Instruction set adapted for security risk monitoring
First Claim
1. A processor operable to execute instructions of a defined instruction set architecture comprising:
- one or more instructions configured to execute directly in hardware on the processor in machine code defined for the defined instruction set architecture, a single instruction of the one or more instructions specified in the instruction set architecture to access data from one or more sources and to receive a taint indicator indicative of potential security risk associated with the data;
one or more taint storage elements configured to update in response to receipt of the taint indicator; and
logic configured in hardware on the processor to execute the single instruction by performing at least updating the one or more taint storage elements, processing the one or more taint storage elements, determining a security risk condition based at least partially on the processing of the one or more taint storage elements; and
responding to the security risk condition.
7 Assignments
0 Petitions
Accused Products
Abstract
A processor is adapted to manage security risk by updating and monitoring a taint storage element in response to receipt of taint indicators, and responding to predetermined taint conditions detecting by the monitoring. The processor can be operable to execute instructions of a defined instruction set architecture and comprises an instruction of the instruction set architecture operable to access data from a source and operable to receive a taint indicator indicative of potential security risk associated with the data. The processor can further comprise a taint storage element operable for updating in response to receipt of the taint indicator and logic. The logic can be operable to update the taint storage element, process the taint storage element, determine a security risk condition based on the processing of the taint storage element, and respond to the security risk condition.
162 Citations
39 Claims
-
1. A processor operable to execute instructions of a defined instruction set architecture comprising:
-
one or more instructions configured to execute directly in hardware on the processor in machine code defined for the defined instruction set architecture, a single instruction of the one or more instructions specified in the instruction set architecture to access data from one or more sources and to receive a taint indicator indicative of potential security risk associated with the data; one or more taint storage elements configured to update in response to receipt of the taint indicator; and logic configured in hardware on the processor to execute the single instruction by performing at least updating the one or more taint storage elements, processing the one or more taint storage elements, determining a security risk condition based at least partially on the processing of the one or more taint storage elements; and
responding to the security risk condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A processor operable to execute instructions of a defined instruction set architecture comprising:
-
one or more instructions configured to execute directly in hardware on the processor in machine code defined for the defined instruction set architecture, a single instruction of the one or more instructions specified in the instruction set architecture to store to one or more predetermined memory addresses that store to a hash of the one or more predetermined memory addresses; and logic configured in hardware on the processor to execute the single instruction by performing at least computing a hash of the one or more predetermined memory addresses and storing to the hash of the one or more predetermined memory addresses.
-
-
39. A processor operable to execute instructions of a defined instruction set architecture comprising:
-
one or more instructions configured to execute directly in hardware on the processor in machine code defined for the defined instruction set architecture, a single instruction of the one or more instructions specified in the instruction set architecture to operate on data at one or more destinations that pass one or more taint indicator aspects associated with the one or more destinations; one or more taint storage elements configured to update in response to receipt of one or more taint indicators; and logic configured in hardware on the processor to the single instruction by performing at least processing the taint storage element, deriving the one or more taint indicator aspects based at least partially on the one or more taint indicators and/or the one or more processed taint storage elements associated with the one or more destinations, and passing the one or more taint indicator aspects.
-
Specification