发明名称 |
CACHE STRUCTURE FOR A COMPUTER SYSTEM PROVIDING SUPPORT FOR SECURE OBJECTS |
摘要 |
A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method includes decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory. |
申请公布号 |
US2016188494(A1) |
申请公布日期 |
2016.06.30 |
申请号 |
US201615062676 |
申请日期 |
2016.03.07 |
申请人 |
International Business Machines Corporation |
发明人 |
Boivie Richard Harold |
分类号 |
G06F12/14;G06F12/08 |
主分类号 |
G06F12/14 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method comprising:
decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory; encrypting and generating an integrity value as information in the secure object moves from the cache to external memory; storing an object-id value that identifies a software that is currently executing in a CPU (Central Processing Unit), said value having a predetermined standard value when software that is not a secure object is executing; augmenting each block of information in the cache with an ownership field that is used to store an identification of the software that owns the information in said each block; comparing, when software attempts to access information in one of said blocks, the object-id of the currently executing software with a content of the ownership field of the block being accessed; and allowing access to the block if the object-id of the currently executing software matches the object-id in the ownership field of the block, allowing access if the ownership field of the block is not the object-id of a secure object, and treating the access as a “cache miss” otherwise. |
地址 |
Armonk NY US |