DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This communication is in response to
Application claim amendments filed on 01/13/2022, and 
Authorization for the below examiner’s claim amendments was given by Phone by Mr. Scott McClelland (Reg. No. 68,257) on 01/26/2022.

The amendments filed on 01/13/2022 have been entered.
Claim 25 invokes 112(f) interpretation. Structure and function are disclosed as described in the Office Action mailed on 11/16/2021. 
Claims amendments and the applicant’s remarks filed on 01/13/2022 overcome the USC 103 rejections previously set forth in the Office Action mailed on 11/16/2021.

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Examiner’s Amendment
Note: Proposed amendments marked manually with underlining and 
Claims
1. (Previously Presented) A side-channel attack protection system, comprising: control circuitry; memory circuitry coupled to the control circuitry; a storage device that includes instructions, when executed by the control circuitry, cause the control circuitry to selectively render unsuccessful a cache line flush (CLFLUSH) instruction on one or more shared code pages by performing operations comprising: 
determining whether a code page associated with a memory allocation related system call request includes executable code; 
responsive to a determination that the code page associated with the memory allocation related system call includes executable code, determining whether the code page is writable; 
responsive to a determination that the code page includes executable code and is writeable, causing the memory allocation related system call request to abort; 
responsive to a determination that the code page includes executable code and is not writeable, determining whether the code page includes a Write Protection Key Rights User (WRPKRU) instruction capable of changing a memory protection flag stored in a page table and associated with a shared code page; and 
responsive to a determination that the code page includes a WRPKRU instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort.  

2. (Previously Presented) The side-channel attack protection system of claim 1: wherein the memory circuitry includes memory pages associated with two or more virtual machines; wherein the instructions cause all or a portion of the control circuitry to provide virtual machine manager (VMM) circuitry to: detect duplicate memory pages associated with the two or more virtual machines; provide a single shared memory page shared by the two or more virtual machines, the single shared memory page including content of the detected duplicate memory pages; and associate an executable only identifier with the single shared memory page to selectively disable a READ permission of the single shared memory page.  

3-4. (Canceled).
 
5. (Previously Presented) The side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: determining whether the memory allocation related system call request maps a page from a storage device to memory; responsive to a determination that the memory allocation related system call request maps a page from a storage device to memory, causing the memory allocation related system call request to proceed.  



7. (Previously Presented) The side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: responsive to a determination that one or more code pages do not include instructions capable of changing a memory protection flag associated with a shared page, causing the memory allocation related system call request to proceed.  

8. (Previously Presented) The side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page present in the system memory further cause the control circuitry to perform operations comprising: responsive to a determination that the one or more code pages associated with the received memory allocation related system call request 

9. (Previously Presented) The side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to selectively render unsuccessful the cache line flush (CLFLUSH) instruction based on code included in the shared memory page further cause the control circuitry to perform operations comprising: responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include executable code, causing the memory allocation related system call request to proceed.  

10. (Canceled).ATTORNEY DOCKET NO.PATENT APPLICATION AB2661-US16/145,635 Confirmation No. 7196 6  

11. (Currently Amended) A side-channel attack protection method, comprising: 
determining, by control circuitry, whether a memory page access request attempts to access one or more shared memory pages; and responsive to a determination that the memory page access request accesses a shared memory page, selectively rendering unsuccessful a cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages by: 
determining that a code page associated with a memory allocation related system call request includes executable code; 
; 
responsive to a determination that the code page includes executable code and is writeable, causing the memory allocation related system call request to abort;
responsive to a determination that the code page includes executable code and is not writeable, determining whether the code page includes a Write Protection Key Rights User (WRPKRU) instruction capable of changing a memory protection flag stored in a page table and associated with a shared code page; and 
responsive to a determination that the code page includes a WRPKRU instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort.



12. (Previously Presented) The side-channel attack protection method of claim 11, further comprising: detecting, by virtual machine manager (VMM) circuitry, duplicate memory pages associated with the two or more virtual machines; wherein determining, 

13-14. (Canceled).  

15. (Previously Presented) The side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: determining, by the control circuitry, whether the memory allocation related system call request maps a page from a storage device to memory; causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that the memory allocation related system call request maps a page from a storage device to memory.  

16. (Original) The side channel-attack protection method of claim 15 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at 

17. (Previously Presented) The side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that one or more code pages do not include instructions capable of changing a memory protection flag associated with a shared code page.  

18. (Previously Presented) The side channel-attack protection method of claim 11 wherein selectively rendering unsuccessful the cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages further comprises: causing, by the control circuitry, the memory allocation related system call request to proceed responsive to a determination that the one or more code pages associated with the received memory allocation related system call request do not include executable code.  



