Method and system for memory protection and security using credentials

Assignee

• International Business Machines Corporation · US

Inventors

• Michael Backes · Thalwil, CH
• Shmuel Ben-Yehuda · Haifa, IL
• Jan L. Camenisch · Thalwil, CH
• Ton Engbersen · Feusisberg, CH
• Zorik Machulsky · Gesher HaZiv, IL
• Julian Satran · Atlit, IL
• Leah Shalev · Jerusalem, IL
• Ilan Shimony · Ramat Gan, IL
• Thomas Basil Smith, III · Wilton, US
• Michael Waidner · Darmstadt, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F12/1466
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.