Intel Corporation
PROCESS OBJECT RE-KEYING DURING PROCESS CREATION IN CRYPTOGRAPHIC COMPUTING

Abstract:

A method comprises detecting execution of a fork( ) operation in a cryptographic computing system that generates a parent process and a child process, assigning a parent kernel data structure to the parent process and a child kernel data structure to the child process, detecting, in the child process, a write operation comprising write data and a cryptographic target address, and in response to the write operation blocking access to a corresponding page in the parent process, allocating a new physical page in memory for the child process, encrypting the write data with a cryptographic key unique to the child process, and filling the new physical page in memory with magic marker data.