20. (Canceled).ATTORNEY DOCKET NO.PATENT APPLICATION AB2661-US16/145,635 Confirmation No. 7196 10  

21. (Previously Presented) A non-transitory machine-readable storage medium that includes instructions, when executed by a control circuitry, cause the control circuitry to: selectively render unsuccessful a cache line flush (CLFLUSH) instruction on one or more shared memory pages by performing operations comprising: 
determining whether a code page associated with a memory allocation related system call request includes executable code; 
responsive to a determination that the code page associated with the memory allocation related system call includes executable code, determining whether the code page is writable; and responsive to a determination that the code page includes executable code and is writeable, causing the memory allocation related system call request to abort; 
responsive to a determination that the code page includes executable code and is not writeable, determining whether the code page includes a Write Protection Key 
responsive to a determination that the code page includes a WRPKRU instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort.  

22. (Previously Presented) The non-transitory machine-readable storage medium of claim 21 wherein the instructions further cause all or a portion of the control circuitry to: detect, via virtual machine manager circuitry, duplicate memory pages associated with two or more virtual machines; provide, via the virtual machine manager circuitry, a single shared memory page shared by the two or more virtual machines, the single shared memory page including content of the detected duplicate memory pages; and associate an executable only identifier with the single shared memory page to selectively disable a READ permission of the single shared memory page.  

23-24. (Canceled).  

25. (Previously Presented) A side-channel attack protection system, comprising:  
means for determining whether a memory page access request attempts to access one or more shared memory pages; and means for selectively rendering unsuccessful a cache line flush (CLFLUSH) instruction on at least one of the one or more shared memory pages responsive to a determination that the memory page access request accesses a shared memory page by performing operations comprising: 

responsive to a determination that a code page associated with the memory allocation related system call includes executable code, determining whether the code page is writable; responsive to a determination that the code page includes executable code and is writeable, causing the memory allocation related system call request to abort; 
responsive to a determination that the code page includes executable code and is not writeable, determining whether the code page includes a Write Protection Key Rights User (WRPKRU) instruction capable of changing a memory protection flag stored in a page table and associated with a shared code page; and 
responsive to a determination that the code page includes a WRPKRU instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort.  

26. (Previously Presented) The side channel-attack protection system of claim 1 wherein the instructions that cause the control circuitry to determine whether the code page is writeable and determine whether the code page includes executable code based on a particular memory protection flag stored in a page table and associated with the code page.

Allowable Subject Matter
Above Claims 1-2, 5-9, 11-12, 15-19, 21-22 and 25-26 are allowed.
The following is a statement of reasons for indication of allowable subject matter.
Cited and relevant prior art of record:
Pohlack (US 9436603 B1),
Lutas (US 20160210069 A1),
Kaplan (US 20180081830 A1), and
Koufaty et. al. (US 20160110298 A1).
Pohlack discloses a system and method used to detect, prevent, mitigate, and curtail timing side-channel attacks in virtualized computing systems and in local systems in which physical memory pages are shared between processes, applications, and users, detect the execution of cache line flush type instructions (CLFLUSH) in the context of shared physical pages and timing side-channel attacks, and take action to mitigate or curtail those attacks and to prevent subsequent attacks on a target process or application, where the system selectively taking action to replace cash flush type (CLFLUSH)  code instruction. Lutas discloses that in response to an executable code attempting to execute/write to/from a memory page, causes the system/processor to suspend/abort the execution. Kaplan discloses instructions/software, through the processor, in a code page, requiring to change an attribute/flag of a corresponding page table in order for the corresponding code page to be executed, if this is the case, and the signature verification is not validated/matched, then the modification to the attribute/flag is rejected/aborted, and in turn, the code page is not executed. Koufaty discloses a user permission register and a supervisor permission register include a number of fields to store memory access permissions associated with a protection key stored in a page table and further discloses a user permission register write (WRPKRU) 
While the above prior arts disclose the aforementioned concepts, however, none of the above prior arts, individually or in combination, discloses all limitations in the manner recited in the independent claims. Specifically, none of the above prior arts discloses the sequence pertaining to a code page that includes executable code as recited in the independent claims, where it’s first determined whether the code page associated with a memory allocation related system call request includes executable code, responsive to a determination that a code page associated with the memory allocation related system call includes executable code, determining whether the code page is writable and responsive to a determination that the code page includes executable code and is writeable, abort the memory allocation related system call request, and responsive to a determination that the code page includes executable code and is not writeable, determining whether the code page includes a Write Protection Key Rights User (WRPKRU) instruction capable of changing a memory protection flag stored in a page table and associated with a shared code page, and responsive to a determination that the code page includes a WRPKRU instruction capable of changing a memory protection flag associated with a shared code page, causing the memory allocation related system call request to abort. Therefore, the above limitations in conjunction with the remaining limitations of the independent claims render the above independent claims allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-

/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        


/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497