Protecting software environment in isolated execution

Protecting software environment in isolated execution
US007082615B1
(12)
(54)
United States Patent
(10) Patent N0.:
Ellison et al.
(45) Date of Patent:
PROTECTING SOFTWARE ENVIRONMENT
(56)
Jul. 25, 2006
References Cited
IN ISOLATED EXECUTION
(75)
US 7,082,615 B1
U'S' PATENT DOCUMENTS
Inventors: Carl M. Ellison, Portland, OR (US);
Roger A_ Golliver, Beavenon, OR
3,699,532 A
3,996,449 A
10/ 1972 Schaffer et 81.
12/1976 Attanasio et al.
(US); Howard C. Herbert, Phoenix,
4,037,214 A
71977 Blmley et 31'
AZ (US); Derrick C. Lin, San Mateo,
4’l62’536 A
7 1979 Mgr ey
CA
4,207,609 A
Francis X McKeen
’
' _
’_
6/1980 Lu1Z et a1.
4,247,905 A
1/1981
Portland,
Gllbel‘t Nelger,
POI?and, OR (Us); Ken Reneriss
4,276,594 A
4,278,837 A
6/1981 Morley
7/1981 Best
Yoshlda et 31.
wilbraham, MA (US); James A.
Sutton, Portland, OR (US); Shreekant
4,307,447 A
4,319,233 A
12/1981 Provanzano et a1.
3/1982 Matsuoka et a1.
S. Thakkar, Portland, OR (US);
Millind Mittal, Palo Alto, CA (US)
(Continued)
FOREIGN PATENT DOCUMENTS
(73) Assignee:
Corporation, Santa Clara, CA
DE
4217444
12/1992
(Continued)
( * ) Notice:
Subject' to any disclaimer,~ the term of this
OTHER PUBLICATIONS
patent 15 extended or adjusted under 35
U_S_C_ 154(1)) by 687 days_
“M68040 User’s Manual”, 1993, Motorola Inc., p. 1-5-p.
1-9, p. 1-13-p. 1-20, p. 2-1-p. 2-3, p. 4-1, p. 8-9-p. 8-11.
(21) Appl. No.: 09/668,610
(22) Filed:
(Continued)
Sep. 22, 2000
Primary Examiner4Christopher Revak
Assistant ExamineriKavesh Abrishamkar
Related U.S. Application Data
(74) Attorney, Agent, or FirmiMichael R. Barre
(63) Continuation-in-part of application No. 09/540,946,
?led on Mar. 31, 2000.
(57)
ABSTRACT
The present invention is a method and apparatus to protect
a subset of a software environment. A key generator gener
(51)
Int. C].
(2006.01)
ates an operating system nub key (OSNK). The OSNK is
(52)
U.S. Cl. ...................... .. 726/26; 713/190; 713/ 165;
380/44; 711 /163
unique to an Operating system (OS) nub. The OS nub is part
of an operating system in a secure platform. A usage
(58)
Field of Classi?cation Search .................. .. 713/2,
Protector uses the OSNK IO Promot usage Of a subset Of the
G06F 7/04
software environment.
713/165, 170, 190, 200, 164; 380/44, 45;
711/163; 726/26
See application ?le for complete search history.
40 Claims, 13 Drawing Sheets
f
SOFTWARE ENVIRONMENT
210
SUBSET
(6.9,, REGISTRY)
OS NUB
15
230
PUBLIC
KEY 205
OS NUB ID
201
PUBLIC
KEY
PRIVATE
HASHING
FUNCTION
220
KEY 204
OS NUB ID
FIRST
HASH
SECOND
HASH
PROTECTED
VALUE
VALUE
PRIVATE KEY
206
312
201
204
KEY
GENERATOR
240
PROCESSOR
NUB 18
OSNK 203
USAGE
PROTECTOR
Z50
200
US 7,082,615 B1
Page 2
U.S. PATENT DOCUMENTS
4,319,323
4,347,565
4,366,537
4,403,283
4,419,724
4,430,709
4,521,852
4,571,672
4,759,064
4,795,893
4,802,084
4,975,836
5,007,082
5,022,077
5,075,842
5,079,737
5,187,802
5,230,069
5,237,616
5,255,379
5,287,363
5,293,424
5,295,251
5,303,378
5,317,705
5,319,760
5,361,375
5,386,552
5,421,006
5,437,033
5,455,909
5,459,867
5,459,869
5,469,557
5,473,692
5,479,509
5,504,922
5,506,975
5,511,217
5,522,075
5,555,385
5,555,414
5,560,013
5,564,040
5,568,552
5,574,936
5,582,717
5,604,805
5,606,617
5,615,263
5,628,022
5,633,929
5,657,445
5,668,971
5,684,948
5,706,469
5,717,903
5,729,760
5,737,604
5,737,760
5,740,178
5,752,046
5,757,919
5,764,969
5,796,845
5,805,712
5,809,546
5,825,880
5,835,594
5,844,986
5,852,717
3/1982
8/1982
12/1982
9/1983
12/1983
2/1984
6/1985
2/1986
7/1988
1/1989
1/1989
12/1990
4/1991
6/1991
12/1991
1/1992
2/1993
7/1993
8/1993
10/1993
2/1994
3/1994
3/1994
4/1994
5/1994
6/1994
11/1994
1/1995
5/1995
7/1995
10/1995
10/1995
10/1995
11/1995
12/1995
12/1995
4/1996
4/1996
4/1996
5/1996
9/1996
9/1996
9/1996
10/1996
10/1996
11/1996
12/1996
2/1997
2/1997
3/1997
5/1997
5/1997
8/1997
9/1997
11/1997
1/1998
2/1998
3/1998
4/1998
4/1998
4/1998
5/1998
5/1998
6/1998
8/1998
9/1998
9/1998
10/1998
11/1998
12/1998
12/1998
Ermolovich et al.
