Patents by Inventor Alessandro Angelino
Alessandro Angelino has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11210393Abstract: A technology for mutually isolating accessors of a shared electronic device from leakage of context data after a context switch comprises: on making the shared electronic device available to the plurality of accessors, establishing a portion of storage as an indicator location for the shared electronic device; when a first accessor requests use of the shared electronic device, writing at least one device-reset-required indicator to the indicator location; on switching context to a new context, after context save, when a second accessor requests use of the shared electronic device, resetting context data of the shared electronic device to a known state and reconciling the first device-reset-required indicator and a second device-reset-required indicator for the new context.Type: GrantFiled: April 6, 2017Date of Patent: December 28, 2021Assignee: ARM IP LIMITEDInventors: Milosch Meriac, Alessandro Angelino
-
Patent number: 11194899Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.Type: GrantFiled: May 31, 2016Date of Patent: December 7, 2021Assignee: Arm IP LimitedInventors: Alessandro Angelino, Milosch Meriac
-
Patent number: 11188378Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.Type: GrantFiled: February 26, 2020Date of Patent: November 30, 2021Assignee: ARM IP LIMITEDInventors: Milosch Meriac, Alessandro Angelino
-
Patent number: 10956619Abstract: A device comprising: a processing element; a data store, coupled to the processing element, the data store comprising a non-volatile data store having a trusted region for trusted code and an untrusted region for untrusted code; a security component, coupled to the processing element and the data store, wherein the security component is configured to, in response to one of a power event occurring at the device and receiving a trigger signal, send a first signal to the processing element and the data store, and wherein the processing element is configured to execute trusted code in response to the first signal.Type: GrantFiled: December 2, 2016Date of Patent: March 23, 2021Assignee: ARM LIMITEDInventors: Milosch Meriac, Alessandro Angelino
-
Patent number: 10956577Abstract: An apparatus and methods are provided to defending device against attacks. When it is determined that a device is under attack, a determination is made as to whether a layout of objects within said at least one resource at said device is protecting said device against said attack. The determination is then transferred to a remote server together with a layout of the resource at the device. When it is determined that the layout of objects within the at least one resource at the device is not protecting the device against the attack, then the layout of the at least one resource is changed. Either the remote server or the device may determine whether to change the layout in response to the attack.Type: GrantFiled: August 27, 2018Date of Patent: March 23, 2021Assignee: ARM IP LimitedInventors: Alessandro Angelino, Milosch Meriac, Brendan James Moran
-
Patent number: 10936211Abstract: There is described a method, data processing apparatus and computer program product for initializing storage protection, the storage protection for enforcing access permission for a region of storage configured in a layout of regions according to at least one security constraint, the method comprising: receiving a set of storage requirements; generating a layout whereby the layout comprises a combination of storage regions that accommodate the storage requirements within the at least one security constraint; and configuring the storage protection according to the generated layout, wherein generating a layout comprises: calculating, for each storage requirement, a list of all storage regions that could accommodate the storage requirement within the at least one security constraint; selecting and testing combinations of storage regions until a selected combination accommodates the storage requirements within the at least one security constraint; and providing the accommodated combination of storage regions as aType: GrantFiled: September 7, 2017Date of Patent: March 2, 2021Assignee: ARM IP LTDInventors: Alessandro Angelino, Milosch Meriac, Niklas Lennart Hauser
-
Patent number: 10757100Abstract: A machine implemented method for protecting a target domain and a source domain from unauthorized accesses. The method comprising: identifying an exit call gateway comprising an exit transition instruction and at least one exit access parameter, said exit access parameters restricting exit from said source domain; identifying an entry call gateway corresponding to said exit call gateway, said entry call gateway comprising a transition instruction and at least one entry access parameter, said entry access parameters restricting access to said target domain; determining that said exit access parameters and said entry access parameters are compatible with each other; and performing a context switch from said source domain to said target domain, when said exit access parameters and said entry access parameters are complied with.Type: GrantFiled: July 26, 2017Date of Patent: August 25, 2020Assignee: ARM IP LimitedInventors: Alessandro Angelino, Milosch Meriac
-
Publication number: 20200192699Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.Type: ApplicationFiled: February 26, 2020Publication date: June 18, 2020Inventors: Milosch Meriac, Alessandro Angelino
-
Patent number: 10657086Abstract: A machine implemented method for prioritizing system interrupts in a processing system is provided. The method comprising: determining, at a supervisor module, for each interrupt, a relative interrupt priority in accordance with at least one interrupt parameter for said interrupt; prioritising, at said supervisor module, each said interrupt with respect to other interrupts of said system in compliance with said determined relative interrupt priority; and in response to a change to said at least one interrupt parameter during operation of said system, adjusting said determined relative interrupt priority, and re-prioritising each said interrupt with respect to said other interrupts of said system in compliance with said adjusted relative interrupt priority.Type: GrantFiled: May 26, 2017Date of Patent: May 19, 2020Assignee: ARM IP LIMITEDInventors: Milosch Meriac, Alessandro Angelino
