中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

22 records (took 0.017 seconds)

    Systems and methods of controlling memory footprint
    11.
    发明授权
    Systems and methods of controlling memory footprint 有权

    公开(公告)号:US10445009B2

    公开(公告)日:2019-10-15

    申请号:US15639471

    申请日:2017-06-30

    Applicant: Intel Corporation

    Inventor: Graham Whaley Adriaan van de Ven Manohar R. Castelino Jose C. Venegas Munoz Samuel Ortiz

    IPC: G06F9/455 G06F3/06

    Abstract: Systems and methods that manage memory usage by a virtual machine are provided. These systems and methods compact the virtual machine's memory footprint, thereby promoting efficient use of memory and gaining performance benefits of increased data locality. In some embodiments, a guest operating system running within the virtual machine is enhanced to allocate its VM memory in a compact manner. The guest operating system includes a memory manager that is configured to reference an artificial access cost when identifying memory areas to allocate for use by applications. These access costs are described as being artificial because they are not representative of actual, hardware based access costs, but instead are fictitious costs that increase as the addresses of the memory areas increase. Because of these increasing artificial access costs, the memory manager identifies memory areas with lower addresses for allocation and use prior to memory areas with higher addresses.

    Platform security using processor assists
    12.
    发明授权
    Platform security using processor assists 有权

    公开(公告)号:US10248786B2

    公开(公告)日:2019-04-02

    申请号:US14998087

    申请日:2015-12-24

    Applicant: Intel Corporation

    Inventor: Harshawardhan Vipat Manohar R. Castelino Barry E. Huntley Kuo-Lang Tseng

    IPC: G06F21/55 G06F21/53 G06F21/62 G06F9/455

    Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.

    Technologies for multi-level virtualization
    13.
    发明授权
    Technologies for multi-level virtualization 有权

    公开(公告)号:US09747123B2

    公开(公告)日:2017-08-29

    申请号:US14866187

    申请日:2015-09-25

    Applicant: Intel Corporation

    Inventor: Jun Nakajima Asit K. Mallick Harshawardhan Vipat Madhukar Tallam Manohar R. Castelino

    IPC: G06F9/455

    CPC classification number: G06F9/45558 G06F2009/45575 G06F2009/45579 G06F2009/45583

    Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.

    Technologies for preventing hook-skipping attacks using processor virtualization features
    14.
    发明授权
    Technologies for preventing hook-skipping attacks using processor virtualization features 有权
    使用处理器虚拟化功能防止跳钩攻击的技术

    公开(公告)号:US09454676B2

    公开(公告)日:2016-09-27

    申请号:US14318215

    申请日:2014-06-27

    Applicant: Intel Corporation

    Inventor: Harshawardhan Vipat Manohar R. Castelino Ravi L. Sahita Sergio Rodriguez Vikas Gupta

    IPC: G06F11/00 G06F12/14 G06F12/16 G08B23/00 G06F21/79 G06F21/62

    CPC classification number: G06F21/79 G06F21/62

    Abstract: Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.

    Abstract translation: 用于监视系统API调用的技术包括具有硬件虚拟化支持的计算设备。 计算设备建立默认内存视图和安全内存视图来定义物理内存映射和权限。 计算设备在默认存储器视图中执行应用程序,并响应于对API函数的调用执行默认内联钩子。 默认内联挂钩将使用硬件支持切换到安全内存视图,而不会导致虚拟机退出。 安全内联钩调用安全回调函数来验证安全内存视图中的API函数调用。 通过将默认内存视图中的不可执行的API函数的内存页指定为不可执行的内存页,或者通过将应用程序的内存页指定为不可执行的方式,可以通过使用无操作指令填充默认内联钩来防止跳钩攻击 安全内存视图。 描述和要求保护其他实施例。

    Secure local web application data manager
    15.
    发明授权
    Secure local web application data manager 有权
    安全的本地Web应用程序数据管理器

    公开(公告)号:US09436838B2

    公开(公告)日:2016-09-06

    申请号:US13721912

    申请日:2012-12-20

    Applicant: Intel Corporation

    Inventor: Hong C. Li Mark D. Boucher Conor P. Cahill Manohar R. Castelino Steve Orrin Vinay Phegade John E. Simpson, Jr.

    IPC: H04L29/06 G06F21/62

    CPC classification number: H04L63/20 G06F21/602 G06F21/62 G06F2221/2111 H04L63/107

    Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

    Abstract translation: 装置,系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外,如果数据可远程访问,则数据可以分类为类别。 此外,安全策略可以基于该类别应用于数据。 在一个示例中,分离器可以基于类别将数据与其他数据分离,可以基于类别来加密/解密数据,和/或上下文信息,并且可以确定用户输入,以进一步基于 上下文信息和用户输入。

    TECHNIQUES FOR ENABLING CO-EXISTENCE OF MULTIPLE SECURITY MEASURES
    19.
    发明申请
    TECHNIQUES FOR ENABLING CO-EXISTENCE OF MULTIPLE SECURITY MEASURES 审中-公开

    公开(公告)号:US20170142131A1

    公开(公告)日:2017-05-18

    申请号:US15269646

    申请日:2016-09-19

    Applicant: Intel Corporation

    Inventor: Ramesh Thomas Manohar R. Castelino Kuo-Lang Tseng

    IPC: H04L29/06 G06F12/14

    CPC classification number: G06F21/56 G06F12/1408 G06F21/6218 G06F21/64 G06F2212/1052 G06F2221/034 G06F2221/2107 H04L63/145

    Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

    Platform security using processor assists
    20.
    发明申请
    Platform security using processor assists 审中-公开
    平台安全使用处理器协助

    公开(公告)号:US20160308903A1

    公开(公告)日:2016-10-20

    申请号:US14998087

    申请日:2015-12-24

    Applicant: Intel Corporation

    Inventor: Harshawardhan Vipat Manohar R. Castelino Barry E. Huntley Kuo-Lang Tseng

    IPC: H04L29/06

    CPC classification number: G06F21/552 G06F9/45541 G06F9/45558 G06F21/53 G06F21/629 G06F2009/45587

    Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.

    Abstract translation: 系统,装置和方法可以提供用于检测操作系统(OS)尝试访问非OS管理的资源,并且响应于该尝试,通过与所述客户端内核相关联的访客内核将访问事件注入平台安全组件 操作系统。 此外,可以基于来自平台安全组件的策略响应来对尝试做出响应。 在一个示例中,针对由安全虚拟机监视器(SVMM)设置的一个或多个扩展页表(EPT)权限检测到该尝试。 此外,将访问事件注入到平台安全组件中可以包括调用先前注册的策略回调。

Patent Agency Ranking