Memory isolation through address translation data edit control
US7058768B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 13, 2002 |
| Grant date | Jun 6, 2006 |
| Priority date | — |
| Expiry date | Mar 3, 2024 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F12/145
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.