Address validation using signatures

US 9,749,319 B2
Filed: 09/28/2015
Issued: 08/29/2017
Est. Priority Date: 05/20/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a component from a device, a plurality of first requests, each of the plurality of first requests for a corresponding physical address and including a corresponding virtual address;

for each of the plurality of first requests, in response to receiving the respective request from the plurality of first requests;

determining, by the component, a first physical address using the corresponding virtual address;

generating a first signature for the first physical address, the first signature for use to validate the first physical address;

generating a first error-detecting code value for a response to the first request using the first signature and the first physical address, wherein the first error-detecting code value is a different value than the first signature;

generating the response to the first request that comprises i) an error-detecting code field that includes the first error-detecting code value and ii) a body that includes the first physical address and does not include the first signature; and

providing, to the device, the response that includes the first error-detecting code value;

receiving, from the device, a plurality of second requests, each of the plurality of second requests for access to a corresponding second physical address and including a corresponding second error-detecting code;

determining, by the component for each of the plurality of second requests, whether to allow the device access to a memory location identified by the corresponding second physical address based on determining whether the corresponding second physical address is valid using the corresponding second error-detecting code; and

for each second request for which the second physical address is determined to be valid using the second error-detecting code of the corresponding second request, servicing the corresponding second request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request.

28 Citations

View as Search Results

29 Claims

1. A computer-implemented method comprising:
- receiving, by a component from a device, a plurality of first requests, each of the plurality of first requests for a corresponding physical address and including a corresponding virtual address;
  
  for each of the plurality of first requests, in response to receiving the respective request from the plurality of first requests;
  
  determining, by the component, a first physical address using the corresponding virtual address;
  
  generating a first signature for the first physical address, the first signature for use to validate the first physical address;
  
  generating a first error-detecting code value for a response to the first request using the first signature and the first physical address, wherein the first error-detecting code value is a different value than the first signature;
  
  generating the response to the first request that comprises i) an error-detecting code field that includes the first error-detecting code value and ii) a body that includes the first physical address and does not include the first signature; and
  
  providing, to the device, the response that includes the first error-detecting code value;
  
  receiving, from the device, a plurality of second requests, each of the plurality of second requests for access to a corresponding second physical address and including a corresponding second error-detecting code;
  
  determining, by the component for each of the plurality of second requests, whether to allow the device access to a memory location identified by the corresponding second physical address based on determining whether the corresponding second physical address is valid using the corresponding second error-detecting code; and
  
  for each second request for which the second physical address is determined to be valid using the second error-detecting code of the corresponding second request, servicing the corresponding second request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, comprising:
    - for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request, not servicing the corresponding second request.
  - 3. The method of claim 2, wherein not servicing the corresponding second request for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request comprises denying the corresponding second request.
  - 4. The method of claim 2, wherein not servicing the corresponding second request for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request comprises logging, for the corresponding second request, a corresponding error indicating the corresponding second request.
  - 5. The method of claim 2, wherein not servicing the corresponding second request for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request comprises resetting or halting the device.
  - 6. The method of claim 2, wherein not servicing the corresponding second request for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request comprises changing a secret value for the device.
  - 7. The method of claim 2, wherein not servicing the corresponding second request for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request comprises disabling the device'"'"'s access to a memory.
  - 8. The method of claim 2, comprising:
    - servicing at least one of the plurality of second requests; and
      
      not servicing at least another one of the plurality of second requests.
  - 9. The method of claim 1, comprising:
    - receiving a particular request from the device;
      
      determining whether the particular request includes a virtual address; and
      
      determining whether the particular request is i) one of the plurality of first requests in response to determining that the particular request includes a virtual address or ii) one of the plurality of second requests in response to determining that the particular request does not include a virtual address.
  - 10. The method of claim 1, wherein:
    - each of the plurality of first requests comprises the corresponding virtual address, and an identifier for the device;
      
      generating, for each of the plurality of first requests, the first signature for the first physical address comprises;
      
      determining a secret value using the identifier;
      
      generating a hash value using the first physical address and the secret value; and
      
