Security and safety manager implementation in a multi-core processor

US 8,572,404 B2
Filed: 11/04/2011
Issued: 10/29/2013
Est. Priority Date: 11/04/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a multi-core computer processor;

wherein one or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor;

wherein an operating system of the security co-processor is independent of operating systems of the other cores of the multi-core processor;

wherein the security co-processor is configured to boot before the other cores and to enforce security policy on the other cores;

wherein the security co-processor is configured to enforce one or more privilege levels including an untrusted level, a user level, a supervisor level, and a maintenance level;

wherein the untrusted level comprises processing downloaded software code from a party other than an administrator of the system;

wherein the user level comprises processing software code and data from a source approved by the administrator of the system;

wherein the supervisor level comprises dynamic management of the system including changing operating system settings and changing hardware settings; and

wherein the maintenance level comprises changes that affect the security of the system including processing kernel updates, updating keys for authentication, and privileged operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a multi-core computer processor. One or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor, and one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor. An operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor. The security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce security policy and/or safety policy on the other cores.

19 Citations

View as Search Results

18 Claims

1. A system comprising:
- a multi-core computer processor;
  
  wherein one or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor;
  
  wherein an operating system of the security co-processor is independent of operating systems of the other cores of the multi-core processor;
  
  wherein the security co-processor is configured to boot before the other cores and to enforce security policy on the other cores;
  
  wherein the security co-processor is configured to enforce one or more privilege levels including an untrusted level, a user level, a supervisor level, and a maintenance level;
  
  wherein the untrusted level comprises processing downloaded software code from a party other than an administrator of the system;
  
  wherein the user level comprises processing software code and data from a source approved by the administrator of the system;
  
  wherein the supervisor level comprises dynamic management of the system including changing operating system settings and changing hardware settings; and
  
  wherein the maintenance level comprises changes that affect the security of the system including processing kernel updates, updating keys for authentication, and privileged operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
- - 2. The system of claim 1, wherein the security co-processor comprises a single core.
  - 3. The system of claim 1, wherein the security co-processor comprises a distributed firewall.
  - 4. The system of claim 1, wherein the security co-processor is configured to control access control hardware including a memory management unit.
  - 5. The system of claim 1, wherein the untrusted level comprises a limited access to random access memory and no write access to certain files.
  - 6. The system of claim 1, wherein the system comprises one of more of a control system for an industrial process, a supervisory control and data acquisition process (SCADA), a system for a building control process, and a control system for an aircraft.
  - 7. The system of claim 1, wherein the security co-processor is configured to handle device input and device output in the system.
  - 12. The system of claim 1, wherein the safety manager co-processor is configured to handle device input and device output in the system.

8. A system comprising:
- a multi-core computer processor;
  
  wherein one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor;
  
  wherein an operating system of the safety manager co-processor is independent of operating systems of the other cores of the multi-core processor;
  
  wherein the safety manager co-processor is configured to boot before the other cores and to enforce safety policy on the other cores;
  
  wherein the safety manager co-processor is configured to enforce one or more privilege levels including an untrusted level, a user level, a supervisor level, and a maintenance level;
  
  wherein the untrusted level comprises processing downloaded software code from a party other than an administrator of the system;
  
  wherein the user level comprises processing software code and data from a source approved by the administrator of the system;
  
  wherein the supervisor level comprises dynamic management of the system including changing operating system settings and changing hardware settings; and
  
  wherein the maintenance level comprises changes that affect the security of the system including processing kernel updates, updating keys for authentication, and privileged operations.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein the safety manager co-processor comprises a single core.
  - 10. The system of claim 8, wherein the safety manager co-processor is configured to control access control hardware including a memory management unit.
  - 11. The system of claim 8, wherein the system comprises one or more of a control system for an industrial process, a supervisory control and data acquisition process (SCADA), a system for a building control process, and a control system for an aircraft.

13. A system comprising:
- a multi-core computer processor;
  
  wherein one or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor;
  
  wherein one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor;
  
  wherein one or more of an operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor;
  
  wherein one or more of the security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce one or more of security policy and safety policy on the other cores;
  
  wherein one or more of the security co-processor and the safety manage processor are configured to enforce one or more privilege levels including an untrusted level, a user level, a supervisor level, and a maintenance level;
  
  wherein the untrusted level comprises processing downloaded software code from a party other than an administrator of the system;
  
  wherein the user level comprises processing software code and data from a source approved by the administrator of the system;
  
  wherein the supervisor level comprises dynamic management of the system including changing operating system settings and changing hardware setting; and
  
  wherein the maintenance level comprises changes that affect the security of the system including processing kernel updates, updating keys for authentication, and privileged operations.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the security co-processor and the safety manager co-processor comprise a single core.
  - 15. The system of claim 13, wherein the security co-processor comprises a distributed firewall.
  - 16. The system of claim 13, wherein one or more of the security co-processor and the safety manager co-processor are configured to control access control hardware including a memory management unit.
  - 17. The system of claim 13, wherein the system comprises one or more of a control system for an industrial process, a supervisory control and data acquisition process (SCADA), a system for a building control process, and a control system for an aircraft.
  - 18. The system of claim 13, wherein one or more of the security co-processor and the safety manager co-processor are configured to handle device input and device output in the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Markham, Thomas R., Staggs, Kevin
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US13/289,653
Publication Number

US 20130117803A1
Time in Patent Office

725 Days
Field of Search

726/1, 726/30, 713/189
US Class Current

713/189
CPC Class Codes

G06F 21/575 Secure boot

G06F 21/71 to assure secure computing ...

Security and safety manager implementation in a multi-core processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Security and safety manager implementation in a multi-core processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others