System and Method for secure and low-overhead execution of high privileged operations
Publication Date: 2010-Nov-15
The IP.com Prior Art Database
A method and system for separating user and kernel processing into separate processing units in a computer processing system allowing the secure and low-overhead execution of high privileged operations.
Page 01 of 1
System and Method for secure and low -overhead execution of high privileged operations
Disclosed is a method and system for separating the processing of application or user mode code from the processing of operating system or privileged mode code into separate processing units facilitating the secure and low-overhead execution of high privileged operations.
In typical computer processing environments, the processing of privileged code is performed by the same processors responsible for executing application or user level code. The transition between the two modes is typically performed by processor instructions. For example, a system call is executed by user mode code to transition from user mode to kernel or privileged mode. Alternatively, execution of kernel mode code may be triggered by interrupt processing or exception processing. This mix of user mode instructions and kernel mode instructions may be exploited to cause security breaches. Also since a processor can only support one privilege mode at a time, it is difficult to perform monitoring or managing of high privilege operations while the processor is executing in user mode.
Two separate processing units are used to separate the user mode processing from the high privilege mode processing. These two physically independent units are connected through a dedicated link. One unit, the user unit, always executes in user mode. Another unit, the kernel unit, always executed in privilege mode. The kernel unit executes operating system code including hypervisor code. The...