DETAILED ACTION
This Final Office Action is in response to amendment filed on 11/01/2021.
Amended claims 1, 10-11, 20-21 filed on 11/01/2021 are being considered on the merits. Claims 3-4, 13-14 and 23-24 were previously cancelled. Claims 1-2, 5-12, 15-22 and 25-26 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 05/26/2021 are accepted.

Response to Amendment 
The amendment filed 11/01/2021 has been entered. 
Applicant’s amendments to the Specification has overcome the objection previously set forth in the Non-Final Office Action mailed on 08/04/2021.
Applicant’s claims amendments overcome the claims objections previously set forth in the Non-Final Office Action mailed on 08/04/2021.
Interpretation under USC 112(f) previously set forth in the Non-Final Office Action mailed on 08/04/2021 is maintained.


Response to Arguments 
Applicant's arguments filed 11/01/2021 have been fully considered but they are not persuasive.
Applicant stated “It is respectfully submitted that the rejected claims are patentable over the art of record based on at least the third criterion of obviousness: none of the references alone or in combination teach, suggest, or disclose each claim limitation of the independent claims…The Office Action relies on Kaplan as allegedly disclosing these limitations. However, the cited portions of Kaplan do not describe aborting a memory allocation related system call responsive to a determination that a code page includes an instruction capable of changing a memory protection flag, and instead disclose generating and validating "signatures" based on code in a code page and aborting modification of an attribute (which appears to be relied upon by the Office Action as teaching the recited "memory protection flag") based on the signature validation. That is, the cited portion of Kaplan describes validating a signature associated with code in a code page, not "that the code page includes an instruction capable of changing a memory protection flag" as claim 1 recites, and aborting modification of an attribute associated with the code page, not "causing [a] memory allocation related system call request to abort" as claim 1 recites. The Office Action's interpretation of the cited portion of Kaplan seems to indicate this interpretation as well, stating that "the modification to the attribute/flag is rejected/aborted" and "Figure 5 illustrates rejecting modification to a page table attribute.”
Kaplan discloses the above argued claimed limitations. Examiner further submits that Kaplan teaches whitelist signatures and generating signatures as an extra/added security feature to validate requests to execute code pages as disclosed in the cited paragraphs of Kaplan, however, the above argued claimed limitation is still disclosed by Kaplan. Particularly, 
after receiving a request/call to write modify memory portion in order to execute a code page of a memory portion, and receiving by a security module, a request/call to enable execution of the code page, as disclosed in [0011, 0016-0017], and determining, by means of hash value signature, whether the code in the code page is valid for execution, as disclosed in [0018],
one of two scenarios may take place as disclosed in [0018]:
1. if the code in the code page is validated, then “modifies the attribute of the entry in the page table 135 to indicate that the code in the corresponding code page 140 is executable”, and accordingly execute the code, where the attribute of the entry in the page table 135, correspond to the protection flag, where the code of the code page is capable of changing/modifying the attribute/flag, i.e. upon code positive validation, the attribute/tag entry in the page table is modified to enable the code to be executed, or
2.  if the code in the code page is not validated, then “if the signatures do not match, the security module 115 rejects the request to modify the attribute of the entry of the page table 135 so that the software stored in the code page 140 is not executable by the processing unit 105.”, where the code of the code page is capable of changing/modifying the attribute/flag, however, since the code is not validated, the attribute/tag is not modified, i.e. reject/abort the request to modify the attribute/tag, and accordingly, the code of the code page is attributed/marked/flagged as not executable and accordingly the request to execute code page is aborted/rejected . In other words, the request/call transmitted to make the code page executable is aborted as explicitly disclosed in [0017], “The processing unit 105 is therefore required to transmit a request to the security module 115 to mark entries associated with the new or modified code pages 140 as executable prior to executing the new or modified code.”, accordingly the request to execute the code page will not take place/aborted.
This is consistent with the description of the instant application in Page 6 line 8-11, Page 7 line 24-25 “A page table 160 may include one or more flags 164, such as a protection key, that limits the ability of users to read data from the shared code page 110.” where the protection key corresponds to a flag/attribute in the page table.
Therefore, based on the above two scenarios, Kaplan discloses code pages with a code, requested to be executed, and in order to be executed its required by the security module to first change/modify the attribute/flag of the page table, hence, capable of changing a memory protection flag/attribute stored in a page table, where if the code, to be executed, fails validation (Scenario 2), then the request fails to change/modify the attribute/flag entry in the page table, as explicitly disclosed by Kaplan, and accordingly request for execution of the code page will fail. Therefore, the combination of Pohlack in view of Lutas and Kaplan disclose all the limitations of the independent claims 1, 11, 21 and 25.

