-
1.发明授权ACPI communication between virtual machine monitor and policy virtual machine via mailbox 有权通过邮箱实现虚拟机监控和策略虚拟机之间的ACPI通信公开(公告)号:US07937701B2
公开(公告)日:2011-05-03
申请号:US11173711
申请日:2005-06-30
CPC分类号: G06F9/544 , G06F9/45558 , G06F2009/45583
摘要: A method, apparatus and system enable bi-directional communications between a virtual machine monitor (“VMM”) and an Advanced Configuration & Power Interface (“ACPI”) compliant guest operating system. In one embodiment, a virtual machine (“VM”) may be designated as the owner of the host platform (“Policy VM”). The Policy VM may communicate with the VMM to control all configuration and power management decisions on the platform.
摘要翻译: 一种方法,装置和系统使虚拟机监视器(“VMM”)和高级配置与电源接口(“ACPI”)兼容客户机操作系统之间能够进行双向通信。 在一个实施例中,可以将虚拟机(“VM”)指定为主机平台(“策略VM”)的所有者。 策略VM可以与VMM进行通信,以控制平台上的所有配置和电源管理决策。
-
公开(公告)号:US20140123281A1
公开(公告)日:2014-05-01
申请号:US13664532
申请日:2012-10-31
IPC分类号: G06F21/00
CPC分类号: G06F21/552 , G06F9/30145 , G06F21/566 , G06F2221/034
摘要: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.
摘要翻译: 在一个实施例中,处理器包括至少一个执行单元和返回定向编程(ROP)检测逻辑。 ROP检测逻辑可以基于多个控制传送事件来确定ROP度量。 ROP检测逻辑还可以确定ROP度量是否超过阈值。 ROP检测逻辑还可以响应于ROP度量超过阈值的确定,提供ROP攻击通知。
-
公开(公告)号:US20140095936A1
公开(公告)日:2014-04-03
申请号:US13631317
申请日:2012-09-28
IPC分类号: G06F11/36
CPC分类号: G06F11/3636 , G06F11/1479 , G06F11/3466 , G06F11/3616 , G06F2201/86 , G06F2201/865 , G06F2201/88
摘要: In an embodiment of the invention an application provider may include “tracing elements” in a target software application. While working with the application the trace elements are detected and provide a “baseline trace” indicating proper application execution. The provider then supplies the application, which still includes the trace elements, and the baseline trace to a user. The user operates the application to produce a “real-time trace” based on the application still having trace elements that produce trace events. A comparator then compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. If the level of assurance is low, an embodiment may trigger a hardware interrupt or similar event to prevent further execution of software. Other embodiments are described herein.
摘要翻译: 在本发明的实施例中,应用提供者可以在目标软件应用中包括“跟踪元素”。 在处理应用程序时,将检测到跟踪元素,并提供一个“基线跟踪”,指示正确的应用程序执行。 然后,提供商将仍然包含跟踪元素的应用程序和基准跟踪提供给用户。 用户根据仍然具有产生跟踪事件的微量元素的应用来操作应用以产生“实时跟踪”。 比较器然后比较基线和实时迹线。 如果迹线在彼此的预定范围内,则用户具有软件正确操作的保证级别。 如果保证级别低,则实施例可以触发硬件中断或类似事件以防止进一步执行软件。 本文描述了其它实施例。
-
4.发明授权Method and apparatus for establishing processor as core root of trust for measurement 失效用于建立处理器作为测量信任核心的方法和装置公开(公告)号:US07765392B2
公开(公告)日:2010-07-27
申请号:US11479415
申请日:2006-06-29
申请人: Antonio S. Cheng , Kirk D. Brannock
发明人: Antonio S. Cheng , Kirk D. Brannock
IPC分类号: H04L9/00
CPC分类号: G06F21/57
摘要: A programmable processor calculates a hash value of a memory region, then monitors program operation to detect a security monitoring system initialization. The hash value is added to extend a security measurement sequence if the security monitoring system initialization clears a security state. Processors that implement similar methods, and systems using such processors, are also described and claimed.
摘要翻译: 可编程处理器计算存储器区域的散列值,然后监视程序操作以检测安全监控系统初始化。 如果安全监控系统初始化清除安全状态,则添加散列值以扩展安全测量序列。 还描述和声明了实现类似方法的处理器和使用这种处理器的系统。
-
5.发明申请Method and System for linking Firmware Modules in a Pre-Memory Execution Environment 有权在内存中执行环境中连接固件模块的方法和系统公开(公告)号:US20090006832A1
公开(公告)日:2009-01-01
申请号:US12206630
申请日:2008-09-08
申请人: Willliam A. Stevens, JR. , Andrew J. Fish , Kirk D. Brannock , Robert P. Hale , Ramamurthy Krithivas
发明人: Willliam A. Stevens, JR. , Andrew J. Fish , Kirk D. Brannock , Robert P. Hale , Ramamurthy Krithivas
IPC分类号: G06F15/177
CPC分类号: G06F8/54 , G06F9/4401
摘要: A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.
