Patents /

Systems and methods for policy execution processing

Inventors

Milburn, Steve E.Boling, EliDeHon, AndreSutherland, Andrew B.Sullivan, Gregory T.

Interested in licensing this patent?

MTEC can help explore whether this patent might be available for licensing for your application.

Assignees

Charles Stark Draper Laboratory Inc

Member
Draper
Draper

Draper is an independent nonprofit engineering innovation company with a legacy spanning over 90 years, dedicated to delivering transformative solutions for national security, prosperity, and global challenges. Renowned for its pioneering work in guidance, navigation, and control (GN&C) systems, Draper partners with government, industry, and academia to engineer advanced technologies in space, defense, biotechnology, and electronic systems. The company leverages multidisciplinary expertise, digital engineering, and a collaborative approach to provide field-ready prototypes, mission-critical systems, and innovative research. Draper’s mission is to ensure the nation's security and prosperity by delivering sustainable, cutting-edge solutions that address the toughest problems of today and tomorrow, while fostering an inclusive and diverse workforce. Draper also invests in the next generation of innovators through robust educational programs, including internships, co-ops, and the Draper Scholars Program, integrating academic research with real-world problem-solving.

Publication Number

US-12159143-B2

Patent

Publication Date

2024-12-03

Expiration Date

Abstract

A system and method of processing instructions may comprise an application processing domain (APD) and a metadata processing domain (MTD). The APD may comprise an application processor executing instructions and providing related information to the MTD. The MTD may comprise a tag processing unit (TPU) having a cache of policy-based rules enforced by the MTD. The TPU may determine, based on policies being enforced and metadata tags and operands associated with the instructions, that the instructions are allowed to execute (i.e., are valid). The TPU may write, if the instructions are valid, the metadata tags to a queue. The queue may (i) receive operation output information from the application processing domain, (ii) receive, from the TPU, the metadata tags, (iii) output, responsive to receiving the metadata tags, resulting information indicative of the operation output information and the metadata tags; and (iv) permit the resulting information to be written to memory.

Core Innovation

A system and method of processing instructions comprises an application processing domain (APD) and a metadata processing domain (MTD), wherein the APD comprises an application processor executing instructions and providing related information to the MTD, and the MTD comprises a tag processing unit (TPU) having a cache of policy-based rules enforced by the MTD. The TPU determines, based on policies being enforced and metadata tags and operands associated with the instructions, that the instructions are allowed to execute, and the TPU writes, if the instructions are valid, the metadata tags to a queue that receives operation output information from the application processing domain, receives the metadata tags from the TPU, outputs resulting information indicative of the operation output information and the metadata tags, and permits the resulting information to be written to memory.

The disclosure addresses enforcement of security policies by separating instruction execution and metadata/policy handling between two domains, where the host processor executes instructions but is, in most circumstances, not allowed to access the metadata tags or the security policies, and a policy execution processor in the metadata processing domain accesses the metadata tags and the security policies to determine compliance. This separation, together with the MTIQ buffering and a shadow register that stores a shadow copy of the host processing domain as of a most-recently-allowed instruction, enables validating instructions before permitting external effects and unwinding to a trusted state if a policy violation is detected.

Claims Coverage

One independent claim is identified. The main inventive features extracted from the independent claim are listed below.

Host processing domain instruction handling

In a host processing domain, by a host processor: receiving at least one instruction comprising (i) operand information relating to one or more operands, and (ii) operation information indicative of an operation to be performed on the one or more operands; executing the operation indicated in the operation information on the one or more operands to generate operation output information; and providing, to a metadata processing domain, instruction information and the operation output information.

Tag processing unit tag acquisition and rule-based action

By a tag processing unit: receiving, from the host processing domain, the instruction information and the operation output information; using the instruction information to obtain one or more input metadata tags associated with the at least one instruction; only upon satisfaction of a rule associated with the one or more input metadata tags, generating a shadow copy of a current state of the host processor and store the shadow copy of the current state of the host processor in a shadow register; and when the rule associated with the one or more input metadata tags has not been satisfied, unwinding the host processor according to a previous state that was stored in the shadow register.

Metadata processing domain queueing of operation output

In the metadata processing domain, by a write interlock: receiving, from the host processing domain, the operation output information; and placing the operation output information into a queue; and responsive to a determination that the instruction is allowed, causing the queue of the write interlock to write to memory the operation output information in a manner that associates the operation output information with at least one output metadata tag.

The independent claim centers on (1) host-domain instruction execution and provision of instruction and output information to a metadata domain, (2) TPU-based retrieval of input metadata tags and rule-based generation of a shadow copy or unwind, and (3) a metadata-domain write interlock queue that associates operation output information with output metadata tags when instructions are allowed.

Stated Advantages

Provides significant advantages to computer processor security and efficiency.

Enables the AP and the PIPE to process instructions independently, yielding significant increases in processing speed.

Separation of tasks prevents the host processor from accessing or modifying metadata tags and security policies, avoiding circumvention of security policies.

Maintains a shadow copy of the host state and enables unwinding to the trusted shadow state if a policy violation is detected, preventing non-validated data from being written to components external to the computing system.

Documented Applications

Enforce security policies to prevent a computer processor from compromising sensitive information.

Use of a policy execution processor to execute a secure boot operation including authenticating and decrypting a boot image using public keys stored in boot ROM.

Provide a buffered interface (MTIQ) between an application processing domain and a metadata processing domain to hold outputs until validation, enabling decoupled processing and increased throughput.

Support metadata processing and policy enforcement for application processors implemented according to different instruction set architectures.

Maintain a shadow register to store a shadow copy of the host processing domain as of a most-recently-allowed instruction and communicate rollback signals to restore a previous state when instructions are not allowed.

JOIN OUR MAILING LIST

Stay Connected with MTEC

Keep up with active and upcoming solicitations, MTEC news and other valuable information.