中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

22 records (took 0.017 seconds)

    Integrity protection of a mandatory access control policy in an operating system using virtual machine extension root operations
    1.
    发明申请
    Integrity protection of a mandatory access control policy in an operating system using virtual machine extension root operations 审中-公开
    在使用虚拟机扩展根操作的操作系统中强制访问控制策略的完整性保护

    公开(公告)号:US20160335429A1

    公开(公告)日:2016-11-17

    申请号:US14757948

    申请日:2015-12-24

    Applicant: Intel Corporation

    Inventor: Ned M. Smith Manohar R. Castelino Harshawardhan Vipat

    IPC: G06F21/52 G06F21/62

    Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.

    Abstract translation: 系统,装置和方法可以提供强制访问控制策略的签名验证,并且如果签名验证成功,则将强制访问控制策略提供给内核存储器。 此外,可以通过具有系统级特权的一个或多个进程来保护内核存储器免于未授权的写入操作。 在一个示例中,强制访问控制策略被配置,而不需要重新启动系统。

    TECHNOLOGIES FOR MULTI-LEVEL VIRTUALIZATION
    5.
    发明申请
    TECHNOLOGIES FOR MULTI-LEVEL VIRTUALIZATION 有权

    公开(公告)号:US20170090963A1

    公开(公告)日:2017-03-30

    申请号:US14866187

    申请日:2015-09-25

    Applicant: Intel Corporation

    Inventor: Jun Nakajima Asit K. Mallick Harshawardhan Vipat Madhukar Tallam Manohar R. Castelino

    IPC: G06F9/455

    CPC classification number: G06F9/45558 G06F2009/45575 G06F2009/45579 G06F2009/45583

    Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.

    SECURE LOCAL WEB APPLICATION DATA MANAGER
    8.
    发明申请
    SECURE LOCAL WEB APPLICATION DATA MANAGER 审中-公开
    安全的本地WEB应用数据管理器

    公开(公告)号:US20160359921A1

    公开(公告)日:2016-12-08

    申请号:US15241658

    申请日:2016-08-19

    Applicant: Intel Corporation

    Inventor: Hong C. Li Mark D. Boucher Conor P. Cahill Manohar R. Castelino Steve Orrin Vinay Phegade John E. Simpson, JR.

    IPC: H04L29/06 G06F21/60

    CPC classification number: H04L63/20 G06F21/602 G06F21/62 G06F2221/2111 H04L63/107

    Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

    Abstract translation: 装置,系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外,如果数据可远程访问,则数据可以分类为类别。 此外,安全策略可以基于该类别应用于数据。 在一个示例中,分离器可以基于类别将数据与其他数据分离,可以基于类别来加密/解密数据,和/或上下文信息,并且可以确定用户输入,以进一步基于 上下文信息和用户输入。

    Techniques for enabling co-existence of multiple security measures
    9.
    发明授权
    Techniques for enabling co-existence of multiple security measures 有权
    实现多重安全措施共存的技术

    公开(公告)号:US09449173B2

    公开(公告)日:2016-09-20

    申请号:US14494260

    申请日:2014-09-23

    Applicant: INTEL CORPORATION

    Inventor: Ramesh Thomas Manohar R. Castelino Kuo-Lang Tseng

    IPC: G06F21/56 G06F12/14 G06F21/64 G06F21/62

    CPC classification number: G06F21/56 G06F12/1408 G06F21/6218 G06F21/64 G06F2212/1052 G06F2221/034 G06F2221/2107 H04L63/145

    Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

    Abstract translation: 各种实施例旨在使反恶意软件与操作系统的保护特征共存。 设备可以包括处理器组件,其包括存储IDT大小的指示的IDT寄存器; 监视部件,用于检索所述指示并响应于所述IDT寄存器的修改将所述指示与所述保护IDT的大小进行比较,以确定所述保护例程是否检查所述IDT和一组ISR; 以及高速缓存组件,用于分别基于所述确定并且在检查之前分别具有缓存的IDT和缓存的ISR集合来覆盖IDT和ISR集合,以防止保护例程检测到反恶意程序的修改, 在修改之前分别从IDT和ISR集合生成的缓存的IDT和缓存的ISR集合。 描述和要求保护其他实施例。

Patent Agency Ranking