monitors the internal component in order to enforce the one interaction policy of the plurality of selectable interaction polices, wherein said second processor is coupled to said third processor via said bus and wherein said second processor is configured to initiate at least one process on said third processor,the enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the second processor.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein said enforced one interaction policy is a dynamically evolving processor policy.
  - 19. The system of claim 18, wherein said dynamically evolving interaction policy identifies one of:
    - normal behavior or abnormal behavior of one or more of said second and said third processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chitsaz, Behrooz, Kirovski, Darko
Primary Examiner(s)
Baderman; Scott T
Assistant Examiner(s)
SCHELL, JOSEPH O

Application Number

US11/437,341
Publication Number

US 20070294601A1
Time in Patent Office

1,845 Days
Field of Search

714/27, 714/31, 714/32, 714/55, 714/57, 714/39, 714/26
US Class Current

714/31
CPC Class Codes

G06F 11/0724   in a multiprocessor or a mu...

G06F 11/0757   by exceeding a time limit, ...

G06F 11/349   for interfaces, buses

G06F 21/606   by securing the transmissio...

G06F 2221/2101   Auditing as a secondary aspect

Watchdog processors in multicore systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Watchdog processors in multicore systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others