Kaneda et al.
Heller et al.
Myntti et al.
Branigin et al.
Schleupen
Guttag
Hatada et al.
Chaum
Ugon
Ikegaya et al.
HirosaWa et al.
Cummins
Bealkowski et al.
Lai
Hackbarth
Inoue et al.
Brelsford et al.
Abraham et al.
Melo
Wolf et al.
Holtey et al.
Wakui et al.
Cohen
Gannon et al.
Mason et al.
Ogi
Garney
Jablon et al.
Inoue et al.
Blomgren et al.
Adams et al.
Spilo
Salt et al.
Davis
Ugon
Seki et al.
Onodera
Nakajima et al.
Robinson et al.
Osisek
Hough et al.
ScalZi et al.
Kubals
Davis
Ryba et al.
Di Santo
Brands
Brands
Takahashi
Ueno et al.
Kaliski, Jr.
Pearce
Neufeld
Johnson et al.
Kobayashi
Bonola
Poisner
Miller et al.
Grimmer, Jr. et al.
Jacks et al.
Oprescu et al.
Herbert et al.
Kahle et al.
Serikawa et al.
Davis
Greenstein et al.
Sudia et al.
Albrecht et al.
Davis
Bhide et al.
5,854,913
5,872,994
5,890,189
5,898,883
5,901,225
5,919,257
5,935,242
5,935,247
5,937,063
5,950,221
5,953,502
5,956,408
5,970,147
5,978,475
5,978,481
5,987,557
6,014,745
6,035,374
6,044,478
6,055,637
6,058,478
6,061,794
6,075,938
6,085,296
6,088,262
6,092,095
6,093,213
6,101,584
6,108,644
6,115,816
6,125,430
6,131,166
6,148,379
6,158,546
6,173,417
6,175,924
6,175,925
6,178,509
6,182,089
6,188,257
6,192,455
6,199,152
6,205,550
6,212,635
6,222,923
6,226,749
6,249,872
6,252,650
6,269,392
6,272,533
6,272,637
6,275,933
6,282,650
6,282,651
6,282,657
6,292,874
6,301,646
6,314,409
6,321,314
6,327,652
6,330,670
6,339,815
6,339,816
6,357,004
6,363,485
6,374,317
6,378,068
6,378,072
6,389,537
6,397,242
6,397,379
6,412,035
6,421,702
*
12/1998
2/1999
3/1999
4/1999
5/1999
7/1999
8/1999
8/1999
8/1999
9/1999
9/1999
9/1999
10/1999
11/1999
11/1999
11/1999
1/2000
3/2000
3/2000
4/2000
5/2000
5/2000
6/2000
7/2000
7/2000
7/2000
7/2000
8/2000
8/2000
9/2000
9/2000
10/2000
11/2000
12/2000
1/2001
1/2001
1/2001
1/2001
1/2001
2/2001
2/2001
3/2001
3/2001
4/2001
4/2001
5/2001
6/2001
6/2001
7/2001
8/2001
8/2001
8/2001
8/2001
8/2001
8/2001
9/2001
10/2001
11/2001
11/2001
12/2001
12/2001
1/2002
1/2002
3/2002
3/2002
4/2002
4/2002
4/2002
5/2002
5/2002
5/2002
6/2002
7/2002
GoetZ et al.
Akiyama et al.
NoZue et al.
Fujii et al.
Ireton et al.
Trostle
Madany et al.
Pai et al.
Davis
Draves et al.
Helbig, Sr.
Arnold
Davis
Schneier et al.
Ganesan et al.
Ebrahim
Ashe
PanWar et al.
Green
Hudson et al.
Davis
Angelo et al.
Bugnion et al.
Karkhanis et al.
Nasu
Maytal
Favor et al.
Satou et al.
Goldschlag et al.
Davis
Noel et al.
Wong-Insley
Schimmel
Hanson et a1.
Merrill
Arnold
Nardone et al.
Nardone et al.
Ganapathy et al.
Buer
Bogin et al.
Kelly et al.
Nardone et al.
Reardon
Schwenk
Carloganu et al.
Wildgrube et al.
Nakamura
Cotichini et al.
Browne
Little et al.
Fine et al.
Derek
Ashe
Kaplan et al.
Barnett ..................... .. 711/153
Hostetter
Schneck et al.
Van Dyke
England et al. .............. .. 713/2
England et al. .............. .. 713/2
Feng et al.
Bausch
Davis
Adams et al.
Ajanovic et al.
Foster et al.
Collins et al.
Davis et al.
Devine et al.
Yates, Jr. et al.
Webber
Gulick
US 7,082,615 B1
Page 3
6,445,797 B1
9/2002 McGough et a1.
Berg C: “HoW Do I Create a Signed Applet?”, Dr. Dobb’s
6,463,535 B1
6,463,537 B1
6,499,123 B1
10/2002 DreWs et a1.
10/2002 Tello
12/2002 McFarland et a1.
