VERIFYING CALLER AUTHORIZATION USING SECRET DATA EMBEDDED IN CODE

摘要

In a computer system operable at more than one privilege level, confidential code is securely customized to use secret data to establish a code protection domain without disclosing the secret data to a managing operating system. In operation, a security module executes at a higher privilege level than both the managing operating system and the confidential code. After the managing operating system loads the executable of the confidential code, the security module injects the secret data directly into an authorization instruction and a verification instruction included in the confidential code and then sets both the authorization instruction and the verification instruction as executable-only. As the confidential code executes at the assigned privilege level, the authorization instruction and the verification instruction use the secret data to distinguish between unauthorized and authorized execution of the confidential code.

主权项

1. A method of creating a code protection domain in a computer system operable in a plurality of privilege levels, wherein the method executes at a first privilege level and comprising:
suspending a guest operating system that executes confidential code included in the code protection domain at a second privilege level that is less secure than the first privilege level, wherein the confidential code includes an authorization instruction that contains a first placeholder and a verification instruction that contains a second placeholder; replacing both the first placeholder and the second placeholder with a security key; setting both the authorization instruction and the verification instruction to be execute-only; and unsuspending the guest operating system, wherein, upon executing, the authorization instruction sets the value of a register to the security key and the verification instruction compares the value of the register to the security key.