	

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)    the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-
(B)    the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)    the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 
Such claim limitation is: “means for determining…” and “means for selectively rendering unsuccessful a cache line flush” in claim 25.
Structure, i.e. control circuit, and functions of the aforementioned limitation is disclosed in page 6 line 16-25 of the specification of the instant application. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 5-9, 11,15-19, 21 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Pohlack (US 9436603 B1), hereinafter Pohlack in view of Lutas (US 20160210069 A1), hereinafter Lutas, and further in view of Kaplan et. al. (US 20180081830 A1), hereinafter Kaplan.

Regarding claim 1 (currently amended), Pohlack teaches a side-channel attack protection system (Pohlack Col.2 line 36-40 “…systems and methods described herein may be used to detect, prevent, mitigate, and/or curtail timing side-channel attacks in virtualized computing systems and/or in local (single) systems in which physical memory pages are shared between processes, applications, and/or users”, Col. 17 line 50-55 and Figure 7 illustrating the computer system performing the mitigation technique), comprising: 
control circuitry (Pohlack Col 2, lines 60 to Col 3, line 12, teaches the security component or an interrupt handler inspects the program… take action to mitigate or curtail the attack. In Col 5, line 66 to Col 6, line 37, it discusses the functions “an executing program (e.g., a security component …”, where the processor that’s executing the security component is construed as the control circuit);  
(Pohlack illustrates in Figure 7 system memory 720 corresponding to memory circuitry coupled to the processor executing the security component); 
a storage device that includes instructions (Pohlack illustrates in Figure 7 a program instructions 725 that includes instructions corresponding to memory circuity), 
when executed by the control circuitry, cause the control circuitry to: selectively render unsuccessful a cache line flush (CLFLUSH) instruction on one or more shared code pages by performing operations (Pohlack Col.  2 line 41-49 “performance monitors (e.g., hardware performance counters or other performance monitoring mechanisms) to detect the execution of cache line flush type instructions (such as the CLFLUSH instruction of the x86 instruction set) in the context of shared physical pages and timing side-channel attacks, and may take action to mitigate or curtail those attacks and/or to prevent subsequent attacks on a target process or application.”, once it is determined of likely attack, action includes replacing the cache line flush type instruction, therefore rendering it unsuccessful, Col. 3 line 10-15 “…the actions taken by the security component may include replacing the cache line flush type instructions of the suspected attacking process or application with trap type instructions…”, Figure 2 (240) and Col. 7 line 49-65 discloses that the system selectively taking action to replace cash flush type (CLFLUSH)  code instruction as disclosed in Col. 3 line 10-15 depending on the determination in Figure 2 (240) and described in detail in Figure 3 (360, 370) and Col. 11 line 1-15, where actions to render cash flush instruction are unsuccessful, where the processor executing the security component to perform the above function is interpreted as the control circuit) comprising: 
determining whether a code page associated with a memory allocation related system call request includes executable code (Pohlack illustrates in Figure 3 (330) determining whether there is a request for an executable instructions of cache line and followed by read instruction, Col. 9 line 5-9 “…if the detected cache line flush type instructions are followed by reads of the same locations (shown as the positive exit from 330)… if it is determined that frequent and/or repeated cache line flush type instructions target the same page in the memory map (shown as the positive exit from 340)”); 
Pohlack discloses in Figure 3 triggering an action (360) in response to an executable code/program instructions (330, 340).
Pohlack does not disclose writable executable code. Emphasis in Italic.
Lutas from analogues field of invention teaches responsive to a determination that [[a]] the code page associated with the memory allocation related system call includes executable code, determining whether the code page is writable; and responsive to a determination that the code page is writeable, causing the memory allocation related system call request to abort (Lutas [0032] “…when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code from a memory page marked as non -executable, processor 12 may intercept the attempt, suspend the current execution, and switch to executing hypervisor 50.”, i.e. in response to executable code attempting to execute/write to/from memory page, cause the system/processor to suspend/abort the execution).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teaching of Lutas to utilize the above features, with the motivation of protecting virtual machines from security threats , as recognized by (Lutas [0032]).
While Pohlack discloses in e.g. Figure 3 the determination of the instruction includes executing code on code page such as flushing the cash line and followed by loading instruction targeting the page of a memory map, however, Pohlack in view of Lutas do not disclose that the instruction includes changing protection key/flag and accordingly abort executing the instructions on code page. Emphasis in Italic. 