Journal, M&T Publ., Redwood City, CA, US, vol. 22, No. 8,
6,505,279 B1
B1
B1
B1
6,507,904
6,529,909
6,535,988
6,557,104
6,560,627
6,609,199
B1
B1
B1
1/2003 Phillips et a1.
Ellison et a1.
BoWman-Amuah
Poisner
1/2003
3/2003
3/2003
4/2003
5/2003
8/2003
Vu et a1.
McDonald et a1.
DeTreville
Curtis
6,615,278 B1*
9/2003
6,633,963 B1 *
10/2003
...................... .. 719/310
6,633,981 B1
6,651,171 B1
10/2003 Davis
11/2003 England et a1.
Ellison et a1.
6,678,825 B1 *
1/2004
6,684,326 B1
1/2004 Cromer et al.
6,701,284 B1
3/2004 Huntley et al.
9/2001 Burger et al.
2001/0021969 A1
2001/0027527 A1
2001/0037450 A1
Ellison et a1.
............ .. 711/163
............ .. 713/200
10/2001 Khidekel et al.
11/2001 Melitski et al.
0473913
0600112
0892521
0930567
0961193
0965902
1 030 237
1055989
1056014
1085396
1146715
11161521
WO9524696
WO 97/29567
WO9812620
WO983465
WO9 844402
WO9905600
WO99094 82
WO9918511
WO 99/38076
WO9957863
WO99/65579
02000076139
WO0021238
WO0062232
WO 01/27723
WO 01/27821
WO0163994
W0 01 75564
WO 01/75565
WO 01/75595
WO0175565
WO0175595
WO0201794
W0 02 17555
WO02060121
W0 02 086684
WO03058412
A
A
A
A
A
A
A
A
A
A
for Virtual Machines,” IBM J. Research Development, vol.
27, No. 6, pp. 530-544, Nov. 1983.
Rosenblum, M., “VmWare’s Virtual Platform: A Virtual
Machine Monitor for Commodity PCs,” Proceedings of the
11th Hotchips Conference, pp. 185-196, Aug. 1999.
LaWton, K., “Running Multiple Operating Systems Concur
rently on an IA32 PC Using VirtualiZation Techniques,”
FOREIGN PATENT DOCUMENTS
EP
EP
EP
EP
EP
EP
EP
EP
EP
EP
EP
JP
WO
W0
WO
WO
WO
WO
WO
WO
W0
WO
WO
WO
WO
WO
W0
W0
WO
W0
W0
W0
WO
WO
WO
W0
WO
W0
WO
8 ’97, p. 109-111, 122.
Goldberg, R, “Survey of virtual machine research,” IEEE
Computer Magazine 7(6), pp. 34-45, 1974.
Gum, P.H., “System/370 Extended Architecture: Facilities
3/1992
8/1994
1/1999
7/1999
12/1999
12/1999
8/2000
11/2000
11/2000
3/2001
10/2001
6/1999
9/1995
8/1997
3/1998
8/1998
10/1998
2/1999
2/1999
4/1999
7/1999
11/1999
12/1999
3/2000
4/2000
10/2000
4/2001
4/2001
8/2001
10/2001
10/2001
10/2001
10/2001
10/2001
1/2002
2/2002
8/2002
10/2002
7/2003
OTHER PUBLICATIONS
http://WWW.plex86.org/research/paper.txt; Nov. 29, 1999;
pp. 1-31.
“Information Display Technique for a Terminate Stay Resi
dent Program,” IBM Technical Disclosure Bulletin, TDB
ACC-No. NA91 NA9112156, Dec. 1, 1991, pp. 156-158,
vol. 34, Issue No. 7A.
Robin, John Scott and Irvine, Cynthia E., “Analysis of the
Pentium’s Ability to Support a Secure Virtual Machine
Monitor,” Proceedings of the 9th USENIX Security Sym
posium, Aug. 14, 2000, pp. 1-17. XP002247347, Denver,
CO.
Karger, Paul A., et al., “A VMM Security Kernel for the
VAX Architecture,” Proceedings of the Symposium on
Research in Security and Privacy, May 7, 1990, pp. 2-19,
XP010020182, ISBN: 0-8186-2060-9, Boxborough, MA.
Chien, AndreW A., et al., “Safe and Protected Execution for
the Morph/AMRM Recon?gurable Processor,” 7th Annual
IEEE Symposium, ECCM ’99 Proceedings Apr. 21, 1999,
pp. 209-221, XP010359180, ISBN: 0-7695-0375-6, Los
Alamitos, CA.
Brands, Stefan , “Restrictive Blinding of Secret-Key Cer
ti?cates”, Springer-Verlag XP002201306, (1995), Chapter
3.
Davida, George I., et al., “Defending Systems Against
Viruses through Cryptographic Authentication”, Proceed
ings of the Symposium on Security and Privacy, IEEE
Comp. Soc. Press, ISBN 0-8186-1939-2, (May 1989).
KashiWagi, KaZuhiko , et al., “Design and Implementation
of Dynamically Reconstructing System-Software”, Software
Engineering Conference, Proceedings 1996 Asia-Paci?c
Seoul, South Korea Dec. 4-7, 1996, Los Alamitos, CA USA,
IEEE Comput. Soc, US, ISBN 0-8186-7638-8, (1996).
Luke, Jahn , et al., “Replacement Strategy for Aging Avi
onics
Computers”,
IEEE AES Systems Magazine,
XP002190614, (Mar. 1999).
