News Column

Patent Issued for Method and System for Designating and Handling Confidential Memory Allocations

January 30, 2014



By a News Reporter-Staff News Editor at Computer Weekly News -- Red Hat, Inc. (Raleigh, NC) has been issued patent number 8631250, according to news reporting originating out of Alexandria, Virginia, by VerticalNews editors.

The patent's inventors are Van Riel, Henri Han (Nashua, NH); Cox, Alan (Surrey Resgarch Park, GB).

This patent was filed on March 28, 2012 and was published online on January 14, 2014.

From the background information supplied by the inventors, news correspondents obtained the following quote: "Memory management is one of the most fundamental issues of modern computer systems. Typically, a computer system will include a hierarchy of memory that ranges from a small, fast cache of main memory that is placed in front of a larger, but slower, auxiliary memory. The cache is generally implemented using a physical memory, such as RAM, while the auxiliary memory is implemented using a storage device, such as a disk drive or hard disk. Both memories are usually managed in uniformly sized units known as pages.

"In order to improve performance, many computers and operating systems today implement virtual memory for the applications running on the computer. Virtual memory is where the computer system emulates that it has more memory than the computer system actually physically possesses. For example, most computer systems utilize 32-bit processors. Hence, a computer system is theoretically capable of providing a virtual memory of approximately 2.sup.32 bits or approximately 4 Gigabytes, even though the physical memory is usually much smaller.

"In order to provide a virtual memory of this size, the computer system runs the application or process in a memory address space that is virtual, i.e., not tied to the physical memory. The computer system will then swap pages in and out of a cache in its physical memory in order to emulate the virtual memory. During operation, an application or process will continually requests pages using virtual memory addresses. In response, the computer system will translate the virtual memory address into a physical memory address and determine if the page is present in the cache (i.e., the page is resident). When a requested page is not present in the cache, it is called a cache 'miss' (or page fault), and the requested page must be retrieved from storage. However, when the cache is full, before a new page can be brought into the cache, another page (known as the victim page) must be evicted to storage.

"Many applications running on a computer system utilizes confidential or sensitive data, such as encryption keys, passwords, account numbers, and the like. Unfortunately, as noted above, an application is provided a virtual memory and portions of that virtual memory are actually swapped in/out of storage, which is generally unprotected from tampering. Any data read by a process that was originally encrypted can be found as plain text in swap storage, if the process used data that was swapped out to storage. Moreover, it is possible for passwords and the confidential data to reside in storage for long periods of time, even after rebooting the system. This is contrary to what most users expect, i.e., that all confidential data vanishes with process termination. If the integrity of the system is compromised, an untrusted party may gain access to the confidential data that has been swapped out and retained in storage.

"Accordingly, it would be desirable to provide methods and systems for designating and handling confidential data."

Supplementing the background information on this patent, VerticalNews reporters also obtained the inventors' summary information for this patent: "In accordance with one embodiment of the invention, a method of protecting confidential data is provided. When a request to allocate space in a virtual memory for confidential data is received, a portion of the virtual memory is marked as confidential. It is determined if a portion of a physical memory has been assigned for the confidential portion of the virtual memory. The portion of the physical memory that has been assigned for the confidential portion of the virtual memory is then marked as having confidential data.

"In accordance with another embodiment of the invention, a method of protecting data allocated to a confidential area of virtual memory that is stored in physical memory is provided. When contents of the physical memory are being written to another location, contents of the physical memory that correspond to data allocated to the confidential area of the virtual memory are identified. The identified contents of the physical memory are then protected.

"Additional embodiments of the present invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed."

For the URL and additional information on this patent, see: Van Riel, Henri Han; Cox, Alan. Method and System for Designating and Handling Confidential Memory Allocations. U.S. Patent Number 8631250, filed March 28, 2012, and published online on January 14, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=14&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=682&f=G&l=50&co1=AND&d=PTXT&s1=20140114.PD.&OS=ISD/20140114&RS=ISD/20140114

Keywords for this news article include: Red Hat Inc.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Computer Weekly News


Story Tools