DE112013004841T5 - Safe environment for graphics processing units - Google Patents

5 stars based on 38 reviews

Fur binare grafikplattformen some embodiments, a protected execution environment can be defined for a graphics processing unit. This framework protects the workloads not only from malware running on the graphics processing unit, but also protects these workloads also from malware running on the central processing unit.

Furthermore, the trusted framework can simplify the detection fur binare grafikplattformen a secure execution by measuring the code and data structures which are used to execute the workload. If a part of the secured computer based on this framework or the protected execution environment is in danger, in some embodiments, this part can be corrected by the error correction of far and can be remotely detected by a confirmation.

Dies betrifft generell Verarbeitungsgrafiken, die manchmal als Grafikprozessoren oder Grafikverarbeitungseinheiten bezeichnet werden. This generally relates to processing graphics, which are sometimes referred to as GPUs or graphics processing units. Processing graphics are exposed workloads increasingly that require a certain level of security. Sicherheitssensitive Arbeitslasten der Verarbeitungsgrafiken beruhen darauf, dass das Betriebssystem die erforderliche Sicherheit bietet. Security sensitive workloads processing graphics based on the fact that the operating system provides the required security.

However, the growing number of malware attacks suggests that these solutions for a number of workloads do not meet the safety requirements. Examples of workloads, the trusted computing frameworks may require for graphics processing units include bank transactions in which a browser unloads a part of a transaction to a graphics engine antivirus engine, in which part of pattern matching is offloaded fur binare grafikplattformen the graphics engine, and medical imaging.

Furthermore, many do not need security-sensitive workloads additional fur binare grafikplattformen such. For example, the computer-aided design and graphics and other workloads where an unhindered execution in the presence of malware is required.

Des Weiteren werden sicherheitssensitive Arbeitslasten aufgrund von Energie- Effizienz- und Leistungsverbesserungen, die von Grafikprozessoren erreicht werden, auf Verarbeitungsgrafiken abladen.

In addition to security-sensitive workloads due to energy, efficiency and performance improvements that are achieved by graphics processors offload processing on graphics. Examples may cryptographic functions, pattern matching primitives and face recognition algorithms as well as certain workloads for mining, oil refineries, financial calculations and other calculations concern include the money.

Security sensitive workloads fur binare grafikplattformen make a trusted framework for processing graphics required, whereby not only the accuracy in the execution of the workload is enforced, but also strictly controlling access is enabled on the graphic assets for authorized entities.

Kurzbeschreibung der Zeichnungen Brief Description of Drawings. Some embodiments are described with reference to the following figures: Detaillierte Beschreibung Detailed fur binare grafikplattformen.

In some embodiments, a protected execution environment can be defined for processing graphics. In substantially the same manner as in non-security-sensitive workloads the protected graphics module by means of special CPU instructions is created by a software running on the central processing unit central processing unit - CPU is running.

However, the protected graphics module can be performed, in some embodiments only on the graphics processing unit. It may have the ability to explain the correctness of execution against fur binare grafikplattformen parties. In one embodiment, the module is based on the infrastructure of secure enclaves to provide this explanation. In secure enclaves protected execution environment is made within an application.

Ein Betriebssystem stellt eine Enklave unter Verwendung eines Satzes von privilegierten Anweisungen her. An operating system provides an enclave ago using a set of privileged instructions. Sobald die Enklave herstellt ist, kann die Anwendung unter Verwendung eines Satzes nichtprivilegierter Anweisungen in die Enklave eintreten und diese verlassen. Once the enclave is prepared, the application using a set can enter non-privileged instructions in the enclave and exit.

The hardware ensures that only the enclave that possesses fur binare grafikplattformen pages can access memory pages belonging to the enclave page cache and also ensures that a privileged malware can not redirect unexpectedly memory accesses from an enclave. A software running within the enclave can prove by means of the operating system via a hardware-based confirmation that the enclave has been made correctly.

This portion of memory may be managed by the operating system graphics drivers using a set of privileged CPU instructions. It can be accessible for any of these for the purpose of reading or writing or performing. Die Module the modules 12 12 befinden sich innerhalb des Grafik-Seiten-Caches located within the graphics page caches 18 Ein gemeinsam genutzter virtueller Speicher A shared virtual memory 36 36 kann von der zentralen Verarbeitungseinheit may be from the central processing unit 24 24 und der Verarbeitungsgrafik and the processing of graphics 26 26 gemeinsam genutzt werden.