MeneZes, Oorschot , “Handbook of Applied Cryptography”,
CRC Press LLC, USA XP002201307, (1997), 475.
Richt, Stefan, et al., “In-Circuit-Emulator Wird EchtZeit
tauglich”, Elektronic, Franzis Verlag GMBH, Munchen, DE,
vol. 40 No. 16, XP00259620,(100-103),Aug. 6, 1991.
SaeZ, Sergio , et al., “A HardWare Scheduler for Complex
Real-Time Systems”, Proceedings ofthe IEEE International
Symposium on Industrial Electronics, XP002190615, (Jul.
1999), 43-48.
“Intel 386 DX Microprocessor 32-Bit CHMOS Micropro
cessor With Integrated Memory Management”, Dec. 31,
1995, Intel Inc., p. 32-56; ?gure 4-14.
Joe Heinrich:“MIPS R4000 Microprocessor User’s
Architecture”, Department of Computer Science and Engi
neering, University ofCalifornia, San Diego, La Jolla, CA,
Manual”, 1994, MIPS Technology Inc., Mountain View, CA,
J. Heinrich: “MIPS R4000 Microprocessor User’s Manual,”
pp. 67-79.
Apr. 1, 1993, MIPS, Mt. View, XP002184449, pp. 61-97.
SherWood, Timothy , et al., “Patchable Instruction ROM
(Nov. 2001).
US 7,082,615 B1
Page 4
Colouris, George , et al., “Distributed Systems, Concepts
Namba, S. , et al., “VM/4: ACOS-4 Virtual Machine Archi
and Designs”, 2nd Edition, (1994),422-424.
tecture”, VM/4 ACOS-4 Wrtual Machine Architecture, IEEE,
Crawford, John , “Architecture of the Intel 80386”, Pro
(1985), 171-178.
RSA Security, “Hardware Authenticators”, www.rsasecurity.
com/node.asp?id:1158, 1-2.
ceedings ofthe IEEE International Conference on Computer
Design; VLSI in Computers and Processors (ICCD ’86),
(Oct. 6, 1986), 155-160.
Fabry, R.S. , “Capability-Based Addressing”, Fabry, R.S.,
r‘Capability-Based Addressing, ” Communications of the
ACM, vol. 17, No. 7, (Jul. 1974), 403-412.
Frieder, Gideon , “The Architecture And Operational Char
acteristics of the VMX Host Machine”, The Architecture
And Operational Characteristics of the VMX Host Machine,
IEEE, (1982),9-16.
Intel Corporation, “IA-64 System Abstraction Layer Speci
?cation”, Intel Product Speci?cation Order No. 245359-001.
(Jan. 2000), 1-112.
Intel Corporation, “Intel IA-64 Architecture Software
Developer’s Manual”, V01. 2: IA-64 System Architecture,
Order No. 245318-001, (Jan. 2000), i, ii, 5.1-5.3, 11.1-11.8,
11.23-11.26.
MeneZes, Alfred 1., et al., “Handbook of Applied Cryptog
raphy”, CRC Press Series on Discrete Mathematics and its
Applications, Boca Raton, FL, XP002165287, ISBN
0849385237, (Oct. 1996), 403-405, 506-515, 570.
RSA Security, “RSA SecurID Authenticators”, www.
rsasecurity.com/products/securid/datasheets/
SIDiDSi0103pdf, 1-2.
RSA Security, “Software Authenticators”, www.srasecurity.
com/node.asp?id:1313, 1-2.
Schneier, Bruce , “Applied Cryptography: Protocols, Algo
rithm, and Source Code in C”, Wiley John & Sons, Inc.,
XP002939871; ISBN 0471117099, (Oct. 1995),47-52.
Schneier, Bruce , “Applied Cryptography: Protocols, Algo
rithm, and Source Code in C”, Wiley, John & Sons, Inc.,
XP002138607; ISBN 0471117099,(Oct. 1995), 56-65.
Schneier, Bruce , “Applied Cryptography: Protocols, Algo
rithms, and Source Code C”, Wiley, John & Sons, Inc.,
XP0021111449; ISBN 0471117099,(Oct. 1995), 169-187.
Schneier, Bruce , “Applied Cryptography: Protocols, Algo
rithms, and Source Code in C”, 2nd Edition; Wiley, John &
Sons, Inc., XP002251738; ISBN 0471128457,(Nov.
1995),28-33; 176-177; 216-217; 461-473; 518-522.
* cited by examiner
U.S. Patent
Jul. 25, 2006
Sheet 1 0f 13
US 7,082,615 B1
QM.mFE
2»
45210 ZOCbUmX
U.S. Patent
Jul. 25, 2006
Sheet 5 0f 13
SUBSET
US 7,082,615 B1
256’
(6.9. REGISTRY)
RETRIEVED
‘230
SUBSET
392
COMPRESSOR
370
DECOMPRESSOR
390
L
COMPRESSED
SUBSET
372’
RETRIEVED
RETRIEVED
ENCRYPTED
ENCRYPTED
co'g?ggggw
387
COMPRESSED
COMPRESSED
"
SUBSET
SUBSET
ENCRYPTOR
377
375
‘
STORAGE
'
350
A
OSNK
203
FIGURE 3A
382
‘
DECRYPTOR
'
385
U.S. Patent
Jul. 25, 2006
Sheet 7 0f 13
US 7,082,615 B1
Rm
U39: Ev. m8.