Kaplan discloses responsive to a determination that the code page is not writeable, determining whether the code page includes an instruction capable of changing a memory protection flag stored in a page table and associated with a shared code page; and responsive to a determination that the code page includes an instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort (Kaplan discloses [0011] “…the security module 115 include input buffers or registers 116 to receive requests to write or modify portions of the memory 110 and hardware circuitry 117 that is configured to selectively modify portions of the memory 110 in response to the requests”
[0016] “The code pages 140 are stored in unprotected regions of the memory 110 so that the processing unit 105 (or other entities in the processing system 100) can read, write, or modify code that is stored in the code pages 140.”
[0017] “The processing unit 105 is therefore required to transmit a request to the security module 115 to mark entries associated with the new or modified code pages 140 as executable prior to executing the new or modified code.”
[0018] “The security module 115 can implement code signing to verify whether code stored in the code pages 140 is valid prior to marking entries associated with the code pages 140 as executable…the security module 115 validate the code stored in the code pages 140 against known-good code pages. For example, a white list 145 can be stored in the protected region 120. The white list 145 includes signatures such as hashed values generated based on known-good code…the security module 115 generates a signature based on the new or modified code stored in the corresponding code pages 140. The security module 115 then accesses a signature of the known-good code from the white list 145 and compares it to the generated signature. The security module 115 validates the code if the signatures match and then modifies the attribute of the entry in the page table 135 to indicate that the code in the corresponding code page 140 is executable. However, if the signatures do not match, the security module 115 rejects the request to modify the attribute of the entry of the page table 135 so that the software stored in the code page 140 is not executable by the processing unit 105.”, where the instructions/software, through the processor, in a code page requires to change the attribute/flag of the corresponding page table in order for the corresponding code page to be executed, if this is the case, and the signature verification is not validated/matched, then the modification to the attribute/flag is rejected/aborted, and in turn, the code page is not executed. Figure 5 illustrates rejecting modification to a page table attribute).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas to incorporate the teaching of Kaplan to utilize the above feature, with the motivation of facilitating security criteria to prevent requests to modify page tables, which improve security against attacks, as recognized by (Kaplan [0001, 0008]).
The combination of Pohlack in view of Lutas and Kaplan discloses the determination of executable code, whether the code page is writable, and determination of instructions capable of change memory protection flag and perform actions accordingly. The instant application disclose the sequence of the aforementioned determinations, Examiner submits that the determinations of the above combination of the prior arts would apply to the aforementioned sequence as a logical conclusion when applying the above determinations in the prior arts combination. In particular, the “writable” determination detected by Lutas would abort the request, otherwise, in response to none “writable” detection/determination the request would not be aborted by Latus, however, if there is an instruction that is capable of changing the attribute/tag of the page table, Kaplan would abort the request, which may be non “writable”.

Regarding claims 4 and 24, (Cancelled). 

Regarding claim 5 (Previously Presented), Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: 
determining whether the memory allocation related system call request maps a page from a storage device to memory; responsive to a determination that the memory allocation related system call request maps a page from a storage device to memory, causing the memory allocation related system call request to proceed (Pohlack discloses in Col. 10 line 33-52 the concept of determining cache line flush  instruction/request, in response, map a page from memory to cache, i.e. read or load, such that information is reloaded back to cache, therefore, allowing the process of performing the cache line flush request and immediately followed by the load request back in the memory map to proceed, as a result, the attacker would not be able to infer any timing information, “…the security component may be configured to insert a replacement patch (e.g., binary code) that includes the detected cache line flush type instructions but in which a read or load type instruction has been added immediately (or shortly) following each of the detected cache line flush type instructions to reload the flushed information back into the cache, or to insert a replacement patch (e.g., binary code) for each of the detected cache line flush type instructions that calls a sub-function that includes the detected cache line flush type instruction along with a read or load type instruction that immediately (or shortly) follows the cache line flush type instruction and reloads the flushed information back into the cache…the suspected attacker may not observe any timing differences between accesses made prior executing a cache line flush type instruction and subsequent to executing the cache line flush type instruction, again resulting in closing the potential timing side-channel.”).  

