SECURITY VULNERABILITY MITIGATION USING HARDWARE-SUPPORTED CONTEXT-DEPENDENT ADDRESS SPACE HIDING

SECURITY VULNERABILITY MITIGATION USING HARDWARE-SUPPORTED CONTEXT-DEPENDENT ADDRESS SPACE HIDING

A system, method and processor that mitigates security vulnerabilities using context-dependent address space hiding. In some embodiments, a hardware mechanism allows a more-privileged software component managing multiple less-privileged software components to blind itself against "out-of-contex...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chong, Nathan Yong Seng, Raslan, Karimallah Ahmed Mohammed
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system, method and processor that mitigates security vulnerabilities using context-dependent address space hiding. In some embodiments, a hardware mechanism allows a more-privileged software component managing multiple less-privileged software components to blind itself against "out-of-context" less-privileged software components. The hardware mechanism can allow the more-privileged software component to dynamically hide a portion of the more-privileged address space related to the "out-of-context" less-privileged software components, based on knowledge of the "in-context" less-privileged software component. A context register is set with a value from which an address range, within the address space of the more-privileged software component, can be determined, where the address range is associated with a first less-privileged software component can be determined. When the more-privileged software component attempts to access data from other less-privileged software components, it is prevented from accessing such data, based at least in part on the context register.