SBwmE5o3z2m mTwmsoz
3m
A
Um..DE
A
mPzwH
km D $9538“
vom
wmEkZOH mobxwz
QNM
A
mNM
mOP>U
mm
QmPUO
U.S. Patent
Jul. 25, 2006
Sheet 10 0f 13
US 7,082,615 B1
400
AUTHORIZED
NO
405
ACCESS?
READ OR
WRITE?
415
OBTAIN OSNK AND
SUBSET
4Z0
ENCRYPT SUBSET
DECRYPT
USING OSNK
ENCRYPTED SUBSET
‘L
USING OSNK
I
4Z5
STORE ENCRYPTED
SUBSET IN STORAGE
FIGURE 4
OBTAIN OSNK AND
ENCRYPTED SUBSET
430
435
U.S. Patent
Jul. 25, 2006
Sheet 11 0f 13
US 7,082,615 B1
500
505
UPDATE
TEST?OR
OBTAIN OSNK AND SECOND
HASH VALUE
UPDATE
¢
510
No
5'50
RETRIEVE ENCRYPTED
FIRsT HASH VALUE FROM
STORAGE
AUTHORIZED
ACCESS?
555
‘L
515
OBTAIN OSNK AND FIRsT
HASH VALUE
5Z0
ENCRYPT F|RsT HASH
VALUE UsING OSNK
DECRYPT RETRIEVED
ENCRYPTED FIRST HASH
VALUE USING OSNK
560
#
HASHES
EQUAL’?
J,
525
STORE ENCRYPTED FIRsT
HASH VALUE IN STORAGE
570
v
CLEAR "MODIFIED" FLAG
END
"
FIGURE 5
575
SET “MODIFIED” FLAG
U.S. Patent
Jul. 25, 2006
Sheet 12 0f 13
US 7,082,615 B1
600
605
UPDATE OR
TEST?
U PDATE
610
NO
AUTHORIZED
REQUEST?
OBTAIN PUBLIC KEY.
SUBSET AND SIGNATURE
615
I
OBTAIN OSNK, PROTECTED
PRIVATE KEY AND SUBSET
VERIFY SUBSET AGAINST
I
620
DECRYPT PROTECTED
PRIVATE KEY USING OSNK
620
SIGN SUBSET USING
PRIVATE KEY
630
STORE SIGNATURE
655
SIGNATURE USING PUBLIC
KEY
l
660
I
END
650
SUBSET
VERIFIES?
665
CLEAR MODIFIED FLAG
‘
FIGURE 6
v
670
SET MODIFIED FLAG
U.S. Patent
Jul. 25, 2006
Sheet 13 0f 13
US 7,082,615 B1
700
705
OBTAIN OSNK AND SECOND
HASH VALUE
UPDATE OR
TEST?
I
UPDATE
ENCRYPT SECOND HASH
710
VALUE USING OSNK
AUTHORIZED
NO
I
ACCESS?
715
OBTAIN OSNK AND FIRST
HASH VALUE
720
ENCRYPT FIRST HASH
VALUE USING OSNK
RETRIEVE ENCRYPTED
FIRST HASH VALUE FROM
STORAGE
I
STORE ENCRYPTED FIRST
755
760
765
ENCRYPTED
HASHES
EQUAL?
I
725
750
770
HASH VALUE IN STORAGE
CLEAR MODIFIED FLAG
END
FIGURE 7
v
775
SET MODIFIED FLAG
US 7,082,615 B1
1
2
PROTECTING SOFTWARE ENVIRONMENT
IN ISOLATED EXECUTION
FIG. 3A is a diagram illustrating a subset of a software
environment having a usage protector according to one
embodiment of the invention.
FIG. 3B is a diagram illustrating a subset of a software
CROSS-REFERENCES TO RELATED
APPLICATIONS
environment having a usage protector according to another
embodiment of the invention.
FIG. 3C is a diagram illustrating the subset of a software
environment according to yet another embodiment of the
invention.
FIG. 3D is a diagram illustrating the subset of a software
environment according to yet another embodiment of the
invention.
FIG. 3E is a diagram illustrating the subset of a software
environment according to yet another embodiment of the
invention.
FIG. 4 is a ?owchart illustrating a process to protect usage
This is a continuation-in-part of US. patent application
Ser. No. 09/540,946 ?led Mar. 31, 2000.
BACKGROUND
1. Field of the Invention
This invention relates to microprocessors. In particular,
the invention relates to processor security.
2. Description of Related Art
Advances in microprocessor and communication tech
of a subset of a software environment according to one
nologies have opened up many opportunities for applica
tions that go beyond the traditional ways of doing business.
Electronic commerce (E-commerce) and business-to-busi
ness (B2B) transactions are now becoming popular, reaching
the global markets at a fast rate. Unfortunately, while
modem microprocessor systems provide users convenient
20
and e?icient methods of doing business, communicating and
transacting, they are also vulnerable to unscrupulous attacks.
25
Examples of these attacks include virus, intrusion, security
breach, and tampering, to name a few. Computer security,
therefore, is becoming more and more important to protect
the integrity of the computer systems and increase the trust
of users.
embodiment of the invention.
FIG. 5 is a ?owchart illustrating the process to protect
usage of the subset according to another embodiment of the
invention.
FIG. 6 is a ?owchart illustrating the process to protect
usage of the subset according to yet another embodiment of
the invention.
FIG. 7 is a ?owchart illustrating a process to protect usage
of the subset according to yet another embodiment of the
invention.
