Method and apparatus for addressing a memory containing different bit-length field variables
US-2015234750-A1 · Aug 20, 2015 · US
Cryptographic pointer address encoding
US9811479B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9811479-B2 |
| Application number | US-201615257544-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 6, 2016 |
| Priority date | Sep 26, 2014 |
| Publication date | Nov 7, 2017 |
| Grant date | Nov 7, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computing device to secure indirect addresses, the computing device comprising: one or more memory devices; a processor coupled to the one or more memory devices, wherein the processor includes address encoding logic to: receive, from a computer program, a request to allocate a block of memory of the one or more memory devices to the computer program; determine, in response to the request, an indirect address to the block of memory; encode, in a subset of the indirect address, metadata indicative of access permissions to the block of memory; and provide the indirect address to the computer program. 2. The computing device of claim 1 , wherein to encode, in a subset of the indirect address, the metadata comprises to: select a set of the most significant bits of the indirect address; and encode the metadata in the selected set of the most significant bits. 3. The computing device of claim 1 , wherein the processor is further to: receive a request to access the block of memory, wherein the request includes the indirect address; and determine, as a function of the metadata encoded in the indirect address, whether the request to access the block of memory is authorized. 4. The computing device of claim 3 , wherein the processor is further to deny, in response to a determination that the request to access the block of memory is unauthorized, the request. 5. The computing device of claim 3 , wherein the processor is further to provide, in response to a determination that the request to access the block of memory is authorized, access to the block of memory. 6. The computing device of claim 1 , wherein the processor is further to: store a secret key; and encrypt a portion of the indirect address as a function of the secret key. 7. The computing device of claim 1 , wherein to encode the metadata comprises to encode valid address range data indicative of a size of the block of memory. 8. The computing device of claim 1 , wherein the processor is further to encrypt a portion of the indirect address with a tweakable block cipher with a secret key and with a code block identifier as a tweak, wherein the code block identifier is indicative of a block of code of the computer program. 9. The computing device of claim 1 , wherein the processor is further to: receive a request to access the block of memory; obtain, in response to the request to access the block of memory, the encoded indirect address; and decrypt an encrypted portion of the encoded indirect address using a secret key and a tweak. 10. The computing device of claim 9 , wherein the processor is further to remove the metadata from the indirect address to return the indirect address an original form. 11. One or more non-transitory machine readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, cause a computing device to: receive, from a computer program, a request to allocate a block of memory of one or more memory devices to the computer program; determine, in response to the request, an indirect address to the block of memory; encode, in a subset of the indirect address, metadata indicative of access permissions to the block of memory; and provide the indirect address to the computer program. 12. The one or more non-transitory machine readable storage media of claim 11 , wherein to encode, in a subset of the indirect address, the metadata comprises to: select a set of the most significant bits of the indirect address; and encode the metadata in the selected set of the most significant bits. 13. The one or more non-transitory machine readable storage media of claim 11 , wherein the instructions, when executed, further cause the computing device to: receive a request to access the block of memory, wherein the request includes the indirect address; and determine, as a function of the metadata encoded in the indirect address, whether the request to access the block of memory is authorized. 14. The one or more non-transitory machine readable storage media of claim 13 , wherein the instructions, when executed, further cause the computing device to deny, in response to a determination that the request to access the block of memory is unauthorized, the request. 15. The one or more non-transitory machine readable storage media of claim 13 , wherein the instructions, when executed, further cause the computing device to provide, in response to a determination that the request to access the block of memory is authorized, access to the block of memory. 16. The one or more non-transitory machine readable storage media of claim 11 , wherein the instructions, when executed, further cause the computing device to: store a secret key; and encrypt a portion of the indirect address as a function of the secret key. 17. The one or more non-transitory machine readable storage media of claim 11 , wherein to encode the metadata comprises to encode valid address range data indicative of a size of the block of memory. 18. The one or more non-transitory machine readable storage media of claim 11 , wherein the instructions, when executed, further cause the computing device to encrypt a portion of the indirect address with a tweakable block cipher with a secret key and with a code block identifier as a tweak, wherein the code block identifier is indicative of a block of code of the computer program. 19. The one or more non-transitory machine readable storage media of claim 11 , wherein the instructions, when executed, further cause the computing device to: receive a request to access the block of memory; obtain, in response to the request to access the block of memory, the encoded indirect address; and decrypt an encrypted portion of the encoded indirect address using a secret key and a tweak. 20. A method for securing indirect addresses comprising: receiving, by a processor, from a computer program, a request to allocate a block of memory of one or more memory devices to the computer program; determining, by the processor and in response to the request, an indirect address to the block of memory; encoding, by the processor and in a subset of the indirect address, metadata indicative of access permissions to the block of memory; and providing, by the processor, the indirect address to the computer program.
Assignees
Inventors
Classifications
involving covert channels, i.e. data leakage between processes (inhibiting the analysis of circuitry or operation with measures against power attack G06F21/755) · CPC title
Vulnerability analysis · CPC title
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
in cryptographic circuits · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9811479B2 cover?
- A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).