      generating the first signature using at least a portion of the hash value.
  - 11. The method of claim 10, wherein the identifier for the device comprises a device bus number for the device.
  - 12. The method of claim 10, wherein:
    - each of the plurality of second requests comprises the corresponding second physical address, the corresponding second error-detecting code, and the identifier for the device; and
      
      determining, by the component for each of the plurality of second requests, whether the corresponding second physical address is valid using the corresponding second error-detecting code comprises;
      
      determining the secret value using the identifier;
      
      generating a hash value using the corresponding second physical address and the secret value;
      
      generating a third signature using at least a portion of the hash value;
      
      generating a third error-detecting code using the third signature and the second physical address;
      
      determining whether the corresponding second error-detecting code and the third error-detecting code are the same; and
      
      determining that the corresponding second physical address is valid in response to determining that the corresponding second error-detecting code and the third error-detecting code are the same.
  - 13. The method of claim 10, wherein:
    - each of the plurality of second requests comprises the corresponding second physical address, the corresponding second error-detecting code, and the identifier for the device; and
      
      determining, by the component for each of the plurality of second requests, whether the corresponding second physical address is valid using the corresponding second error-detecting code comprises;
      
      determining the secret value using the identifier;
      
      generating a third physical address by decrypting the corresponding second physical address using the secret value;
      
      generating a hash value using the third physical address and the secret value;
      
      generating a third signature using at least a portion of the hash value;
      
      generating a third error-detecting code using the third signature and the second physical address;
      
      determining whether the corresponding second error-detecting code and the third error-detecting code are the same; and
      
      determining that the corresponding second physical address is valid in response to determining that the corresponding second error-detecting code and the third error-detecting code are the same.
  - 14. The method of claim 10, wherein generating, for each of the plurality of first requests, the first signature using at least a portion of the hash value comprises generating the first signature using a predetermined quantity of least significant bits from the hash value.
  - 15. The method of claim 10, wherein generating, for each of the plurality of first requests, the first signature using at least a portion of the hash value comprises generating the first signature using all of the hash value.
  - 16. The method of claim 10, wherein generating the hash value using the first physical address and the secret value comprises:
    - determining a cipher text and an authentication tag encrypting the first physical address using the secret value as input to a Galois Message Authentication Code (GMAC) process; and
      
      using the authentication tag as the hash value.
  - 17. The method of claim 10, comprising:
    - determining at least one permission value for the device using the identifier, wherein generating the hash value using the first physical address and the secret value comprises determining the hash value by encrypting the first physical address using the at least one permission value.
  - 18. The method of claim 17, wherein the at least one permission value comprises at least one of a read permission bit, a write permission bit, an execute permission bit, a cacheability bit, a cache level hint bit, a transaction class, or a virtual channel number.
  - 19. The method of claim 1, wherein receiving, from the device, the plurality of second requests comprises:
    - receiving, by a switch chip from the device for each of the plurality of second requests, the corresponding second request;
      
      determining, by the switch chip for each of the plurality of second requests, that the corresponding second request comprises an unknown address; and
      
      sending, by the switch chip for each of the plurality of second requests, the corresponding second request to the component.
  - 20. The method of claim 1, wherein determining, by the component for each of the plurality of second requests, whether the corresponding second physical address is valid using the corresponding second error-detecting code comprises:
    - validating, for each of the plurality of second requests, the corresponding second physical address and an integrity of the corresponding one of the plurality of second requests using the error-detecting code value from an error-detecting code field in the corresponding one of the plurality of second requests, wherein the error-detecting code value is generated using a corresponding second signature and a body of the corresponding second request does not include the corresponding second signature.
  - 21. The method of claim 1, wherein servicing, for at least one second request, the corresponding second request comprises:
    - determining that the second request comprises a read request;
      
      providing, by the component, a read request to a second device that is associated with the corresponding second physical address, the read request including the corresponding second error-detecting code;
      
      receiving, from the second device, a second response to the read request, the second response including a destination address and a signature; and
      
      determining whether the destination address is valid using the signature.
  - 22. The method of claim 21, comprising:
    - for each of the at least one second request for which the destination address is determined to be valid using the signature, providing content from the second response to the device; and
      
      for each of the at least one second request for which the destination address is determined to be not valid using the signature, discarding the second response.
  - 23. The method of claim 22, comprising:
    - providing content from the second response to the device for one of the at least one second request; and
      
      discarding the second response for another one of the at least one second request.