Regarding claim 6 (Previously presented), Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection system of claim 5 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: 
determining whether the memory allocation related system call request includes only a memory page allocation request; responsive to a determination that the memory allocation related system call request includes only a memory page allocation request, causing the memory allocation related system call request to abort (Pohlack discloses in Figure 3 (340) that when the particular cache line flush request/instruction is frequently targeted to the same/only page in the memory, this results into performing an action to curtail/limit/suspend the attack, which includes an action to replace the cash line flush instruction targeting the same page, as disclosed in , Col. 3 line 10-15 and Col. 7 line 49-65, which is interpreted as aborting the cache line request, where the memory allocation request is request directed to a memory page in the memory map).  

Regarding claim 7 (Previously Presented), Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: 
While Pohlack discloses in e.g. Figure 3 the determination of the instruction includes executing code such as flushing the cash line and followed by loading instruction targeting the page of a memory map, however, Pohlack in view of Lutas and do not disclose that if instruction includes changing protection key/flag and if so, abort executing the instructions. Emphasis in Italic. 
Kaplan teaches responsive to a determination that one or more code pages do not include instructions capable of changing a  memory protection flag associated with a shared page, causing the memory allocation related system call request to proceed (Kaplan disclose that [0016] “…the processing unit 105 can write new code directly to the code page 140 or modify existing code stored in the code page 140 without intervention or mediation by the security module 115 because the code pages 140 are stored in the unprotected region of the memory 110.”, which indicates that there are codes in code pages that do not require alteration of the page table, by the security, and are able to proceed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas to incorporate the teaching of Kaplan to utilize the above feature, with the motivation of Kaplan [0001, 0008]).

Regarding claim 8 (Previously presented), Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page present in the system memory further cause the control circuitry to perform operations comprising: 
Pohlack discloses in Figure 3 triggering an action (360) in response to a code/program instructions (330, 340).
Pohlack does not disclose non executable code. Emphasis in Italic.
Lutas from analogues field of invention teaches responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include executable code, causing the memory allocation related system call request to proceed (Lutas [0032] “…when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code from a memory page marked as non-executable, processor 12 may intercept the attempt, suspend the current execution, and switch to executing hypervisor 50.”, i.e. in response to executable code attempting to execute/write to/from memory page, cause the system/processor to suspend/abort the execution, examiner submit that the conditional statement, i.e. “when…execute code… from a memory page marked as non-executable…suspend” indicates that the alternative path, that is non executable from memory page marked as non-executable is not suspended).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teaching of Lutas to utilize the above features, with the motivation of protecting virtual machines from security threats, as recognized by (Lutas [0032]).

Regarding claim 9 (Previously Presented), Pohlack in view of  teaches Lutas and  Kaplan the side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising:  
Pohlack discloses in Figure 3 triggering an action (360) in response to an executable code/program instructions (330, 340).
Pohlack does not disclose the below limitation. Emphasis in Italic
Lutas discloses responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include executable code, causing the memory allocation related system call request to proceed (Lutas [0032] “when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code from a memory page marked as non -executable, processor 12 may intercept the attempt, suspend the current execution, and switch to executing hypervisor 50.”, i.e. in response to executable code attempting to execute/write to/from memory page, cause the system/processor to suspend/abort the execution, examiner submits  that the conditional statement, “when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code… processor 12 may intercept the attempt, suspend the current execution” indicates the alternate path, i.e. when attempting to NOT write or when there is no executable instruction to write to a page marked as non-writable, the process will proceed).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teaching of Lutas to utilize the above features, with the motivation of protecting virtual machines from security threats, as recognized by (Lutas [0032]).