Ein gemeinsam genutzter Systemspeicher A shared system memory 38 fur binare grafikplattformen kann den Enklave-Seiten-Cache can the enclave page cache 16 16 und den Grafik-Seiten-Cache and the graphics page cache 18 18 aufnehmen. This application is typically a ring-three-application that is made in a separate process in operation. Die Anwendung erstellt eine Enklave The application creates an enclave 32 32 und den Enklave-Seiten-Cache and the enclave page cache 16 Dies ist in This is in 2 2 durch die Pfeile 1 und 2 angezeigt.

Das Aktivieren der Module fur binare grafikplattformen wie folgt. The activation of the modules is as follows. Dies ist in This is in 2 2 durch den Pfeil 3 angezeigt. Ring zero accepts the metadata, and manages the machine fur binare grafikplattformen diagram in accordance with the metadata arrow 4.

The microcode measures the module at the time of execution by the enclave and provides a cryptographically signed measured value to the enclave. Die Enklave weist den Messwert des Moduls und den Messwert der Enklave auf, und die kombinierten Daten werden zur Bescheinigung unter Verwendung des Enklave-Bescheinigungsprotokolls verwendet.

The enclave includes the measured value of the module and the measured value of the enclave, and the combined data is used for the certificate fur binare grafikplattformen the enclave certification protocol. In a further embodiment, the module has an arbitrarily chosen format and understood only by a loader within the enclave.

The Enclave uses a public key cryptography to verify the source of the module blobs. The fact that the enclave publicly performs verification is attested implicitly by the measurement of the enclave. In software and firmware embodiments it may be implemented by performed by a computer instructions on one or more non-transitory computer-readable media such.

When the system is started and both the central processing unit and the protected graphics are configured with a protected enclave page cache. Dann nimmt in Block Then takes in block 42 42 die zentrale Verarbeitungseinheit eine Enklave auf Anforderung einer Anwendung in Betrieb.

The Enclave can be protected by the hardware in the processor before each untrusted CPU or graphics-only code. Die Arbeitslast kann entscheiden, ihre Ergebnisse zu der Anzeigemaschine zu senden. The workload may decide to send their results to the display machine. The scheduler, which schedules the protected graphics mode module can be trusted by the protected graphics module, and it can enjoy the same protection as the protected graphics module, or it can not read and write the protected graphics module, but it plans a like a black box.

The scheduler can be a software or a hardware scheduler scheduler or a combination of both. The enclaves infrastructure may be an embodiment for a trusted creation or execution of protected graphics modules. The protected graphics modules can also be created in a trusted cloud environment and then run on a client. Although fur binare grafikplattformen the foregoing discussion, a graphics device has been highlighted, but may be any device in other embodiments having computer capabilities that can be used as a device for unloading of calculations or to secure, to use the principles described herein.

The modules can be provided with secret information after the module distribution to customers. Die Plattform The platform kann einen Inhalt aus einer Inhaltsvorrichtung, wie z. Jede dieser Komponenten wird nachstehend noch genauer beschrieben. Each of these components is described in more detail below.

Zum Beispiel kann der Chipsatz For example, the chipset einen nicht gezeigten Fur binare grafikplattformen aufweisen, der in der Lage ist, eine Wechselkommunikation mit der Speichereinrichtung having a storage device adapter not shown which fur binare grafikplattformen able to exchange communication with the memory device zu bieten.

Dual core processor sdual-core mobile processor s and so forth. Das Grafiksubsystem The graphics subsystem kann eine Verarbeitung von Bildern, wie z. Perform as still images or video for display.

Das Grafiksubsystem The graphics subsystem kann zum Beispiel eine Grafikverarbeitungseinheit graphics processing unit — GPU oder eine visuelle Verarbeitungseinheit visual processing unit — VPU sein.

Eine analoge oder digitale Schnittstelle kann verwendet werden, um das Grafiksubsystem An fur binare grafikplattformen or digital interface can be used to the graphics subsystem und die Anzeige and the display kommunikativ zu koppeln. Das Grafiksubsystem The graphics subsystem kann in fur binare grafikplattformen Prozessor may in the processor oder Fur binare grafikplattformen or chipset integriert sein.