24. A system comprising:
- a data processing apparatus; and
  
  a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;
  
  receiving, by the data processing apparatus from a device, a plurality of first requests, each of the plurality of first requests for a corresponding physical address and including a corresponding virtual address;
  
  for each of the plurality of first requests, in response to receiving the respective request from the plurality of first requests;
  
  determining, by the data processing apparatus, a first physical address using the corresponding virtual address;
  
  generating a first signature for the first physical address, the first signature for use to validate the first physical address;
  
  generating a first error-detecting code value for a response to the first request using the first signature and the first physical address, wherein the first error-detecting code value is a different value than the first signature;
  
  generating the response to the first request that comprises i) an error-detecting code field that includes the first error-detecting code value and ii) a body that includes the first physical address and does not include the first signature; and
  
  providing, to the device, the response that includes the first error-detecting code value;
  
  receiving, from the device, a plurality of second requests, each of the plurality of second requests for access to a corresponding second physical address and including a corresponding second error-detecting code;
  
  determining, by the data processing apparatus for each of the plurality of second requests, whether to allow the device access to a memory location identified by the corresponding second physical address based on determining whether the corresponding second physical address is valid using the corresponding second error-detecting code; and
  
  for each second request for which the second physical address is determined to be valid using the second error-detecting code of the corresponding second request, servicing the corresponding second request.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The system of claim 24, wherein generating, for each of the plurality of first requests, the response to the first request comprises generating, for each of the plurality of first requests, the response to the first request that comprises i) an error-detecting code field that includes the first error-detecting code value and the first signature that is different than the first error-detecting code value and ii) a body that includes the first physical address and does not include the first signature.
  - 26. The system of claim 24, comprising:
    - for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request, not servicing the corresponding second request and resetting or halting the device.
  - 27. The system of claim 24, comprising:
    - for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request, not servicing the corresponding second request and changing a secret value for the device.
  - 28. The system of claim 24, comprising:
    - for each second request for which the second physical address is determined to be not valid using the second error-detecting code of the corresponding second request, not servicing the corresponding second request and disabling the device'"'"'s access to a memory.

29. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving, by the data processing apparatus from a device, a plurality of first requests, each of the plurality of first requests for a corresponding physical address and including a corresponding virtual address;
  
  for each of the plurality of first requests, in response to receiving the respective request from the plurality of first requests;
  
  determining, by the data processing apparatus, a first physical address using the corresponding virtual address;
  
  generating a first signature for the first physical address, the first signature for use to validate the first physical address;
  
  generating a first error-detecting code value for a response to the first request using the first signature and the first physical address, wherein the first error-detecting code value is a different value than the first signature;
  
  generating the response to the first request that comprises i) an error-detecting code field that includes the first error-detecting code value and a body that includes the first physical address and does not include the first signature; and
  
  providing, to the device, a response that includes the first error-detecting code value;
  
  receiving, from the device, a plurality of second requests, each of the plurality of second requests for access to a corresponding second physical address and including a corresponding second error-detecting code;
  
  determining, by the data processing apparatus for each of the plurality of second requests, whether to allow the device access to a memory location identified by the corresponding second physical address based on determining whether the corresponding second physical address is valid using the corresponding second error-detecting code; and
  
  for each second request for which the second physical address is determined to be valid using the second error-detecting code of the corresponding second request, servicing the corresponding second request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Serebrin, Benjamin C.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Stoica, Adrian

Application Number

US14/867,250
Publication Number

US 20160344731A1
Time in Patent Office

701 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1081   for peripheral access to ma...

G06F 12/1408   by using cryptography for d...

G06F 12/1475   in a virtual system, e.g. w...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/164   at the network layer

H04L 9/3247   involving digital signatures

Address validation using signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Address validation using signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links