-
Patent number: 10579418Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.Type: GrantFiled: July 18, 2017Date of Patent: March 3, 2020Assignee: ARM IP LIMITEDInventors: Milosch Meriac, Alessandro Angelino
-
Publication number: 20190213038Abstract: A machine implemented method for prioritizing system interrupts in a processing system is provided. The method comprising: determining, at a supervisor module, for each interrupt, a relative interrupt priority in accordance with at least one interrupt parameter for said interrupt; prioritising, at said supervisor module, each said interrupt with respect to other interrupts of said system in compliance with said determined relative interrupt priority; and in response to a change to said at least one interrupt parameter during operation of said system, adjusting said determined relative interrupt priority, and re-prioritising each said interrupt with respect to said other interrupts of said system in compliance with said adjusted relative interrupt priority.Type: ApplicationFiled: May 26, 2017Publication date: July 11, 2019Inventors: Milosch MERIAC, Alessandro ANGELINO
-
Publication number: 20190213329Abstract: A technology for mutually isolating accessors of a shared electronic device from leakage of context data after a context switch comprises: on making the shared electronic device available to the plurality of accessors, establishing a portion of storage as an indicator location for the shared electronic device; when a first accessor requests use of the shared electronic device, writing at least one device-reset-required indicator to the indicator location; on switching context to a new context, after context save, when a second accessor requests use of the shared electronic device, resetting context data of the shared electronic device to a known state and reconciling the first device-reset-required indicator and a second device-reset-required indicator for the new context.Type: ApplicationFiled: April 6, 2017Publication date: July 11, 2019Applicant: Arm IP LimitedInventors: Milosch MERIAC, Alessandro ANGELINO
-
Publication number: 20190073145Abstract: There is described a method, data processing apparatus and computer program product for initializing storage protection, the storage protection for enforcing access permission for a region of storage configured in a layout of regions according to at least one security constraint, the method comprising: receiving a set of storage requirements; generating a layout whereby the layout comprises a combination of storage regions that accommodate the storage requirements within the at least one security constraint; and configuring the storage protection according to the generated layout, wherein generating a layout comprises: calculating, for each storage requirement, a list of all storage regions that could accommodate the storage requirement within the at least one security constraint; selecting and testing combinations of storage regions until a selected combination accommodates the storage requirements within the at least one security constraint; and providing the accommodated combination of storage regions as aType: ApplicationFiled: September 7, 2017Publication date: March 7, 2019Applicant: ARM IP LTDInventors: Alessandro Angelino, Milosch Meriac, Niklas Lennart Hauser
-
Publication number: 20190073481Abstract: An apparatus and methods are provided to defending device against attacks. When it is determined that a device is under attack, a determination is made as to whether a layout of objects within said at least one resource at said device is protecting said device against said attack. The determination is then transferred to a remote server together with a layout of the resource at the device. When it is determined that the layout of objects within the at least one resource at the device is not protecting the device against the attack, then the layout of the at least one resource is changed. Either the remote server or the device may determine whether to change the layout in response to the attack.Type: ApplicationFiled: August 27, 2018Publication date: March 7, 2019Inventors: Alessandro ANGELINO, Milosch MERIAC, Brendan James MORAN
-
Publication number: 20180365449Abstract: A device comprising: a processing element; a data store, coupled to the processing element, the data store comprising a non-volatile data store having a trusted region for trusted code and an untrusted region for untrusted code; a security component, coupled to the processing element and the data store, wherein the security component is configured to, in response to one of a power event occurring at the device and receiving a trigger signal, send a first signal to the processing element and the data store, and wherein the processing element is configured to execute trusted code in response to the first signal.Type: ApplicationFiled: December 2, 2016Publication date: December 20, 2018Applicant: ARM LimitedInventors: Milosch MERIAC, Alessandro Angelino
-
Publication number: 20180218150Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.Type: ApplicationFiled: May 31, 2016Publication date: August 2, 2018Applicant: Arm IP LimitedInventors: Alessandro ANGELINO, Milosch MERIAC
-
Publication number: 20180048648Abstract: A machine implemented method for protecting a target domain and a source domain from unauthorized accesses. The method comprising: identifying an exit call gateway comprising an exit transition instruction and at least one exit access parameter, said exit access parameters restricting exit from said source domain; identifying an entry call gateway corresponding to said exit call gateway, said entry call gateway comprising a transition instruction and at least one entry access parameter, said entry access parameters restricting access to said target domain; determining that said exit access parameters and said entry access parameters are compatible with each other; and performing a context switch from said source domain to said target domain, when said exit access parameters and said entry access parameters are complied with.Type: ApplicationFiled: July 26, 2017Publication date: February 15, 2018Inventors: Alessandro Angelino, Milosch Meriac
-
Publication number: 20180039510Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.Type: ApplicationFiled: July 18, 2017Publication date: February 8, 2018Inventors: Milosch Meriac, Alessandro Angelino