DETAILED DESCRIPTION
30
Threats caused by unscrupulous attacks may be in a
number of forms. Attacks may be remote without requiring
physical accesses. An invasive remote-launched attack by
hackers may disrupt the normal operation of a system
In the following description, for purposes of explanation,
numerous details are set forth in order to provide a thorough
understanding of the present invention. However, it will be
apparent to one skilled in the art that these speci?c details
connected to thousands or even millions of users. A virus 35
are not required in order to practice the present invention. In
program may corrupt code and/or data of a single-user
other instances, well-known electrical structures and circuits
are shown in block diagram form in order not to obscure the
platform.
Existing techniques to protect against attacks have a
number of drawbacks. Anti-virus programs can only scan
and detect known viruses. Most anti-virus programs use a
weak policy in which a ?le or program is assumed good until
present invention.
40
One principle for providing security in a computer system
or platform is the concept of an isolated execution architec
ture. The isolated execution architecture includes logical and
proved bad. For many security applications, this weak policy
may not be appropriate. In addition, most anti-virus pro
grams are used locally where they are resident in the
platform. This may not be suitable in a group work envi
ronment. Security co-processors or smart cards using cryp
45
tographic or other security techniques have limitations in
speed performance, memory capacity, and ?exibility. Rede
signing operating systems creates software compatibility
issues and causes tremendous investment in development
efforts.
50
BRIEF DESCRIPTION OF THE DRAWINGS
The features and advantages of the present invention will
become apparent from the following detailed description of
55
physical de?nitions of hardware and software components
that interact directly or indirectly with an operating system
of the computer system or platform. An operating system
and the processor may have several levels of hierarchy,
referred to as rings, corresponding to various operational
modes. A ring is a logical division of hardware and software
components that are designed to perform dedicated tasks
within the operating system. The division is typically based
on the degree or level of privilege, namely, the ability to
make changes to the platform. For example, a ring-0 is the
innermost ring, being at the highest level of the hierarchy.
Ring-0 encompasses the most critical, privileged compo
nents. In addition, modules in Ring-0 can also access to
lesser privileged data, but not vice versa. Ring-3 is the
outermost ring, being at the lowest level of the hierarchy.
Ring-3 typically encompasses users or applications level and
the present invention in which:
FIG. 1A is a diagram illustrating a logical operating
architecture according to one embodiment of the invention.
has the least privilege. Ring-1 and ring-2 represent the
intermediate rings with decreasing levels of privilege.
FIG. 1B is a diagram illustrating accessibility of various
elements in the operating system and the processor accord
ing to one embodiment of the invention.
FIG. 1C is a diagram illustrating a computer system in
which one embodiment of the invention can be practiced.
FIG. 2 is a diagram illustrating a secure platform accord
ing to one embodiment of the invention.
Architecture Overview
FIG. 1A is a diagram illustrating a logical operating
architecture 50 according to one embodiment of the inven
65
tion. The logical operating architecture 50 is an abstraction
of the components of an operating system and the processor.
The logical operating architecture 50 includes ring-0 10,
ring-1 20, ring-2 30, ring-3 40, and a processor nub loader
US 7,082,615 B1
3
4
52. The processor nub loader 52 is an instance of an
page. The isolated mode applets 46 1 to 46K and their data are
processor executive (PE) handler. The PE handler is used to
tamper-resistant and monitor-resistant from all softWare
handle and/or manage a processor executive (PE) as Will be
attacks from other applets, as Well as from non-isolated
space applications (e.g., 421 to 42N), dynamic link libraries
discussed later. The logical operating architecture 50 has tWo
modes of operation: normal execution mode and isolated
execution mode. Each ring in the logical operating archi
(DLLs), drivers and even the primary operating system 12.
Only the processor nub 18 or the operating system nub 16
tecture 50 can operate in both modes. The processor nub
can interfere With or monitor the applet’s execution.
loader 52 operates only in the isolated execution mode.
Ring-0 10 includes tWo portions: a normal execution
Ring-0 11 and an isolated execution Ring-0 15. The normal
FIG. 1B is a diagram illustrating accessibility of various
elements in the operating system 10 and the processor
according to one embodiment of the invention. For illustra
execution Ring-0 11 includes software modules that are
critical for the operating system, usually referred to as
tion purposes, only elements of ring-0 10 and ring-3 40 are
shoWn. The various elements in the logical operating archi
kernel. These software modules include primary operating
system (e.g., kernel) 12, softWare drivers 13, and hardWare
tecture 50 access an accessible physical memory 60 accord
drivers 14. The isolated execution Ring-0 15 includes an
operating system (OS) nub 16 and a processor nub 18. The
accessible physical memory 60 includes an isolated area 70
ing to their ring hierarchy and the execution mode. The
and a non-isolated area 80. The isolated area 70 includes
OS nub 16 and the processor nub 18 are instances of an OS
applet pages 72 and nub pages 74. The non-isolated area 80
executive (OSE) and processor executive (PE), respectively.
includes application pages 82 and operating system pages
The OSE and the PE are part of executive entities that
operate in a secure environment associated With the isolated
area 70 and the isolated execution mode. The processor nub
84. The isolated area 70 is accessible only to elements of the
20
tion mode. The non-isolated area 80 is accessible to all
elements of the ring-0 operating system and to the processor.
The normal execution ring-0 11 including the primary OS
12, the softWare drivers 13, and the hardWare drivers 14, can
loader 52 is a protected bootstrap loader code held Within a
chipset in the system and is responsible for loading the
processor nub 18 from the processor or chipset into an
isolated area as Will be explained later.