Regarding claims 11 (Currently Amended), 21 (Currently Amended) and 25 (Previously Presented), claims 11, 21 and 25 recite similar limitations to claim 1, therefore, the same rational and motivation applied to claim 1 is also applied to claims 11, 21 and 25.

Regarding claims 14, (Cancelled).

Regarding claim 15, (Previously Presented) Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: 
(Pohlack discloses in Col. 10 line 33-52 the concept of determining cache line flush  instruction/request, in response, map a page from memory to cache, i.e. read or load, such that information is reloaded back to cache, therefore, allowing the process of performing the cache line flush request and immediately followed by the load request back in the memory map to proceed, as a result, the attacker would not be able to infer any timing information, “…the security component may be configured to insert a replacement patch (e.g., binary code) that includes the detected cache line flush type instructions but in which a read or load type instruction has been added immediately (or shortly) following each of the detected cache line flush type instructions to reload the flushed information back into the cache, or to insert a replacement patch (e.g., binary code) for each of the detected cache line flush type instructions that calls a sub-function that includes the detected cache line flush type instruction along with a read or load type instruction that immediately (or shortly) follows the cache line flush type instruction and reloads the flushed information back into the cache…the suspected attacker may not observe any timing differences between accesses made prior executing a cache line flush type instruction and subsequent to executing the cache line flush type instruction, again resulting in closing the potential timing side-channel.”).  
Regarding claim 16. (Original) Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection method of claim 15 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: determining, by the control circuitry, whether the memory allocation related system call request includes only a memory page allocation request; causing, by the control circuitry, the memory allocation related system call request to abort responsive to a determination that the memory allocation related system call request includes only a memory page allocation request (Pohlack discloses in Figure 3 (340) that when the particular cache line flush request/instruction is frequently targeted to the same/only page in the memory, this results into performing an action to curtail/limit/suspend the attack, which includes an action to replace the cash line flush instruction targeting the same page, as disclosed in , Col. 3 line 10-15 and Col. 7 line 49-65, which is interpreted as aborting the cache line request, where the memory allocation request is request directed to a memory page in the memory map).  

Regarding claim 17, (Previously Presented) Pohlack in view of Lutas teaches the side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: 
While Pohlack discloses in e.g. Figure 3 the determination of the instruction includes executing code such as flushing the cash line and followed by loading instruction targeting the page of a memory map, however, Pohlack in view of Lutas and Emphasis in Italic. 
Kaplan teaches causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that one or more code pages do not include instructions capable of changing a memory protection flag associated with a shared code page  (Kaplan disclose that [0016] “…the processing unit 105 can write new code directly to the code page 140 or modify existing code stored in the code page 140 without intervention or mediation by the security module 115 because the code pages 140 are stored in the unprotected region of the memory 110.”, which indicates that when codes in code pages that do not require alteration of the page table, by the security, are able to proceed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas to incorporate the teaching of Kaplan to utilize the above feature, with the motivation of facilitating security criteria to prevent requests to modify page tables, which improve security against attacks, as recognized by (Kaplan [0001, 0008]).

 Regarding claim 18, (Previously Presented) Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: 
Pohlack discloses in Figure 3 triggering an action (360) in response to a code/program instructions (330, 340).
Emphasis in Italic.
Lutas teaches causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include executable code (Lutas [0032] “…when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code from a memory page marked as non-executable, processor 12 may intercept the attempt, suspend the current execution, and switch to executing hypervisor 50.”, i.e. in response to executable code attempting to execute/write to/from memory page, cause the system/processor to suspend/abort the execution, examiner submit that the conditional statement, i.e. “when…execute code… from a memory page marked as non-executable…suspend” indicates that the alternative path, that is non executable from memory page marked as non-executable is not suspended).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teaching of Lutas to utilize the above features, with the motivation of protecting virtual machines from security threats, as recognized by (Lutas [0032]).

Regarding claim 19, (Previously Presented) Pohlack in view of Lutas and Kaplan teaches The side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: 

Pohlack does not disclose writable executable code. Emphasis in Italic
Lutas discloses causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include one or more writable code pages (Lutas [0032] “when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code from a memory page marked as non -executable, processor 12 may intercept the attempt, suspend the current execution, and switch to executing hypervisor 50.”, i.e. in response to executable code attempting to execute/write to/from memory page, cause the system/processor to suspend/abort the execution, examiner submits  that the conditional statement, “when a software object executing within a VM attempts to write data to a memory page marked as non -writable, or to execute code… processor 12 may intercept the attempt, suspend the current execution” indicates the alternate path, i.e. when attempting to NOT write or when there is no executable instruction to write to a page marked as non-writable, the process will proceed).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teaching of Lutas to utilize the above features, with the motivation of protecting virtual machines from security threats , as recognized by (Lutas [0032]).

