Managing cache memory in a parallel processing environment
US-9639487-B1 · May 2, 2017 · US
Secure memory implementation for secure execution of virtual machines
US10296741B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10296741-B2 |
| Application number | US-201715661057-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 27, 2017 |
| Priority date | Jul 27, 2017 |
| Publication date | May 21, 2019 |
| Grant date | May 21, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer system comprising: a hardware processor to process data in a first mode and a second mode, and send commands to a chip interconnect bus using real addresses, wherein the chip interconnect bus transports a number of bits for the real addresses, wherein the chip interconnect bus is larger than a number of bits needed for a maximum memory range supported by the computer system, and wherein a first portion of the bits for real addresses which are not in the range of the supported maximum memory range is used to indicate whether to operate in the first mode or the second mode creating a memory address hole; a memory controller operatively coupled to a memory component; the hardware processor further is capable of performing a method comprising: specifying a secure memory range by using range registers; responsive to determining that the real address is detected to be in the secure memory range to match a memory component address, setting a real address bit; responsive to determining that the real address is in the memory address hole, detecting a security access violation; and responsive to determining that the real address is not in the secure address range and the real address bit is set, detecting the security access violation. 2. The computer system of claim 1 , wherein the chip interconnect bus operatively coupled to bus slaves which are configured to be part of a secure memory or a normal memory, in accordance with the each of the bus slaves trusted or non-trusted functionality specified by the real address bit stored in a register. 3. The computer system of claim 2 , wherein the hardware processor further is capable of performing a method comprising: responsive to determining that the real address bit is set to a first value, restricting one of the bus slaves from accessing the secure memory and detecting the security access violation. 4. The computer system of claim 3 , further comprising: a bus master operated, by the hardware processor, to write into the normal memory, wherein the bus master is a component of a base address register and modified to send commands to the chip interconnect bus, and wherein the bus slaves respond to the commands; responsive to an untrusted block initiating the commands, the bus master operated, by the hardware processor, to set one of the bits for the real address to the first value; and responsive to the untrusted block attempting to access secure components, reporting an error. 5. The computer system of claim 1 , wherein the computer system includes a configuration register configured to select the bits of the real addresses, based on the computer system memory configuration. 6. The computer system of claim 5 , wherein the computer system memory configuration is selected from a plurality memory configurations, and wherein one of the plurality of memory configurations does not include a secure memory. 7. The computer system of claim 1 , wherein the first mode is a normal operation mode and the second mode is a secure operation mode. 8. The computer system of claim 1 , wherein the memory component includes dual in-line memory modules (DIMMs), and wherein the memory component includes at least one of: a direct attached memory component and a memory buffer chip.
Assignees
Inventors
Classifications
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
with address mapping · CPC title
- G06F21/556Primary
involving covert channels, i.e. data leakage between processes (inhibiting the analysis of circuitry or operation with measures against power attack G06F21/755) · CPC title
at program execution time, where the protection is within the operating system · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10296741B2 cover?
- An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is spec…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/556. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 21 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).