25
Similarly, ring-1 20, ring-2 30, and ring-3 40 include
normal execution ring-1 21, ring-2 31, ring-3 41, and
isolated execution ring-1 25, ring-2 35, and ring-3 45,
respectively. In particular, normal execution ring-3 includes
N applications 421 to 42N and isolated execution ring-3
includes K applets 461 to 46K.
The normal execution ring-3, including applications 421 to
normal execution ring-0 11 and ring-3 41, hoWever, cannot
access the isolated area 70.
30
35
lation look aside (TLB) access check. Access to this isolated
processor, using special bus (e.g., memory read and Write)
platform, the processor nub 18, and the operating system
nub 16. The operating system nub 16 provides links to
services in the primary OS 12 (e.g., the unprotected seg
ments of the operating system), provides page management
40
45
area 70, including the applet pages 72 and the nub pages 74,
and the non-isolated area 80, including the application pages
82 and the OS pages 84. The isolated execution ring-3 45,
including applets 461 to 46K, can access only to the appli
cation pages 82 and the applet pages 72. The applets 461 to
46K reside in the isolated area 70.
FIG. 1C is a diagram illustrating a computer system 100
in Which one embodiment of the invention can be practiced.
The computer system 100 includes a processor 110, a host
bus 120, a memory controller hub (MCH) 130, a system
memory 140, an input/output controller hub (ICH) 150, a
non-volatile memory, or system ?ash, 160, a mass storage
device 170, input/output devices 175, a token bus 180, a
motherboard (MB) token 182, a reader 184, and a token 186.
The MCH 130 may be integrated into a chipset that inte
grates multiple functionalities such as the isolated execution
mode, host-to-peripheral bus interface, memory control.
50
Similarly, the ICH 150 may also be integrated into a chipset
together or separate from the MCH 130 to perform I/O
functions. For clarity, not all the peripheral buses are shoWn.
It is contemplated that the system 100 may also include
peripheral buses such as Peripheral Component Interconnect
(PCI), accelerated graphics port (AGP), Industry Standard
55
Architecture (ISA) bus, and Universal Serial Bus (USB),
etc.
Within the isolated area, and has the responsibility for
The processor 110 represents a central processing unit of
any type of architecture, such as complex instruction set
loading ring-3 application modules 45, including applets 461
to 46K, into protected pages allocated in the isolated area.
The operating system nub 16 may also load ring-0 support
The isolated execution ring-0 15, including the OS nub 16
and the processor nub 18, can access to both of the isolated
region is permitted only from a front side bus (FSB) of the
cycles, referred to as isolated read and Write cycles. The
special bus cycles are also used for snooping. The isolated
read and Write cycles are issued by the processor executing
in an isolated execution mode. The isolated execution mode
is initialiZed using a privileged instruction in the processor,
combined With the processor nub loader 52. The processor
nub loader 52 veri?es and loads a ring-0 nub softWare
module (e.g., processor nub 18) into the isolated area. The
processor nub 18 provides hardWare-related services for the
isolated execution.
One task of the processor nub 18 is to verify and load the
ring-0 OS nub 16 into the isolated area, and to generate the
root of a key hierarchy unique to a combination of the
access both the OS pages 84 and the application pages 82.
42N, can access only to the application pages 82. Both the
One concept of the isolated execution architecture is the
creation of an isolated region in the system memory, referred
to as an isolated area, Which is protected by both the
processor and chipset in the computer system. The isolated
region may also be in cache memory, protected by a trans
operating system and processor operating in isolated execu
60
computers (CISC), reduced instruction set computers
(RISC), very long instruction Word (VLIW), or hybrid
ing modules.
architecture. In one embodiment, the processor 110 is com
The operating system nub 16 may choose to support
paging of data betWeen the isolated area and ordinary (e.g.,
non-isolated) memory. If so, then the operating system nub
16 is also responsible for encrypting and hashing the isolated
area pages before evicting the page to the ordinary memory,
and for checking the page contents upon restoration of the
patible With an Intel Architecture (IA) processor, such as the
Pentium series, the IA-32TM and the IA-64TM. The processor
110 includes a normal execution mode 112 and an isolated
65
execution circuit 115. The normal execution mode 112 is the
mode in Which the processor 110 operates in a non-secure
environment, or a normal environment Without the security
US 7,082,615 B1
6
5
features provided by the isolated execution mode. The
The system memory 140 stores system code and data. The
isolated execution circuit 115 provides a mechanism to
alloW the processor 110 to operate in an isolated execution
random access memory (DRAM) or static random access
system memory 140 is typically implemented With dynamic
mode. The isolated execution circuit 115 provides hardWare
and softWare support for the isolated execution mode. This
memory (SRAM). The system memory 140 includes the
accessible physical memory 60 (shoWn in FIG. 11B). The
accessible physical memory includes a loaded operating
system 142, the isolated area 70 (shoWn in FIG. 1B), and an
isolated control and status space 148. The loaded operating
system 142 is the portion of the operating system that is
loaded into the system memory 140. The loaded OS 142 is
support includes con?guration for isolated execution, de?
nition of an isolated area, de?nition (e.g., decoding and
execution) of isolated instructions, generation of isolated
access bus cycles, and generation of isolated mode inter
rupts.
