Method and system for process working set isolation

US 9,575,906 B2
Filed: 03/19/2013
Issued: 02/21/2017
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor;

a memory;

a secret key stored in hardware;

a cache having one or more lines comprising data of one or more processes executed on the processor in a secure mode; and

a secure execution controller configured to control access to a first line of the cache using a first secure descriptor based on the secret key and associated with a first process such that only the first process can access the first line of the cache and control access to a second line of cache using a second secure descriptor based on the secret key and associated with a second process such that only the second process can access the second line of the cache, wherein the first secure descriptor and the second secure descriptor are different secure descriptors.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of systems and methods disclosed herein may isolate the working set of a process such that the data of the working set is inaccessible to other processes, even after the original process terminates. More specifically, in certain embodiments, the working set of an executing process may be stored in cache and for any of those cache lines that are written to while in secure mode those cache lines may be associated with a secure descriptor for the currently executing process. The secure descriptor may uniquely specify those cache lines as belonging to the executing secure process such that access to those cache lines can be restricted to only that process.

Citations

21 Claims

1. A system, comprising:
- a processor;
  
  a memory;
  
  a secret key stored in hardware;
  
  a cache having one or more lines comprising data of one or more processes executed on the processor in a secure mode; and
  
  a secure execution controller configured to control access to a first line of the cache using a first secure descriptor based on the secret key and associated with a first process such that only the first process can access the first line of the cache and control access to a second line of cache using a second secure descriptor based on the secret key and associated with a second process such that only the second process can access the second line of the cache, wherein the first secure descriptor and the second secure descriptor are different secure descriptors.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the system was placed in secure mode based on the first secure descriptor.
  - 3. The system of claim 1, wherein the secure execution controller is configured to cause an entire working set of the first process to be stored in the cache and to cause writes to a memory location other than the cache in the secure mode to be disabled.
  - 4. The system of claim 1, wherein the first process has terminated.
  - 5. The system of claim 3, wherein the secure execution controller is configured to cause the first line of the cache to be associated with the first secure descriptor associated with the first process.
  - 6. The system of claim 5, wherein the secure execution controller is configured to cause a security flag associated with the first line of the cache to be set when the first process writes the data.
  - 7. The system of claim 6, wherein the secure execution controller is configured to control access by causing the following steps to be performed:
    - determining that the first line of cache is being accessed by the first process,determining if the first process is executing in secure mode,determining a third secure descriptor associated with the first process,comparing the first secure descriptor and the third secure descriptor, andallowing access only if the first is executing in secure mode and the first secure descriptor matches the third secure descriptor.

8. A method, comprising:
- executing one or more processes on a processor in a secure mode;
  
  storing data in one or more lines of a cache, wherein the data was stored in a first line of the cache by a first process executed on the processor in the secure mode and in a second line of the cache by a second process executed on the processor in the secure mode; and
  
  controlling access to the first line of the cache using a first secure descriptor associated with the first process such that only the first process can access the first line of the cache and controlling access to the second line of the cache using a second secure descriptor associated with the second process such that only the second process can access the second line of the cache, wherein the first secure descriptor and the second secure descriptor are different secure descriptors and are based on a secret key stored in hardware on a system comprising the processor and the cache.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the secure mode was entered based on the first secure descriptor.
  - 10. The method of claim 8, further comprising storing an entire working set of the first process in the cache and disabling writes to a memory location other than the cache in the secure mode.
  - 11. The method of claim 8, wherein the first process has terminated.
  - 12. The method of claim 10, further comprising associating the first line of the cache with the first secure descriptor associated with the first process.
  - 13. The method of claim 12, further comprising setting a security flag associated with the line of the cache when the first process writes the data.
  - 14. The method of claim 13, wherein controlling access comprises:
    - determining that the first line of cache is being accessed by the first process,determining if the first process is executing in secure mode,determining a third secure descriptor associated with the first process,comparing the first secure descriptor and the third secure descriptor, andallowing access only if the first is executing in secure mode and the first secure descriptor matches the third secure descriptor.

15. A non-transitory computer readable medium, comprising instructions for:
- executing one or more processes on a processor in a secure mode;
  
  storing data in one or more lines of a cache, wherein the data was stored in a first line of the cache by a first process executed on the processor in the secure mode and in a second line of the cache by a second process executed on the processor in the secure mode; and
  
  controlling access to the first line of the cache using a first secure descriptor associated with the first process such that only the first process can access the first line of the cache and controlling access to the second line of the cache using a second secure descriptor associated with the second process such that only the second process can access the second line of the cache, wherein the first secure descriptor and the second secure descriptor are different secure descriptors and are based on a secret key stored in hardware on a system comprising the processor and the cache.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, wherein the secure mode was entered based on the first secure descriptor.
  - 17. The non-transitory computer readable medium of claim 15, further comprising instructions for storing an entire working set of the first process in the cache and disabling writes to a memory location other than the cache in the secure mode.
  - 18. The non-transitory computer readable medium of claim 15, wherein the first process has terminated.
  - 19. The non-transitory computer readable medium of claim 17, further comprising instructions for associating the first line of the cache with the first secure descriptor associated with the first process.
  - 20. The non-transitory computer readable medium of claim 19, further comprising instructions for setting a security flag associated with the first line of the cache when the process writes the data.
  - 21. The non-transitory computer readable medium of claim 20, wherein controlling access comprises:
    - determining that the first line of cache is being accessed by the first process,determining if the first process is executing in secure mode,determining a third secure descriptor associated with the first process,comparing the first secure descriptor and the third secure descriptor, andallowing access only if the first is executing in secure mode and the first secure descriptor matches the third secure descriptor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Torus Ventures LLC (Jeffrey M. Gross)
Original Assignee
Rubicon Labs, Inc.
Inventors
Oxford, William V.
Primary Examiner(s)
Chappell, Daniel C

Application Number

US13/847,370
Publication Number

US 20130254494A1
Time in Patent Office

1,435 Days
Field of Search

711/145
US Class Current

1/1
CPC Class Codes

G06F 12/0837   with software control, e.g....

G06F 12/0842   for multiprocessing or mult...

G06F 12/1425   the protection being physic...

G06F 12/1466   Key-lock mechanism

G06F 2212/1052   Security improvement

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3242   involving keyed hash functi...

Method and system for process working set isolation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for process working set isolation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links