In another embodiment, the functions may be implemented in a consumer electronics device. Fur binare grafikplattformen Funkvorrichtung Fur binare grafikplattformen radio device kann eine oder mehrere Funkvorrichtungen aufweisen, fur binare grafikplattformen in der Lage sind, Signale unter Anwendung verschiedener geeigneter Drahtloskommunikationstechniken zu senden und zu empfangen. Such techniques may involve communications over one or more wireless networks. Die Anzeige the display kann digital oder analog sein.

For example, such projections may a visual transition for an application of a mobile augmented reality mobile augmented reality - MAR to be. Unter der Steuerung einer oder mehrerer Software-Anwendungen Under the control of one or more software applications kann die Plattform the platform can eine Benutzerschnittstelle a user interface auf fur binare grafikplattformen Anzeige on display anzeigen.

Examples of content may include media information, including, for example, video, music, medical and gaming information, and so on. Examples of content providers may include any cable or Satellitenfernseh- or -radio- fur binare grafikplattformen Internet content provider.

The examples set forth fur binare grafikplattformen not intended to limit embodiments of the invention. Viele Systeme, wie z. As graphical user interfaces graphical user interfaces - GUIand televisions and monitors allow a user to input data using physical gestures to fur binare grafikplattformen and deliver at the computer or TV.

Are repeated by movements of a pointer, cursor, focus ring, or fur binare grafikplattformen visual indicator, which are displayed on the display. However, the embodiments are not limited to the elements or in the context shown and described. The driver may include a graphics driver for integrated graphics platforms. In embodiments of the graphics driver, a peripheral component interconnect Peripheral Component Interconnect - Fur binare grafikplattformen comprise Express graphics card.

Components shown to be integrated. These examples are not intended to limit the invention. In an example of shared media may be portions of a wireless spectrum, such. As the RF spectrum and so on, act. Examples of wired communications media may include a wire, cable, metal leads, printed circuit board Printed Circuit Board - PCBbackplane, switch fabric, semiconductor material, a twisted-pair wire, coaxial cable, glass fibers and so forth. The information may include media information and control information.

The media fur binare grafikplattformen may relate to fur binare grafikplattformen representing a specific content for a user. Examples of a content, for example, data from a voice conversation, videoconference, a streaming video, electronic mail - "E-mail -" message, a voice mail message, alphanumeric symbols, graphics, image, video, text and so forth.

Data from a conversation, for example, speech information, the speech pauses, background noise, comfort noise, tones and so forth.

Control information may refer to data representing commands, instructions or control words which are destined for an automated fur binare grafikplattformen. For example, control information may be used to route media information fur binare grafikplattformen a system, or to a node should be instructed to process the media information in a predetermined manner.

Wie oben beschrieben worden ist, kann das System As described above, the system can in verschiedenen physikalischen Formen oder Formfaktoren ausgebildet sein.

Forex trading co tv signals

  • Binary options bannersnack binary options signals groupon

    Interactive brokers market share options premarket

  • Forex binary options us brokers oanda how to create winning!

    Opcje binarne bez depozytu 2016

How does electronic stock trading work

  • The first binary options brokers 2015

    Company car optional extras

  • Opint trading by brokerage

    Busted binary brain reviews we dont trust!

  • Trading the frustrating eurusd range using binary options bullish university

    Set option selected javascript

Day option spread trading spreadsheet

26 comments What is an act option contract

How to win in binary option xls

That typeform doesn't exist. Why not make your own? The typeform you're trying to view doesn't exist. Typeform uses cookies to make your experience better. The versatile data collection tool for professionals.

A friendly experience that invites more answers. Get to know your audience, one person at a time. How you ask is everything. Sign up free See examples. Get better data Beautiful. How often do you post? Get conversational Your personality. Get inspired By someone like you See how he builds an audience.

See how it simplifies her workflow. See how she gets feedback. Christina listens to customers. See it in action. Beauty and utility in a box Forms. See how he builds an audience. Wing is taking on big telecom We wanted our sign-up to be an experience for our customer, not just another boring form. Providing services for the deaf and hearing impaired Typeform is a lifesaver. I use it for subcontractors, clients, student enrollments, and even quizzes and final exams.

Something for every stage of the customer journey Contact Form. Perfect for big agencies or one—person marketing teams Lead Generation. The all-purpose tool for founders and entrepreneurs Event Registration. Listen to customers and close the feedback loop Net Promoter Score. Check out other roles. Do much more with PRO features. Works great on every device