Obscuring memory access patterns in conjunction with deadlock detection or avoidance

US 9,524,240 B2
Filed: 03/01/2013
Issued: 12/20/2016
Est. Priority Date: 12/28/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

loading data into locations of a memory and executing one or more monitor instruction for the locations;

determining that the data at a target location of the locations must be accessed for a cryptographic calculation;

determining, in response to the determination that the data at the target location must be accessed, whether the data at one or more of the locations has been evicted by access of another thread;

reading the data from the memory responsive to a determination that the data at the one or more of the locations has been evicted by an access of another thread; and

performing a cryptographic calculation with the data at the target location;

wherein determining whether the data at the one or more of the locations has been evicted further comprises polling of a status bit to determine whether the data at any of the locations has been evicted by the access of the other thread.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and systems for memory access obscuration are provided. A first embodiment provides memory access obscuration in conjunction with deadlock avoidance. Such embodiment utilizes processor features including an instruction to enable monitoring of specified cache lines and an instruction that sets a status bit responsive to any foreign access (e.g., write or eviction due to a read) to the specified lines. A second embodiment provides memory access obscuration in conjunction with deadlock detection. Such embodiment utilizes the monitoring feature, as well as handler registration. A user-level handler may be asynchronously invoked responsive to a foreign write to any of the specified lines. Invocation of the handler more frequently than expected indicates that a deadlock may have been encountered. In such case, a deadlock policy may be enforced. Other embodiments are also described and claimed.

19 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- loading data into locations of a memory and executing one or more monitor instruction for the locations;
  
  determining that the data at a target location of the locations must be accessed for a cryptographic calculation;
  
  determining, in response to the determination that the data at the target location must be accessed, whether the data at one or more of the locations has been evicted by access of another thread;
  
  reading the data from the memory responsive to a determination that the data at the one or more of the locations has been evicted by an access of another thread; and
  
  performing a cryptographic calculation with the data at the target location;
  
  wherein determining whether the data at the one or more of the locations has been evicted further comprises polling of a status bit to determine whether the data at any of the locations has been evicted by the access of the other thread.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - reading only a portion of the data from the memory, responsive to determining that the data at the locations remains unmodified.
  - 3. The method of claim 1, wherein:
    - said memory further comprises a local cache.
  - 4. The method of claim 1, wherein:
    - said status bit is part of a status register that may be read via execution of an architectural instruction.
  - 5. The method of claim 1, wherein said one or more monitor instruction further comprises:
    - an architectural instruction to set the status bit responsive to eviction of one or more of the monitored locations.
  - 6. The method of claim 1, wherein:
    - loading the data comprises loading a pre-computed table including cryptography data into a portion of a local memory to span at least two cache sets.
  - 7. The method of claim 1, wherein reading the data from the memory comprises reading the data from the memory in a pre-specified order.
  - 8. The method of claim 1, wherein reading the data from the memory comprises reading the data from the memory in an arbitrary order.

9. An article comprising:
- a non-transitory tangible storage medium having a plurality of machine accessible instructions;
  
  wherein, when the instructions are executed by a processor, the instructions provide for;
  
  loading data into specified locations of a memory and executing one or more monitor instruction for the specified locations;
  
  determining whether the data at any of the specified locations has been evicted by an access of another thread by polling a status bit;
  
  reading the data from all of the specified locations of the memory responsive to determining that the data at one or more of the specified locations has been evicted by the access of the other thread; and
  
  reading the data from only a portion of interest of the specified locations of the memory responsive to determining that none of the data at the specified locations has been evicted.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The article of claim 9, wherein:
    - said memory further comprises a local cache.
  - 11. The article of claim 9, wherein said instructions that provide for said polling further provide for, when executed by a processor:
    - said polling is performed via execution of an architectural instruction.
  - 12. The article of claim 9 wherein:
    - said status bit is part of a status register that may be read via execution of an architectural instruction.
  - 13. The article of claim 9, wherein said one or more monitor instruction further comprises:
    - an architectural instruction to set the status bit responsive to a foreign write to one or more of the specified locations.
  - 14. The article of claim 9, wherein said one or more monitor instruction further comprises:
    - an architectural instruction to set the status bit responsive to eviction, due to a foreign read, of one or more of the specified locations.
  - 15. The article of claim 9, wherein the instructions provide for resetting the status bit to a default value in response to reading the data from the memory structure, in a pre-specified order, responsive to determining that the data at the one or more of the specified locations has been accessed by another thread.
  - 16. The article of claim 9, wherein reading the data from all of the specified locations of the memory comprises reading the data from all of the specified locations of the memory in a pre-specified order.

17. A system, comprising:
- a memory resource coupled to a first thread unit and a second thread unit;
  
  the first thread unit including in its instruction set architecture one or more instructions to monitor specified locations of the memory resource;
  
  wherein the instruction set architecture of the first thread unit further includes an instruction to set a status bit responsive to an access, by the second thread unit, to any of the specified locations;
  
  and wherein the memory resource is further to store code that includes instructions for the first thread unit (i) to read all of the specified locations in response to a first value of the status bit indicating that one of the specified locations has been accessed and (ii) to read only a portion of interest of the specified locations in response to a second value of the status bit indicating that none of the specified locations has been accessed.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the memory resource is further to store code that includes instructions for the first thread unit to reset the status bit to the second value in response to the first thread unit having read all of the specified locations.
  - 19. The system of claim 17, wherein the instruction to set the status bit responsive to an access comprises an instruction to set a status bit response to an eviction, by the second thread unit, of data stored in any of the specified locations.
  - 20. The system of claim 17, wherein the specified locations of the memory resources comprise at least two cache sets of the system and the status bit is one bit of a transaction register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Gueron, Shay, Sheaffer, Gad, Raikin, Shlomo
Primary Examiner(s)
SIMONETTI, NICHOLAS J

Application Number

US13/782,416
Publication Number

US 20130179643A1
Time in Patent Office

1,390 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/0802   Addressing of a memory leve...

G06F 12/0808   with cache invalidating mea...

G06F 21/556   involving covert channels, ...

G06F 2201/885   Monitoring specific for caches

G06F 2212/1052   Security improvement

H04L 9/003   for power analysis, e.g. di...

Obscuring memory access patterns in conjunction with deadlock detection or avoidance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Obscuring memory access patterns in conjunction with deadlock detection or avoidance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links