Abstract: A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a multiple memory pages. The memory management unit includes a security check receiving a physical address within a selected memory page, and security attributes of the selected memory page. The security check unit uses the physical address to access one or more security attribute data structures located in the memory to obtain an additional security attribute of the selected memory page. The security check unit generates a fault signal dependent upon the security attributes of selected memory page and the additional security attribute of the selected memory page. The security attributes of the selected memory page may include a user/supervisor (U/S) bit and a read/write (R/W) bit as defined by the ×86 processor architecture. The one or more security attribute data structures may include a security attribute table directory and one or more security attribute tables.

Abstract: A communications system includes physical layer hardware and a processing unit. The physical layer hardware is adapted to communicate data over a communications channel in accordance with a plurality of control codes. The physical layer hardware is adapted to demodulate an incoming analog signal to generate a digital receive signal and modulate a digital transmit signal to generate an analog transmit signal. The processing unit is adapted to execute a privileged driver for interfacing with the physical layer hardware. The privileged driver includes program instructions for implementing a protocol layer to decode the digital receive signal, encode the digital transmit signal, and configure the physical layer hardware for receipt of the digital receive signal and transmission of the digital transmit signal based on the plurality of control codes.

Abstract: A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a plurality of memory pages. The MMU includes a security check unit (SCU) receiving a physical address generated during execution of a current instruction. The physical address resides within a selected memory page. The SCU uses the physical address to access one or more security attribute data structures located in the memory to obtain a security attribute of the selected memory page, compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU accesses the selected memory page dependent upon the output signal. The security attribute of the selected memory page may include a security context identification (SCID) value indicating a security context level of the selected memory page.

Abstract: A method and an apparatus for performing a virtual memory access. A software object is executed. A security level for the software object is established. A secondary table is established. A memory access request based upon the executing of the software object is received. At least one security level that corresponds to a segment in the secondary table is determined. A match between an execution security level and a security level associated with a segment being accessed is verified in response to an execution of the software object. A virtual memory address based upon the secondary table in response to a match between the execution security level and the security level associated with the segment being accessed is determined. A physical memory location corresponding to the virtual memory address is located. A portion of a memory based upon locating the physical memory location is accessed.

Abstract: A method and an apparatus for performing an I/O device access using targeted security. A software object is executed. A security level for the software object is established. A multi-table input/output (I/O) space access is performed using at least one of the security levels. The function of the object is executed.

Abstract: A method and system for handling a security exception. The method includes creating a security exception stack frame in secure memory at a base address. The method also includes writing a faulting code sequence address and one or more register values into the security exception stack frame, and executing a plurality of security exception instructions.

Abstract: A method and system for performing the method. a method is provided. The method includes executing an insecure routine and receiving a request from the insecure routine. The method also includes performing a first evaluation of the request in hardware, and performing a second evaluation of the request in a secure routine in software. The computer system includes a processor configurable to execute a secure routine and an insecure routine. The computer system also includes hardware coupled to perform a first evaluation of a request associated with the insecure routine. The hardware is further configured to provide a notification of the request to the secure routine. The secure routine is configured to perform a second evaluation of the request. The secure routine is further configured to deny a requested response to the request.

Abstract: A memory, system, and method for providing security for data stored within a memory and arranged within a plurality of memory regions. The method includes receiving an address within a selected memory region and using the address to access an encryption indicator. The encryption indicator indicates whether data stored in the selected memory page are encrypted. The method also includes receiving a block of data from the selected memory region and the encryption indicator and decrypting the block of data dependent upon the encryption indicator.

Abstract: A method and apparatus for controlling access to segments of memory having security data stored therein is provided. A security check unit maintains information for a plurality of segments of memory regarding whether each of these plurality of segments has secure data stored therein. A hint directory maintains information regarding whether any of a plurality of these segments has secure data stored therein. The hint directory is capable of bypassing the security check unit when it receives an address that falls within a plurality of the segments that have been indicated as being free from secure data. When the hint directory determines that a received address falls within one of a plurality of segments that contain secure data, then the address is passed to the security check unit for a closer examination.

Abstract: A system. apparatus and method for providing access security for a subject device. The apparatus includes a security check unit (SCU) configured to be coupled to a transmission medium. The SCU is configured to monitor signals on the transmission medium and to detect an attempt by a first device coupled to the transmission medium to access a second device coupled to the transmission medium based upon the signals. The SCU is also configured to determine an identity of the first device based upon the signals and to control access to the second device by the first device dependent upon the identity of the first device. The method includes monitoring signals and detecting an attempt by an additional device to access the subject device based upon the signals. The method also includes using the signals to determine an identity of the additional device and controlling access to the subject device dependent upon the identity of the additional device.

Abstract: A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a plurality of memory pages. The MMU includes a security check unit (SCU) receiving a linear generated during execution of a current instruction. The linear address has a corresponding physical address residing within a selected memory page. The SCU uses the linear address to access one or more security attribute data structures located in the memory to obtain a security attribute of the selected memory page. The SCU compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU accesses the selected memory page dependent upon the output signal. The security attribute of the selected memory page may include a security context identification (SCID) value indicating a security context level of the selected memory page.