Claims 2, 12 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Pohlack in view of Lutas and Kaplan and further in view of La (US 20090037662 A1), hereinafter La.

Regarding claim 2 (Previously Presented), Pohlack in view of Lutas and Kaplan teaches the side-channel attack protection system of claim 1: wherein the memory circuitry includes memory pages associated with two or more virtual machines (Pohlack Col. 4 line 59-65 “systems that implement virtualization include a same page sharing feature…In such systems, sharing of physical pages may not only be happening within one virtual machine, but may be propagated throughout the whole system.”); 
wherein the instructions cause all or a portion of the control circuitry to provide virtual machine manager (VMM) circuitry to: detect duplicate memory pages associated with the two or more virtual machines; provide a single shared memory page shared by the two or more virtual machines, the single shared memory page including content of the detected duplicate memory pages (Pohlack Col. 4 line 61-66 “…the hypervisor may scan the contents of physical memory pages, and whenever it finds the same pages, it may merge them into a single copy maintained under the root”); and 
Pohlack in view of Lutas and Kaplan do not disclose the remaining limitations.
La discloses associate an executable only identifier with the single shared memory page to selectively disable a READ permission of the single shared memory page (La [0012] “…instructions executable by the processor and configured for performing a selective read caching function which enables and disables read caching for individual regions of the backstore depending on whether or not read caching has provided any recent benefit.”, examiner submits that the system of La identifies executable instruction that selectively disable read caching).
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack-Lutas to incorporate the teaching of La to utilize the above feature, with the motivation of improving performance by using an autonomic algorithm, as recognized by (La, Abstract).
 
Regarding claims 12, (Previously Presented) Pohlack in view of Lutas and Kaplan teaches the side-channel attack protection method of claim 11, further comprising: detecting, by virtual machine manager (VMM) circuitry, duplicate memory pages associated with the two or more virtual machines; wherein determining, by control circuitry, whether a memory page access request attempts to access one or more shared memory pages comprises: determining, by control circuitry, whether a memory page access request attempts to access one or more shared memory pages associated with two or more virtual machines; providing, by the VMM circuitry, a single shared memory page shared by the two or more virtual machines, the single shared memory page including content of the detected duplicate memory pages (Pohlack Col. 4 line 59-65 “systems that implement virtualization include a same page sharing feature…In such systems, sharing of physical pages may not only be happening within one virtual machine, but may be propagated throughout the whole system.”, Col. 4 line 61-66 “…the hypervisor may scan the contents of physical memory pages, and whenever it finds the same pages, it may merge them into a single copy maintained under the root”).
Pohlack in view of Lutas and Kaplan do not disclose the below limitations.
La discloses associating, by the VMM circuitry, an executable only identifier with the single shared memory page to selectively disable a READ permission of the single shared memory page (La [0012] “…instructions executable by the processor and configured for performing a selective read caching function which enables and disables read caching for individual regions of the backstore depending on whether or not read caching has provided any recent benefit.”, examiner submits that the system of La identifies executable instruction that selectively disable read caching).
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas to incorporate the teaching of La to utilize the above feature, with the motivation of improving performance by using an autonomic algorithm, as recognized by (La, Abstract).

Regarding claim 22 (Previously Presented), claim 22 recites similar limitations to claim 2, therefore, the same rational and motivation applied to claim 2 is also applied to claim 22.

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Pohlack in view of Lutas and Kaplan and further in view of Koufaty et. al. (US 20160110298 A1), hereinafter Koufaty.

