CACHE STRUCTURE FOR A COMPUTER SYSTEM PROVIDING SUPPORT FOR SECURE OBJECTS

摘要

A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method includes decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory.

主权项

1. A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method comprising:
decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory; encrypting and generating an integrity value as information in the secure object moves from the cache to external memory; storing an object-id value that identifies a software that is currently executing in a CPU (Central Processing Unit), said value having a predetermined standard value when software that is not a secure object is executing; augmenting each block of information in the cache with an ownership field that is used to store an identification of the software that owns the information in said each block; comparing, when software attempts to access information in one of said blocks, the object-id of the currently executing software with a content of the ownership field of the block being accessed; and allowing access to the block if the object-id of the currently executing software matches the object-id in the ownership field of the block, allowing access if the ownership field of the block is not the object-id of a secure object, and treating the access as a “cache miss” otherwise.