Accessing private data about the state of a data processing machine from storage that is publicly accessible
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/30
G06F-012/14
G06F-021/71
G06F-021/78
출원번호
US-0836863
(2013-03-15)
등록번호
US-9087000
(2015-07-21)
발명자
/ 주소
Robinson, Scott H.
Espinosa, Gustavo P.
Bennett, Steven M.
출원인 / 주소
Intel Corporation
대리인 / 주소
Lane, Thomas R.
인용정보
피인용 횟수 :
2인용 특허 :
200
초록▼
According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written
According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written is encoded. This state data may be recovered from the storage according to a decoding process. Other embodiments are also described and claimed.
대표청구항▼
1. A method for operating a data processing machine, comprising: applying by a processor an encoding process to private-state data of said processor, where the private-state data captures a state of the processor;writing, to a location in storage, said encoded private-state data, the location being
1. A method for operating a data processing machine, comprising: applying by a processor an encoding process to private-state data of said processor, where the private-state data captures a state of the processor;writing, to a location in storage, said encoded private-state data, the location being one that is accessible to software written for the processor; andreading by the software the encoded private-state data from the storage using an instruction that causes the processor to decode the encoded private-state data and store the decoded private-state data in a private-state area accessible to software only by using the instruction; wherein the private-state data refers to one of content of an internal register of the processor that is not explicitly identified in an instruction manual for the processor, and content of an internal register of the processor that is explicitly identified in the instruction manual but is stored in one of a format and a location that is not explicitly identified in the instruction manual. 2. The method of claim 1 wherein the encoding process is to thwart an attempt at recovering the private-state data from the storage by a second process different from the decoding process. 3. The method of claim 1 wherein the encoding process is configured to cause an author of the software to apply, in writing said software, a technique prescribed by a manufacturer of the processor for accessing the private-state data from storage rather than circumventing said technique. 4. The method of claim 1 wherein the private-state data is written to one of a publicly accessible location in a register file of the processor, cache, and memory. 5. The method of claim 1 wherein during the encoding process the location of written contents of a given internal register of the processor changes arbitrarily at least once, while repeating the applying and the writing. 6. The method of claim 1 wherein during the encoding process a storage format of written contents of a given internal register of the processor changes arbitrarily at least once between big-endian and little-endian, while repeating the applying and the writing. 7. The method of claim 1 wherein during the encoding process a cipher is applied to the contents of a given internal register to produce an encoded value which is then written to the location in storage. 8. The method of claim 1 further comprising storing recovered state data in a private storage of the processor. 9. An apparatus for operating a data processing machine, comprising: a data processing machine having a private internal state, the internal state to change as the data processing machine executes instructions provided to itself as part of a program, wherein the data processing machine is to encode data about the internal state and write the encoded state data to a location in a storage unit, wherein the location is readable by an instruction set architecture of the data processing machine using an instruction that causes the data processing machine to decode the encoded state data and store the decoded state data in a private state area accessible to software only by using the instruction;wherein the data about the internal state refers to one of content of an internal register of the data processing machine that is not explicitly identified in an instruction manual for the data processing machine, and content of an internal register of the data processing machine that is explicitly identified in the instruction manual but is stored in one of a format and a location that is not explicitly identified in the instruction manual. 10. The apparatus of claim 9 wherein the data processing machine is a processor that has a special read micro-operation, to be used when the processor is to recover said state data from the storage unit. 11. The apparatus of claim 10 wherein the processor further includes an internal cache and is to also write the encoded state data to a public location in the cache. 12. The apparatus of claim 10 wherein the processor is to recover the state data and write the recovered state data to a private location in the processor. 13. The apparatus of claim 10 wherein the processor is to recover the state data and configure itself with the recovered state data in preparation for resuming execution of a suspended task. 14. The apparatus of claim 10 wherein the processor comprises a manufacturer-defined instruction that, when executed by the processor, recovers the state data from the storage unit. 15. The apparatus of claim 9 wherein the data processing machine is a processor for which a special micro-operation is defined for accessing the encoded state data from the storage unit, and wherein the processor further comprises an address obfuscation unit to receive an address value associated with given state data of the processor, the address value having been derived from a dispatch of the special micro-operation, the obfuscation unit to provide an encoded, physical address value that points to the actual location in the storage unit where the given state data is stored. 16. The apparatus of claim 9 wherein the data processing machine is a processor for which a hardware control signal is defined for accessing the encoded data from the storage unit, and wherein the processor further comprises an internal cache, a data conversion unit to receive a data value from the internal cache as a result of a cache hit derived from the hardware control signal, the conversion unit to decode the data value into actual state data of the processor. 17. A computer system comprising: a processor; anda main memory communicatively coupled to the processor and having a public region designated to store the processor's private-state data in encoded form, the instruction set architecture of the processor including an instruction to decode and read said the private-state data from the public region;wherein the private-state data refers to one of content of an internal register of the processor that is not explicitly identified in an instruction manual for the processor, and content of an internal register of the processor that is explicitly identified in the instruction manual but is stored in one of a format and a location that is not explicitly identified in the instruction manual. 18. The system of claim 17 wherein the processor encodes the private-state data prior to storing it to the public region. 19. The system of claim 17 wherein the processor decodes a value read from the public region prior to using it. 20. The system of claim 17 wherein the processor further includes an internal storage unit in which a public region is designated to store a copy of said private-state data in encoded form. 21. The system of claim 20 wherein the internal storage unit is one of a cache and a register file. 22. The system of claim 20 wherein a private region is designated in the internal storage unit to store said private-state data in unencoded form. 23. The system of claim 20 further comprising a system chipset communicatively coupling the processor to the main memory. 24. A method for operating a data processing machine, comprising: encoding private state data about a state of the data processing machine; and writing, to a location in storage, the encoded private state data, the location being readable to software that is running on the data processing machine using an instruction that causes the data processing machine to decode the encoded private state data and store the decoded private state data in a private state area accessible to software only by using the instruction;wherein the private state data refers to one of content of an internal register of the data processing machine that is not explicitly identified in an instruction manual for the data processing machine, and content of an internal register of the data processing machine that is explicitly identified in the instruction manual but is stored in a format or location that is not explicitly identified in the instruction manual. 25. The method of claim 24, wherein the encoding comprises ciphering a value of the private state data to yield said encoded private state data. 26. The method of claim 24, wherein the private state data about the state of the data processing machine is one of a register value and a value from the storage. 27. The method of claim 24, wherein the encoding comprises address encoding to obfuscate an address value of the private state data. 28. The method of claim 24 further comprising recovering the private state data from the storage according to a decoding process. 29. The method of claim 28 wherein the recovering comprises reading a plurality of values from memory; and combining the read plurality of values to form a single unencoded value of said private state data. 30. The method of claim 28 wherein the recovering comprises reading a plurality values from one or more discontiguous locations of memory; combining the read plurality values to form a single value; and decoding the single value to form an unencoded value of said private state data. 31. The method of claim 28 further comprising storing the recovered private state data in a private storage of the data processing machine.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (200)
Ryba Edward G. (Milpitas CA) Lipman Peter H. (Cupertino CA) Connell Jefferson J. (Cupertino CA) Weiss David (Palo Alto CA), Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB).
Gannon Patrick M. (Poughkeepsie NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Murray Robert E. (Woodstock NY), Apparatus and method for TLB purge reduction in a multi-level machine system.
Bealkowski Richard (Delray Beach FL) Blackledge ; Jr. John W. (Boca Raton FL) Cronk Doyle S. (Boca Raton FL) Dayan Richard A. (Boca Raton FL) Dixon Jerry D. (Boca Raton FL) Kinnear Scott G. (Boca Rat, Apparatus and method for preventing unauthorized access to BIOS in a personal computer system.
Brelsford David P. (Hyde Park NY) Cutler Melvin M. (Los Angeles CA) Lafitte Jean-Louis (Moens NY FRX) Gdaniec Joseph M. (Hyde Park NY) Osisek Damian L. (Vestal NY) Plambeck Kenneth E. (Poughkeepsie N, Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virt.
Heller Andrew R. (Morgan Hill CA) Worley ; Jr. William S. (Endicott NY), Authorization mechanism for transfer of program control or data between different address spaces having different storag.
Sachs Howard G. (Los Altos CA) Cho James Y. (Los Gatos CA), Cache providing caching/non-caching write-through and copyback modes for virtual addresses and including bus snooping to.
Jensen,Michael Gottlieb; Stribaek,Morten, Changing instruction set architecture mode by comparison of current instruction execution address with boundary address register values.
Ermolovich Thomas R. (Lexington MA) Stewart Robert E. (Stow MA) Leonard Judson S. (Acton MA) Cutler David N. (Nashua NH), Communications device for data processing system.
Satou Mitsugu,JPX ; Iwata Shunichi,JPX, Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple isolated memories in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple memory zones in an isolated execution environment.
Curtis, Bryce Allen, Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment.
Morley Richard E. (Greenville NH), Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and met.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Executing isolated mode instructions in a secure system running in privilege rings.
Nakamura Kouji,JPX, Exposure apparatus, output control method for energy source, laser device using the control method, and method of producing microdevice.
Adams Phillip M. (Parowan UT) Holmstron Larry W. (Salt Lake City UT) Jacob Steve A. (South Weber UT) Powell Steven H. (Ogden UT) Condie Robert F. (Tuscon AZ) Culley Martin L. (Tuscon AZ), Kernels, description tables, and device drivers.
Johnson James Scott (Fort Worth TX) Short Tim (Duncanville TX) Intrater Gideon (Sunnyvale CA), Memory management circuit which provides simulated privilege levels.
Barnett Philip C.,GBX, Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges.
Chemin Francois (Plaisir FRX) Ugon Michel (Maurepas FRX), Method and apparatus for certifying services obtained using a portable carrier such as a memory card.
Harold L. McFarland ; David R. Stiles ; Korbin S. Van Dyke ; Shrenik Mehta ; John Gregory Favor ; Dale R. Greenley ; Robert A. Cargnoni, Method and apparatus for debugging an integrated circuit.
Miller David A. ; Jansen Kenneth A. ; Culley Paul R. ; Taylor Mark ; Izquierdo Javier F., Method and apparatus for independently resetting processors and cache controllers in multiple processor systems.
Cotichini Christian,CAX ; Cain Fraser,CAX ; Ashworth David G.,CAX ; Livingston Peter Michael Bruce,CAX ; Solymar Gabor,CAX ; Gardner Philip B.,CAX ; Woinoski Timothy S.,CAX, Method and apparatus to monitor and locate an electronic device using a secured intelligent agent.
Luiz Fernando A. (Monte Sereno CA) Snyder Harlan C. (Saratoga CA) Sorg ; Jr. John H. (Los Gatos CA), Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system.
Kahle James Allan ; Loper Albert J. ; Mallick Soummya ; Ogden Aubrey Deene ; Sell John Victor, Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions w.
Hazard Michel (Mareil/Mauldre FRX) Ugon Michel (Maurepas FRX), Method for authenticating an external authorizing datum by a portable object, such as a memory card.
Melo Michael D. (Billerica MA), Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 8048.
Hazard Michel (Mareil/Mauldre FRX), Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a trans.
Ugon Michel (Maurepas FRX) Oisel Andr (Elancourt FRX), Method for checking the integrity of a program or data, and apparatus for implementing this method.
Greenstein Paul Gregory ; Guyette Richard Roland ; Rodell John Ted, Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for.
Panwar Ramesh ; Chamdani Joseph I., Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency.
Scalzi Casper A. (Poughkeepsie NY) Starke William J. (Austin TX), Method of using a target processor to execute programs of a source architecture that uses multiple address spaces.
Ganapathy Narayanan ; Stevens Luis F. ; Schimmel Curt F., Method, system and computer program product for dynamically allocating large memory pages of different sizes.
Eugene Feng ; Gary Phillips, Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space.
Grimmer ; Jr. George G. ; Rhoades Michael W., Microcontroller with security logic circuit which prevents reading of internal memory by external program.
Goetz John W. ; Mahin Stephen W. ; Bergkvist John J., Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set archi.
Blomgren James S. (San Jose CA) Bracking Jimmy (San Jose CA) Richter David (San Jose CA) Spahn Francis (El Cerrito CA), Microprocessor with operation capture facility.
Hough Roger E. (Austin TX) Murray Robert E. (Kingston NY), Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals.
McDonald, Michael F.; Arora, Sumeet; Chu, Mark, Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore.
Reardon David C., Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place.
Neufeld E. David (Tomball TX), Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data trans.
Provanzano Salvatore R. (Melrose MA) Aldrich Wilbert H. (Winchester MA) D\Angelo Robert A. (Windham NH) Drottar Emil P. (Ipswich MA) Finnegan ; Jr. John J. (Hudson NH) Heom James (Bedford MA) Hill La, Programmable controller.
Robinson Paul T. (Arlington MA) Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA), Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces.
John K. Gee ; David A. Greve ; David S. Hardin ; Allen P. Mass ; Michael H. Masters ; Nick M. Mykris ; Matthew M. Wilding, Real time processor capable of concurrently running multiple independent JAVA machines.
Goire Christian (Les Clayes Sous Bois FRX) Sigaud Alain (Elancourt FRX) Moyal Eric (Paris FRX), Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal.
Browne Hendrik A., Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device.
Mark J. Foster ; Saifuddin T. Fakhruddin ; James L. Walker ; Matthew B. Mendelow ; Jiming Sun ; Rodman S. Brahman ; Michael P. Krau ; Brian D. Willoughby ; Michael D. Maddix ; Steven L. Belt, Suspend/resume capability for a protected mode microprocesser.
Hudson Jerome D. ; Champagne Jean-Paul,FRX ; Galindo Mary A. ; Hickerson Cynthia M. K. ; Hickman Donna R. ; Lockhart Robert P. ; Saddler Nancy B. ; Stange Patricia A., System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential.
Angelo Michael F. ; Olarig Sompong P. ; Wooten David R. ; Driscoll Dan J., System and method for performing secure device communications in a peer-to-peer bus architecture.
Inoue Taro (Sagamihara JPX) Umeno Hidenori (Kanagawa JPX) Tanaka Shunji (Sagamihara JPX) Yamamoto Tadashi (Kanagawa JPX) Ohtsuki Toru (Hadano JPX), System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard T. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant player for scrambled contents.
Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA) Robinson Paul T. (Arlington MA) Witek Richard T. (Littleton MA), Translation buffer for virtual machines with address space match.
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.