Embodiments of the present invention provide an apparatus and method for securing information in a cache. More particularly, embodiments of the present invention provide an apparatus and method for securing information in a processor cache from unauthorized accesses. once the information has been loaded into the cache.
It is sometimes necessary to prevent unauthorized users from determining the contents of information stored in a computer system. For example, a computer may contain proprietary data or software. It is desirable to prevent a user from making unauthorized copies or determining the contents of such information. This concern is especially relevant where the user has physical control of the computer and/or is able to determine the program being executed by the processor.
Information in the memory of a computer system may be protected by using techniques such as encrypting the information. There are many familiar encryption algorithms. It is not practical, however, to use encryption to protect information that is stored in a cache memory. The advantage of a cache memory is that the information can be more quickly retrieved and used by the processor. Because the encrypted information would have to be un-encrypted before it is used by the processor, encrypting the information in the cache would slow down the processor and undermine the fast access benefits of the cache.
If left unencrypted, the contents of information stored in a cache may be determined by an unauthorized user. For example, a user may instruct the processor to read the information in question from the cache memory and write the information to an input/output device or other location where the user can determine the contents of the information. An unauthorized user might directly send a read command to the processor that is associated with the cache or another processor in the system may access the cache via a xe2x80x9csnoopxe2x80x9d operation. A xe2x80x9csnoopxe2x80x9d operation can occur when a processor fails to find a line in its own cache and sends the inquiry on the system bus to the main memory. In response to this inquiry, other processors must look in their own cache and, if the line is found in the other processor""s cache, the line must be returned from that cache rather than from memory. In this case,the processor is said to have performed a xe2x80x9csnoopxe2x80x9d operation.
In addition, an unauthorized user could determine the contents of the information by doing a test port read or by executing the program in single-step mode and recording the contents of the program registers. Further, if the information in question was evicted from the cache, and thus copied back into the main memory, a user could determine the contents of the unencrypted information by using, for example, an oscilloscope. Finally, if the integrated circuit chip on which the cache resides has scan chain access, the unauthorized user could learn the contents of the protected information by reading the scan chain.
Based on the foregoing, there is a need for a method that secures the information in the cache so that unauthorized users will not be able to determine the contents of the information.
Embodiments of the present invention provide a method and apparatus for securing information in a cache that is coupled to a processor. The information is secured by recording the location in the cache of information that is being secured, and performing a cache avoidance procedure instead of allowing the instruction to access the area of the cache containing the information being secured.