Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020071976 - METHOD AND COMPUTER OPERATING SYSTEM FOR IMPEDING SIDE CHANNEL ATTACKS

Publication Number WO/2020/071976
Publication Date 09.04.2020
International Application No. PCT/SE2018/051027
International Filing Date 05.10.2018
IPC
G06F 21/53 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 9/455 2018.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 21/55 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
G06F 21/75 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
75by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
H04L 9/00 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/556
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
556involving covert channels, i.e. data leakage between processes
G06F 21/75
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
75by inhibiting the analysis of circuitry or operation
G06F 2207/7219
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2207Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
72Indexing scheme relating to groups G06F7/72 - G06F7/729
7219Countermeasures against side channel or fault attacks
H04L 63/10
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
H04L 9/005
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
002Countermeasures against attacks on cryptographic mechanisms
005for timing attacks
Applicants
  • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) [SE]/[SE]
Inventors
  • OLROG, Christian
Agents
  • SJÖBERG, Mats
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND COMPUTER OPERATING SYSTEM FOR IMPEDING SIDE CHANNEL ATTACKS
(FR) PROCÉDÉ ET SYSTÈME D'EXPLOITATION INFORMATIQUE POUR EMPÊCHER DES ATTAQUES PAR CANAL AUXILIAIRE
Abstract
(EN)
A method and a computer operating system (302) for impeding a side channel attack by a software component (304) which is controlled by the computer operating system when running in a computer (300). When detecting that the software component is potentially capable of executing a side channel attack based on timing of operations in the computer operating system, the computer operating system (302) limits access to timing information of said operations for the software component. Timing information is then provided to the software component according to said limited access to timing information.
(FR)
L'invention concerne un procédé et un système d'exploitation informatique (302) pouvant empêcher une attaque par canal auxiliaire par un composant logiciel (304) qui est contrôlé par le système d'exploitation informatique lorsqu'il est exécuté dans un ordinateur (300). Lorsque le système d'exploitation informatique (302) détecte une aptitude potentielle du composant logiciel à porter une attaque par canal auxiliaire sur la base d'une synchronisation d'opérations dans le système d'exploitation informatique, il restreint l'accès du composant logiciel aux informations de synchronisation desdites opérations. Des informations de synchronisation sont ensuite fournies au composant logiciel en fonction de la restriction d'accès aux informations de synchronisation.
Latest bibliographic data on file with the International Bureau