公开(公告)号：US20200081847A1

公开(公告)日：2020-03-12

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

公开(公告)号：US11188477B2

公开(公告)日：2021-11-30

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.