Embodiments of the present invention relate generally to computer security and processor architecture and, more specifically, to a protected cache in a processor.
Personal computer (PC) platforms are susceptible to various types of attacks that attempt, among other goals, to steal secrets, to illegitimately take control of the platform, illegitimately access protected/private areas of other processes, and to circumvent policy enforcement mechanisms. The increased value of content on the platform encourages sophisticated attacks on software and hardware, especially if the content falls under the “break once, run everywhere” (BORE) threat model.
Some viruses/malware can use holes in the operating system (OS) (sometimes even combined with physical tampering with the platform firmware to insert malicious code) to try to access private data of other applications by bypassing the virtual address separation and address translation mappings enforced by the OS. Particularly dangerous are malicious applications that exploit security holes and access the memory space of other applications. Recent examples are Blue Pill, Vitriol and SubVirt. Enhanced protection against existing and potential attacks on the platform is an emerging requirement.