Abstract: A communications system includes physical layer hardware and a processing unit. The physical layer hardware is adapted to communicate data over a communications channel in accordance with a plurality of control codes. The physical layer hardware is adapted to demodulate an incoming analog signal to generate a digital receive signal and modulate a digital transmit signal to generate an analog transmit signal. The processing unit is adapted to execute a privileged driver for interfacing with the physical layer hardware. The privileged driver includes program instructions for implementing a protocol layer to decode the digital receive signal, encode the digital transmit signal, and configure the physical layer hardware for receipt of the digital receive signal and transmission of the digital transmit signal based on the plurality of control codes.

Abstract: A computer system includes a peripheral device and a processing unit. The processing unit is adapted to execute a driver for interfacing with the peripheral device in a standard mode of operation and an authentication agent in a privileged mode of operation, wherein the authentication agent includes program instructions adapted to authenticate the driver. The peripheral device may comprise a communications device, such as a software modem. A method for identifying security violations in a computer system includes executing a driver in a standard processing mode of a processing unit; transitioning the processing unit into a privileged processing mode; and authenticating the driver in the privileged processing mode. The driver may be adapted for interfacing with a communications peripheral device, such as a software modem.

Abstract: A computer system includes a peripheral device and a processor complex coupled to the peripheral device. The processor complex is adapted to load a secure driver including program instructions for interfacing with the peripheral device. A method for protecting a software driver includes storing a secure driver in a computer system. The secure driver includes program instructions for interfacing with a peripheral device. The method further includes loading the secure driver; and interfacing with the peripheral device using the secure driver. The peripheral device may be a communications device, such as a software modem.

Abstract: A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel in accordance with assigned transmission parameters. The physical layer hardware unit is adapted to receive an incoming signal over the communications channel and sample the incoming signal to generate a digital received signal. The processing unit is adapted to execute a standard mode driver in a standard mode of operation and a privileged mode driver in a privileged mode of operation. The standard mode driver includes program instructions adapted to extract encrypted data from the digital received signal and pass the encrypted data to the privileged mode driver. The privileged mode driver includes program instructions adapted to decrypt the encrypted data to generate decrypted data including control codes and transfer the control codes to the physical layer hardware unit.

Abstract: A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel in accordance with assigned transmission parameters. The physical layer hardware unit is adapted to receive an incoming signal over the communications channel and sample the incoming signal to generate a digital received signal. The processing unit is adapted to execute a standard mode driver in a standard mode of operation and a privileged mode driver in a privileged mode of operation. The standard mode driver includes program instructions adapted to extract control codes from the digital received signal and configure the physical layer hardware assigned transmission parameters based on the control codes.

Abstract: A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel. The physical layer hardware unit is adapted to receive unencrypted control codes and encrypted user data over the communications channel and transmit an upstream data signal over the communications channel based on the control codes. The processing unit is adapted to execute a software driver for interfacing with the physical layer hardware unit. The software driver includes program instructions for implementing a protocol layer to decrypt the user data and provide the upstream data to the physical layer hardware unit. A method for configuring a transceiver includes receiving unencrypted control codes over a communications channel; receiving encrypted user data over the communications channel; and transmitting an upstream signal over the communications channel based on transmission assignments defined by the control codes.

Abstract: The present invention provides a method and apparatus for securing portions of a memory. The method includes identifying information for protection and indicating at least one physical address of a memory that houses the information as at least one of read and write disabled. The method includes receiving a request from a program to access the information. The method further includes accessing the information in response to determining that the program has the authority to access the information. The apparatus includes a memory comprising a privileged code. The privileged code is capable of receiving a request to protect selected information and indicating at least one physical address of a memory housing the information as at least one of read and write disabled. The privileged code is capable of receiving a request from a program to access the information.

Abstract: An interrupt descriptor cache for a microprocessor is provided which is configured to store interrupt information associated with a plurality of interrupt vectors. Prior to fetching interrupt information from a main memory of a computer system, the microprocessor searches the interrupt descriptor cache. If the interrupt information is stored therein, the address of the interrupt service routine is formed from the stored interrupt information instead of fetching the interrupt information from main memory. The interrupt descriptor cache is additionally configured to monitory memory accesses for updates to the interrupt information stored therein. If a memory location storing interrupt information is updated, then the interrupt descriptor cache invalidates any storage locations which may be storing the information.

Abstract: A microprocessor including a context save unit is provided. The context save unit is configured to periodically perform context saves. When the microprocessor receives an interrupt signal, the microprocessor enters the interrupt service routine without performing a context save. After completing execution of the interrupt service routine, the microprocessor restores the most recently saved context and begins executing the task at that saved context. The interrupt service routine is entered rapidly but the interrupt service routine does not include instructions for saving the registers which it utilizes to perform its function. The context save unit is configured to perform a context save at the occurrence of a variety of events. A fixed or variable time interval may be selected, and each interval includes several options.