摘要 |
Designating and handling confidential memory allocations of virtual memory. An operating system provides a memory allocation flag that applications may use to indicate any arbitrary area of physical memory marked with this flag may contain confidential data and should be handled accordingly. The operating system also ensures that memory allocated with this flag can be placed in physical memory. When freeing up memory, the operating system protects any data in the memory allocated with this flag. For example, the operating system may prevent the confidential memory from being swapped out to storage or from being accessible to other applications, such as debuggers. Alternatively, the operating system may encrypt any data in the confidential memory before it is swapped out to storage. |