Tamper resistant memory protection
First Claim
1. A system for protecting security of memory in a computing environment, the system comprising:
- a hardware memory comprising a plurality of memory units;
at least one memory unit of said plurality of memory units configured to house a memory page comprising memory page header data, code, sensitive data, and other data;
an encryption layer configured to encrypt at least said memory page header data, said code, and said sensitive data of the memory page and configured to leave said other data of the memory page unencrypted, wherein said encryption layer prevents reading of said memory page header data, said code, and said sensitive data;
a hashing layer configured to hash at least said memory page header data into a memory page header hash, said code into a code hash, and said sensitive data into a sensitive data hash and to subsequently hash a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data, wherein said hashing layer prevents any changes to said memory page header data, said code, and said sensitive data;
a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive data housed in said at least one memory unit, and manage dynamic encryption and hashing of said memory page header data, said code, and said sensitive data; and
a module configured to store said encrypted and combined hashed memory page header data, code and sensitive data, and said other data in dynamic memory of said computing environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.
-
Citations
18 Claims
-
1. A system for protecting security of memory in a computing environment, the system comprising:
-
a hardware memory comprising a plurality of memory units; at least one memory unit of said plurality of memory units configured to house a memory page comprising memory page header data, code, sensitive data, and other data; an encryption layer configured to encrypt at least said memory page header data, said code, and said sensitive data of the memory page and configured to leave said other data of the memory page unencrypted, wherein said encryption layer prevents reading of said memory page header data, said code, and said sensitive data; a hashing layer configured to hash at least said memory page header data into a memory page header hash, said code into a code hash, and said sensitive data into a sensitive data hash and to subsequently hash a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data, wherein said hashing layer prevents any changes to said memory page header data, said code, and said sensitive data; a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive data housed in said at least one memory unit, and manage dynamic encryption and hashing of said memory page header data, said code, and said sensitive data; and a module configured to store said encrypted and combined hashed memory page header data, code and sensitive data, and said other data in dynamic memory of said computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for preventing tampering with memory in a computing environment, the method comprising:
-
receiving a memory page comprising memory page header data, code, sensitive data, and non-sensitive data; encrypting said memory page header data, said code, and said sensitive data of the memory page while leaving said non-sensitive data of the memory page unencrypted; hashing said memory page header data into a memory page header hash, hashing said code into a code hash, and hashing said sensitive data into a sensitive data hash, and subsequently hashing a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data; and storing said encrypted and combined hashed memory page header data, code, and sensitive data of the memory page and the unencrypted non-sensitive data of the memory page in a dynamic memory of a computing device. - View Dependent Claims (13, 14, 15)
-
-
16. A computer-readable storage medium, other than a signal, storing thereon computer-executable instructions for preventing tampering with memory in a computing environment, the computer-executable instructions comprising instructions for:
-
receiving a memory page comprising memory page header data, code, sensitive data, and non-sensitive data; encrypting said memory page header data, said code, and said sensitive data of the memory page while leaving said non-sensitive data of the memory page unencrypted; hashing said memory page header data into a memory page header hash, hashing said code into a code hash, and hashing said sensitive data into a sensitive data hash, and subsequently hashing a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data; and storing said encrypted and combined hashed memory page header data, code, and sensitive data of the memory page and the unencrypted non-sensitive data of the memory page in a dynamic memory of a computing device. - View Dependent Claims (17, 18)
-
Specification