摘要翻译: BIOS包括核心和多个模块。 这些模块包括那些具有平台特性的模块,以及不具有平台特性的模块。 每个模块都有一个标准接口,允许核心(或其他模块)调用该模块。 平台供应商通过从一个或多个供应商中选择模块来构建BIOS,当被执行时可以选择适合于BIOS所在平台的模块。
-
公开(公告)号:US10146657B2
公开(公告)日:2018-12-04
申请号:US14226612
申请日:2014-03-26
申请人: Robert C. Swanson , C. Brendan Traw , Vincent J. Zimmer , Mallik Bulusu , John R. Lindsley , Mahesh S. Natu , Dimitrios Ziakas , Robert W. Cone , Madhusudhan Rangarajan , Babak Nikjou , Kirk D. Brannock , Russell J. Wunderlich , Miles F. Schwartz , Stephen S. Pawlowski
发明人: Robert C. Swanson , C. Brendan Traw , Vincent J. Zimmer , Mallik Bulusu , John R. Lindsley , Mahesh S. Natu , Dimitrios Ziakas , Robert W. Cone , Madhusudhan Rangarajan , Babak Nikjou , Kirk D. Brannock , Russell J. Wunderlich , Miles F. Schwartz , Stephen S. Pawlowski
IPC分类号: G06F11/14 , G06F11/34 , G06F9/4401 , G06F21/57
摘要: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.
-
7.发明授权System and method for correct execution of software based on baseline and real time information 有权基于基线和实时信息正确执行软件的系统和方法公开(公告)号:US09003236B2
公开(公告)日:2015-04-07
申请号:US13631317
申请日:2012-09-28
CPC分类号: G06F11/3636 , G06F11/1479 , G06F11/3466 , G06F11/3616 , G06F2201/86 , G06F2201/865 , G06F2201/88
摘要: In an embodiment of the invention an application provider may include “tracing elements” in a target software application. While working with the application the trace elements are detected and provide a “baseline trace” indicating proper application execution. The provider then supplies the application, which still includes the trace elements, and the baseline trace to a user. The user operates the application to produce a “real-time trace” based on the application still having trace elements that produce trace events. A comparator then compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. If the level of assurance is low, an embodiment may trigger a hardware interrupt or similar event to prevent further execution of software. Other embodiments are described herein.
摘要翻译: 在本发明的实施例中,应用提供者可以在目标软件应用中包括“跟踪元素”。 在处理应用程序时,将检测到跟踪元素,并提供一个“基线跟踪”,指示正确的应用程序执行。 然后,提供商将仍然包含跟踪元素的应用程序和基准跟踪提供给用户。 用户根据仍然具有产生跟踪事件的微量元素的应用来操作应用以产生“实时跟踪”。 比较器然后比较基线和实时迹线。 如果迹线在彼此的预定范围内,则用户具有软件正确操作的保证级别。 如果保证级别低,则实施例可以触发硬件中断或类似事件以防止进一步执行软件。 本文描述了其它实施例。
-
公开(公告)号:US20100228997A1
公开(公告)日:2010-09-09
申请号:US12784282
申请日:2010-05-20
申请人: Antonio S. Cheng , Kirk D. Brannock
发明人: Antonio S. Cheng , Kirk D. Brannock
CPC分类号: G06F21/10 , G06F21/51 , G06F21/575 , G06F21/72
摘要: A programmable processor initializes its state, then computes and verifies a hash of a boot code region of memory before executing any user instructions in the memory. Systems using similar processors, and software to control such a processor's operation, are also described and claimed.
摘要翻译: 可编程处理器初始化其状态,然后在执行存储器中的任何用户指令之前计算和验证存储器的引导代码区域的散列。 还描述和要求保护使用类似处理器的系统和用于控制这种处理器的操作的软件。
-
9.发明授权公开(公告)号:US07392371B2
公开(公告)日:2008-06-24
申请号:US10032141
申请日:2001-12-20
IPC分类号: G06F9/00
CPC分类号: G06F9/4401
摘要: A boot routine is initialized in a computer by bootstrapping a volume top file (VTF) located in a first addressable location accessible upon the initializing of the boot routine and the volume top file bootstrapping a set of firmware modules.
摘要翻译: 引导例程在计算机中通过引导位于第一可寻址位置的卷顶部文件(VTF)来初始化,该第一可寻址位置可以在初始化引导例程和卷顶部文件引导一组固件模块时访问。
-
公开(公告)号:US20150081257A1
公开(公告)日:2015-03-19
申请号:US14026372
申请日:2013-09-13
申请人: Shanwei Cen , Kirk D. Brannock
发明人: Shanwei Cen , Kirk D. Brannock
IPC分类号: G06F21/57
CPC分类号: G06F21/575 , G06F21/82
摘要: Methods and systems may provide for receiving at a secure element of a system, during a boot process of the system, a first pairing authentication value from a pairing agent. In addition, a pairing key may be received from the pairing agent, wherein the first pairing authentication value and the pairing key may be used to establish a trusted channel between the secure element and an input output (IO) device coupled to the system. In one example, the first pairing authentication value is accepted only if the first pairing authentication value is received prior to a predetermined stage of the boot process.
摘要翻译: 方法和系统可以提供在系统的引导过程中在系统的安全元件处接收来自配对代理的第一配对认证值。 另外,可以从配对代理接收配对密钥,其中第一配对认证值和配对密钥可以用于建立安全元件与耦合到系统的输入输出(IO)设备之间的信任信道。 在一个示例中,仅当在引导过程的预定阶段之前接收到第一配对认证值时才接受第一配对认证值。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.019 秒)