Regarding claim 10 (currently amended), Pohlack in view of Lutas and Kaplan teaches the side-channel attack protection system of claim 1 
Pohlack in view of Lutas does not disclose the below limitations.
Kaplan discloses to determine whether the code page includes an instruction capable of changing a memory protection flag associated with a shared code page as detailed in above in claim 1, rationale and motivation applies, however, Pohlack in view of Lutas and Kaplan do not disclose that the determination is based on instructions that include Write Protection Key Rights User (WRPKRU) 
wherein the instructions that cause the control circuitry to determine whether the code page includes an instruction capable of changing a memory protection flag associated with a shared code page are to determine whether the code page includes a Write Protection Key Rights User (WRPKRU) instruction (Koufaty discloses in [0033] “Each of the user permission register 204 and the supervisor permission register 206 may include a number of fields to store the memory access permissions associated with each protection key 224”, where the protection keys (224) stored in page table as disclosed in [0034] and Figure 2, [0037] “…the protection key is a string of n bits of binary code that may be used as an identifier to the permissions stored in the fields of the user permission register 204 or the supervisor permission register 206. For example, a protection key of 0010 may point to the field of user permission register 204 or the supervisor permission register 206 identified at 0010 position.”, [0041] “user permission register write (WRPKRU) instruction that may allow the user application program to write to the user permission register 204. By allowing the user application to directly manipulate the permissions stored in the user permission register 204, the performance overhead of changing the set of permissions through protection keys (e.g., by going through the operating system) may be reduced significantly, allowing for much broader use of the protection keys.”, 
consistent with the description of the instant application in Page 6 line 8-11, Page 7 line 24-25 “A page table 160 may include one or more flags 164, such as a protection key, that limits the ability of users to read data from the shared code page 110.” where the protection key is a flag).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas and Kaplan to incorporate the teaching of Koufaty to utilizing the above feature, with the motivation of reducing performance overhead, as recognized by (Koufaty [0042]).

Regarding claim 20 (Currently Amended), Pohlack in view of Lutas teaches the side-channel attack protection method of claim 11. 
Pohlack in view of Lutas do not disclose the below limitations.
whether any of the one or more code pages include a Write Protection Key Rights User (WRPKRU) instruction capable of changing the memory protection flag associated with the shared page (Koufaty discloses in [0033] “Each of the user permission register 204 and the supervisor permission register 206 may include a number of fields to store the memory access permissions associated with each protection key 224”, where the protection keys (224) stored in page table as disclosed in [0034] and Figure 2, [0037] “…the protection key is a string of n bits of binary code that may be used as an identifier to the permissions stored in the fields of the user permission register 204 or the supervisor permission register 206. For example, a protection key of 0010 may point to the field of user permission register 204 or the supervisor permission register 206 identified at 0010 position.”, [0041] “user permission register write (WRPKRU) instruction that may allow the user application program to write to the user permission register 204. By allowing the user application to directly manipulate the permissions stored in the user permission register 204, the performance overhead of changing the set of permissions through protection keys (e.g., by going through the operating system) may be reduced significantly, allowing for much broader use of the protection keys.”, 
consistent with the description of the instant application in Page 6 line 8-11, Page 7 line 24-25 “A page table 160 may include one or more flags 164, such as a protection key, that limits the ability of users to read data from the shared code page 110.” where the protection key is a flag).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas to incorporate the teaching of Koufaty to utilizing the above feature, with the motivation of reducing performance overhead, as recognized by (Koufaty [0042]).

Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Pohlack in view of Lutas and Kaplan and further in view of Ray et. al. (US 20060200863 A1), hereinafter Ray.

Regarding claim 26 (Previously Presented), Pohlack in view of Lutas and Kaplan teaches the side channel-attack protection system of claim 1 
While Pohlack in view of Lutas and Kaplan disclose the determination of executable code page and writable code page, however, Pohlack in view of Lutas and Kaplan do not disclose that the determination is based on flag stored in page table. Emphasis in Italic.
Ray discloses wherein the instructions that cause the control circuitry to determine whether the code page is writeable and determine whether the code page includes executable code based on a particular memory protection flag stored in a page table and associated with the code page (Ray [0038] “…the page-tracking module 208 may use up to four page table access bits to track the state of a page, including (1) a present bit, (2) a writable bit, (3) an executable bit, and (4) a readable bit.”, where the bits in the page table corresponds to flags). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack in view of Lutas and Kaplan to incorporate the teaching of Ray to utilize the above feature, with the motivation of tracking the state of the page, as recognized by (Ray [0038]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497      
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497