typically loaded from a mass storage device via some boot
code in a boot storage such as a boot read only memory
In one embodiment, the computer system 100 can be a
single processor system, such as a desktop computer, Which
has only one main central processing unit, e.g. processor
110. In other embodiments, the computer system 100 can
(ROM). The isolated area 70, as shoWn in FIG. 1B, is the
memory area that is de?ned by the processor 110 When
operating in the isolated execution mode. Access to the
isolated area 70 is restricted and is enforced by the processor
110 and/or the MCH 130 or other chipset that integrates the
isolated area functionalities. The isolated control and status
include multiple processors, e.g. processors 110, 110a, 110b,
etc., as shoWn in FIG. 1C. Thus, the computer system 100
can be a multi-processor computer system having any num
ber of processors. For example, the multi-processor com
space 148 is an input/output (I/O)-like, independent address
puter system 100 can operate as part of a server or Work
station environment. The basic description and operation of
20
processor 110 Will be discussed in detail beloW. It Will be
appreciated by those skilled in the art that the basic descrip
tion and operation of processor 110 applies to the other
processors 110a and 110b, shoWn in FIG. 1C, as Well as any
number of other processors that may be utiliZed in the
25
multi-processor computer system 100 according to one
embodiment of the present invention.
The processor 110 may also have multiple logical pro
data Which are not shoWn.
The ICH 150 represents a knoWn single point in the
system having the isolated execution functionality. For clar
ity, only one ICH 150 is shoWn. The system 100 may have
cessors. A logical processor, sometimes referred to as a
thread, is a functional unit Within a physical processor
having an architectural state and physical resources allo
30
cated according to some partitioning policy. Within the
context of the present invention, the terms “thread” and
“logical processor” are used to mean the same thing. A
multi-threaded processor is a processor having multiple
many ICH’s similar to the ICH 150. When there are multiple
ICH’s, a designated ICH is selected to control the isolated
area con?guration and status. In one embodiment, this
selection is performed by an external strapping pin. As is
knoWn by one skilled in the art, other methods of selecting
35
threads or multiple logical processors. A multi-processor
can be used, including using programmable con?guring
registers. The ICH 150 has a number of functionalities that
are designed to support the isolated execution mode in
addition to the traditional I/O functions. In particular, the
ICH 150 includes an isolated bus cycle interface 152, the
system (e.g., the system comprising the processors 110,
110a, and 1101)) may have multiple multi-threaded proces
sors.
The host bus 120 provides interface signals to alloW the
space de?ned by the processor 110 and/or the MCH 130. The
isolated control and status space 148 contains mainly the
isolated execution control and status registers. The isolated
control and status space 148 does not overlap any existing
address space and is accessed using the isolated bus cycles.
The system memory 140 may also include other programs or
processor 110 or processors 110, 10011, and 11019 to com
municate With other processors or devices, e.g., the MCH
processor nub loader 52 (shoWn in FIG. 1A), a digest
memory 154, a cryptographic key storage 155, an isolated
execution logical processor manager 156, and a token bus
130. In addition to normal mode, the host bus 120 provides
interface 159.
40
an isolated access bus mode With corresponding interface
signals for memory read and Write cycles When the proces
45
service isolated bus cycles, such as the isolated read and
Write bus cycles. The processor nub loader 52, as shoWn in
FIG. 1A, includes a processor nub loader code and its digest
sor 110 is con?gured in the isolated execution mode. The
isolated access bus mode is asserted on memory accesses
initiated While the processor 110 is in the isolated execution
mode. The isolated access bus mode is also asserted on
instruction pre-fetch and cache Write-back cycles if the
address is Within the isolated area address range and the
processor 110 is initialiZed in the isolated execution mode.
The processor 110 responds to snoop cycles to a cached
address Within the isolated area address range if the isolated
access bus cycle is asserted and the processor 110 is initial
iZed into the isolated execution mode.
50
55
60
130 has memory range registers (e.g., base and length
registers) to represent the isolated area in the system
memory 140. Once con?gured, the MCH 130 aborts any
access to the isolated area that does not have the isolated
access bus mode asserted.
(e.g., hash) value. The processor nub loader 52 is invoked by
execution of an appropriate isolated instruction (e.g.,
Iso_Init) and is transferred to the isolated area 70. From the
isolated area 80, the processor nub loader 52 copies the
The MCH 130 provides control and con?guration of
memory and input/output devices such as the system
memory 140 and the ICH 150. The MCH 130 provides
interface circuits to recogniZe and service isolated access
assertions on memory reference bus cycles, including iso
lated memory read and Write cycles. In addition, the MCH
The isolated bus cycle interface 152 includes circuitry to
interface to the isolated bus cycle signals to recogniZe and
65
processor nub 18 from the system ?ash memory (e.g., the
processor nub code 18 in non-volatile memory 160) into the
isolated area 70, veri?es and logs its integrity, and manages
a symmetric key used to protect the processor nub’s secrets.
In one embodiment, the processor nub loader 52 is imple
mented in read only memory (ROM). For security purposes,
the processor nub loader 52 is unchanging, tamper-resistant
and non-substitutable. The digest memory 154, typically
implemented in RAM, stores the digest (e. g., hash) values of
the loaded processor nub 18, the operating system nub 16,
and any other critical modules (e.g., ring-0 modules) loaded
into the isolated execution space. The cryptographic key
storage 155 holds a symmetric encryption/decryption key
that is unique for the platform of the system 100. In one
embodiment, the cryptographic key storage 155 includes
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement