专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07739498B2 Method and apparatus for multi-table accessing of input/output devices using target security 有权
标题翻译：使用目标安全性对输入/输出设备进行多表访问的方法和装置
公开(公告)号：US07739498B2
公开(公告)日：2010-06-15
申请号：US10047188
申请日：2002-01-15
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： H04L9/32
CPC分类号： G06F12/1491
摘要： A method and an apparatus for performing an I/O device access using targeted security. A software object is executed. A security level for the software object is established. A multi-table input/output (I/O) space access is performed using at least one of the security levels. The function of the object is executed.
摘要翻译：一种使用目标安全性执行I / O设备访问的方法和装置。执行软件对象。建立软件对象的安全级别。使用至少一个安全级别来执行多表输入/输出（I / O）空间访问。执行对象的功能。

2. 发明授权

US07426644B1 System and method for handling device accesses to a memory providing increased memory access security 有权
标题翻译：用于处理对存储器的设备访问的系统和方法，其提供增加的存储器访问安全性
公开(公告)号：US07426644B1
公开(公告)日：2008-09-16
申请号：US10011151
申请日：2001-12-05
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
IPC分类号： G06F21/00 , G06F21/22
CPC分类号： G06F12/1441 , G06F12/1491
摘要： A host bridge is described including a memory controller and a security check unit. The memory controller is adapted for coupling to a memory storing data arranged within a multiple memory pages. The memory controller receives memory access signals (e.g., during a memory access), and responds to the memory access signals by accessing the memory. The security check unit receives the memory access signals, wherein the memory access signals convey a physical address within a target memory page. The security check unit uses the physical address to access one or more security attribute data structures located in the memory to obtain a security attribute of the target memory page. The security check unit provides the memory access signals to the memory controller dependent upon the security attribute of the target memory page. A computer system is described including a memory storing data arranged within a multiple memory pages, a device operably coupled to the memory and configurable to produce memory access signals, the above described host bridge. The computer system may have, for example, a central processing unit (CPU) including a memory management unit (MMU) operably coupled to the memory and configured to manage the memory. The memory management unit (MMU) may manage the memory such that the memory stores the data arranged within the multiple memory pages. A method is disclosed for providing access security for a memory used to store data arranged within a multiple memory pages.
摘要翻译：描述了主桥，包括存储器控制器和安全检查单元。存储器控制器适于耦合到存储多个存储器页中布置的数据的存储器。存储器控制器接收存储器访问信号（例如，在存储器访问期间），并且通过访问存储器来响应存储器访问信号。安全检查单元接收存储器访问信号，其中存储器访问信号传达目标存储器页面内的物理地址。安全检查单元使用物理地址访问位于存储器中的一个或多个安全属性数据结构，以获得目标存储器页面的安全属性。安全检查单元根据目标存储器页面的安全属性向存储器控制器提供存储器访问信号。描述了一种计算机系统，包括存储布置在多个存储器页内的数据的存储器，可操作地耦合到存储器并且可配置为产生存储器访问信号的设备，上述主机桥。计算机系统可以具有例如包括可操作地耦合到存储器并被配置为管理存储器的存储器管理单元（MMU）的中央处理单元（CPU）。存储器管理单元（MMU）可以管理存储器，使得存储器存储布置在多个存储器页面中的数据。公开了一种用于提供用于存储布置在多个存储器页内的数据的存储器的访问安全性的方法。

3. 发明授权

US08051301B2 Memory management system and method providing linear address based memory access security 有权
标题翻译：内存管理系统和方法提供基于线性地址的内存访问安全性
公开(公告)号：US08051301B2
公开(公告)日：2011-11-01
申请号：US10010161
申请日：2001-11-13
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： G06F11/30
CPC分类号： G06F12/1491 , G06F12/1054 , G06F12/109 , G06F12/1483
摘要： A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a plurality of memory pages. The MMU includes a security check unit (SCU) receiving a linear address generated during execution of a current instruction. The linear address has a corresponding physical address residing within a selected memory page. The SCU uses the linear address to access one or more security attribute data structures located in the memory to obtain a security attribute of the selected memory page. The SCU compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU accesses the selected memory page dependent upon the output signal.
摘要翻译：公开了一种存储器管理单元（MMU），用于管理存储布置在多个存储器页内的数据的存储器。 MMU包括接收当前指令执行期间生成的线性地址的安全检查单元（SCU）。线性地址具有驻留在选择的存储器页内的对应物理地址。 SCU使用线性地址访问位于存储器中的一个或多个安全属性数据结构，以获得所选存储器页的安全属性。 SCU将由当前指令的安全属性传递的数值与由所选存储器页的安全属性传送的数值相比较，并且根据比较结果产生输出信号。 MMU根据输出信号访问所选择的存储器页面。

4. 发明授权

US07698522B1 Method and apparatus for linear address based page level security scheme to determine current security context 有权
标题翻译：基于线性地址的页面级安全方案的方法和装置，用于确定当前的安全上下文
公开(公告)号：US07698522B1
公开(公告)日：2010-04-13
申请号：US10044667
申请日：2002-01-11
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： G06F13/00 , G06F9/26 , H04L29/06
CPC分类号： G06F12/1491 , G06F12/145
摘要： A method and an apparatus for performing a virtual address based memory access. A software object is executed. A security level for the software object is established. A virtual address based memory access is performed using at least one of the security levels. The function of the object is executed based upon the virtual address based memory access.
摘要翻译：一种用于执行基于虚拟地址的存储器访问的方法和装置。执行软件对象。建立软件对象的安全级别。使用至少一个安全级别来执行基于虚拟地址的存储器访问。基于基于虚拟地址的存储器访问来执行对象的功能。

5. 发明授权

US07865948B1 Method and apparatus for restricted execution of security sensitive instructions 有权
标题翻译：用于限制执行安全敏感指令的方法和装置
公开(公告)号：US07865948B1
公开(公告)日：2011-01-04
申请号：US10005248
申请日：2001-12-03
申请人： Brian C. Barnes , Rodney W. Schmidt , Geoffrey S. Strongin
发明人： Brian C. Barnes , Rodney W. Schmidt , Geoffrey S. Strongin
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： G06F9/30145 , G06F9/30181 , G06F21/52 , G06F21/53 , G06F21/54 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149
摘要： A method and apparatus for restricting the execution of security sensitive instructions. A first security identification (ID) is associated with each of a plurality of instructions or a set of instructions that are to be executed by a processor. Software code running on the processor requests to execute at least one of the plurality of instructions or set of instructions. The processor obtains a second security ID associated with the software code running thereon and compares the second security ID with the first security ID. The processor executes the requested instruction or set of instructions providing that the second security ID matches the first security ID.
摘要翻译：一种限制安全敏感指令执行的方法和装置。第一安全标识（ID）与要由处理器执行的多个指令或一组指令中的每一个相关联。在处理器上运行的软件代码请求执行多个指令或指令集中的至少一个。处理器获得与其上运行的软件代码相关联的第二安全ID，并将第二安全ID与第一安全ID进行比较。处理器执行请求的指令或指令集，条件是第二安全ID与第一安全ID相匹配。

6. 发明授权

US07451324B2 Secure execution mode exceptions 有权
标题翻译：安全执行模式例外
公开(公告)号：US07451324B2
公开(公告)日：2008-11-11
申请号：US10161500
申请日：2002-05-31
申请人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin , David S. Christie
发明人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin , David S. Christie
IPC分类号： G06F21/22
CPC分类号： G06F21/53 , G06F21/71 , G06F2221/2153
摘要： A method and system for handling a security exception. The method includes creating a security exception stack frame in secure memory at a base address. The method also includes writing a faulting code sequence address and one or more register values into the security exception stack frame, and executing a plurality of security exception instructions.
摘要翻译：一种处理安全异常的方法和系统。该方法包括在基地址的安全存储器中创建安全异常堆栈帧。该方法还包括将故障代码序列地址和一个或多个寄存器值写入到安全异常堆栈帧中，以及执行多个安全异常指令。

7. 发明授权

US06854039B1 Memory management system and method providing increased memory access security 失效
标题翻译：内存管理系统和方法提供更高的内存访问安全性
公开(公告)号：US06854039B1
公开(公告)日：2005-02-08
申请号：US10005271
申请日：2001-12-05
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
IPC分类号： G06F12/14 , G06F12/00
CPC分类号： G06F12/145 , G06F12/1491
摘要： A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a multiple memory pages. The memory management unit includes a security check receiving a physical address within a selected memory page, and security attributes of the selected memory page. The security check unit uses the physical address to access one or more security attribute data structures located in the memory to obtain an additional security attribute of the selected memory page. The security check unit generates a fault signal dependent upon the security attributes of selected memory page and the additional security attribute of the selected memory page. The security attributes of the selected memory page may include a user/supervisor (U/S) bit and a read/write (R/W) bit as defined by the ×86 processor architecture. The one or more security attribute data structures may include a security attribute table directory and one or more security attribute tables. The security attribute table directory may include multiple entries, and each entry of the security attribute table directory may include a present bit and a security attribute table base address field. A central processing unit (CPU) is described including the memory management unit (MMU), and a computer system is disclosed including the CPU. A method is described for providing access security for a memory used to store data arranged within multiple memory pages.
摘要翻译：公开了一种用于管理存储多个存储器页中布置的数据的存储器管理单元（MMU）。存储器管理单元包括接收所选存储器页面内的物理地址的安全检查以及所选存储器页的安全属性。安全检查单元使用物理地址来访问位于存储器中的一个或多个安全属性数据结构，以获得所选存储器页的附加安全属性。安全检查单元根据所选择的存储器页面的安全属性和所选择的存储器页面的附加安全属性生成故障信号。所选存储器页面的安全属性可以包括由x86处理器架构定义的用户/管理器（U / S）位和读/写（R / W）位。一个或多个安全属性数据结构可以包括安全属性表目录和一个或多个安全属性表。安全属性表目录可以包括多个条目，并且安全属性表目录的每个条目可以包括当前位和安全属性表基地址字段。描述了包括存储器管理单元（MMU）的中央处理单元（CPU），并且公开了包括CPU的计算机系统。描述了一种用于提供用于存储布置在多个存储器页内的数据的存储器的访问安全性的方法。

8. 发明授权

US07493498B1 Input/output permission bitmaps for compartmentalized security 有权
标题翻译：用于区隔安全性的输入/输出权限位图
公开(公告)号：US07493498B1
公开(公告)日：2009-02-17
申请号：US10107784
申请日：2002-03-27
申请人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
发明人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
IPC分类号： G06F12/14
CPC分类号： G06F21/52 , G06F12/1483 , G06F12/1491
摘要： A method and apparatus for selectively executing an I/O instruction. The method includes creating an I/O permission bitmap in a memory and receiving an I/O port number and a security context identification (SCID) value. The method also includes using the SCID value and the I/O port number to access the I/O permission bitmap stored to obtain a permission bit corresponding to the I/O port and executing the I/O instruction dependent upon a value of the permission bit corresponding to the I/O port. The I/O permission bitmap includes a plurality of permission bits. Each of the permission bits corresponds to a different one of a plurality of I/O ports. Each of the permission bits has a value indicating whether access to the corresponding I/O port is allowed. The I/O port number indicates the I/O port referenced by the I/O instruction. The SCID value indicates a security context level of a memory location including the I/O instruction.
摘要翻译：一种用于选择性地执行I / O指令的方法和装置。该方法包括在存储器中创建I / O许可位图并接收I / O端口号和安全上下文标识（SCID）值。该方法还包括使用SCID值和I / O端口号来访问存储的I / O许可位图，以获得对应于I / O端口的许可位，并根据许可的值执行I / O指令位对应于I / O端口。 I / O许可位图包括多个许可位。每个许可位对应于多个I / O端口中的不同的一个。每个许可位具有指示是否允许对对应的I / O端口的访问的值。 I / O端口号表示I / O指令引用的I / O端口。 SCID值指示包括I / O指令的存储器位置的安全上下文级别。

9. 发明授权

US06889308B1 Method and apparatus for protecting page translations 失效
标题翻译：用于保护页面翻译的方法和装置
公开(公告)号：US06889308B1
公开(公告)日：2005-05-03
申请号：US10051448
申请日：2002-01-18
申请人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
发明人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
IPC分类号： G06F12/10 , G06F12/14 , G06F12/00
CPC分类号： G06F12/145 , G06F12/10
摘要： In one aspect of the present invention, an apparatus for converting a virtual address to a physical address is provided. The apparatus comprises a comparator, a first mechanism, and a second mechanism. The comparator is adapted to receive the virtual address and deliver a first signal indicating that the virtual address is outside a first preselected range, and a second signal indicating that the virtual address is within the first preselected range. The first mechanism is adapted to generate a first physical address from the virtual address in response to receiving the first signal, and the second mechanism is adapted to generate a second physical address from the virtual address in response to receiving the second signal.
摘要翻译：在本发明的一个方面，提供一种用于将虚拟地址转换为物理地址的装置。该装置包括比较器，第一机构和第二机构。比较器适于接收虚拟地址并传送指示虚拟地址在第一预选范围之外的第一信号，以及指示虚拟地址在第一预选范围内的第二信号。第一机制适于响应于接收到第一信号而从虚拟地址生成第一物理地址，并且第二机制适于响应于接收第二信号而从虚拟地址生成第二物理地址。

10. 发明授权

US06823433B1 Memory management system and method for providing physical address based memory access security 有权
标题翻译：用于提供基于物理地址的内存访问安全性的内存管理系统和方法
公开(公告)号：US06823433B1
公开(公告)日：2004-11-23
申请号：US10010569
申请日：2001-11-13
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： G06F1208
CPC分类号： G06F12/1491
摘要： A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a plurality of memory pages. The MMU includes a security check unit (SCU) receiving a physical address generated during execution of a current instruction. The physical address resides within a selected memory page. The SCU uses the physical address to access one or more security attribute data structures located in the memory to obtain a security attribute of the selected memory page, compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU accesses the selected memory page dependent upon the output signal. The security attribute of the selected memory page may include a security context identification (SCID) value indicating a security context level of the selected memory page. The security attribute of the current instruction may include an SCID value indicating a security context level of a memory page containing the current instruction. A central processing unit (CPU) is described including an execution unit and the MMU. A computer system is described including the memory, the CPU, and the MMU. A method is described for providing access security for a memory used to store data arranged within a plurality of memory pages. The method may be embodied within the MMU.
摘要翻译：公开了一种存储器管理单元（MMU），用于管理存储布置在多个存储器页内的数据的存储器。 MMU包括接收当前指令执行期间产生的物理地址的安全检查单元（SCU）。物理地址驻留在选定的存储器页面中。 SCU使用物理地址来访问位于存储器中的一个或多个安全属性数据结构，以获得所选择的存储器页面的安全属性，将由当前指令的安全属性传递的数值与由所选择的存储器页面的安全属性，并且根据比较的结果产生输出信号。 MMU根据输出信号访问所选择的存储器页面。所选择的存储器页面的安全属性可以包括指示所选择的存储器页面的安全上下文级别的安全上下文标识（SCID）值。当前指令的安全属性可以包括指示包含当前指令的存储器页的安全上下文级别的SCID值。描述包括执行单元和MMU的中央处理单元（CPU）。描述了包括存储器，CPU和MMU的计算机系统。描述了一种用于提供用于存储布置在多个存储器页内的数据的存储器的访问安全性的方法。该方法可以体现在MMU内。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式