-
31.发明申请GENERATING MULTIPLE ADDRESS SPACE IDENTIFIERS PER VIRTUAL MACHINE TO SWITCH BETWEEN PROTECTED MICRO-CONTEXTS 有权每个虚拟机产生多个地址空间识别器,以保护受保护的微控制器公开(公告)号:US20130036291A1
公开(公告)日:2013-02-07
申请号:US13650227
申请日:2012-10-12
IPC分类号: G06F12/10
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,一种方法包括接收需要地址转换的指令; 响应于接收到指令,从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中,所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个,多个虚拟分区标识符中的至少两个 与多个虚拟机中的一个相关联; 并重新启动页面散步。
-
32.发明申请SECURE PLATFORM VOUCHER SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权执行环境中软件组件的安全平台提供服务公开(公告)号:US20120226903A1
公开(公告)日:2012-09-06
申请号:US13412382
申请日:2012-03-05
申请人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
发明人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
IPC分类号: H04L29/06
CPC分类号: G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.
摘要翻译: 用于执行环境中的软件的安全平台凭证服务的设备,物品,方法和系统。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制仅通过认证的,授权和验证的软件组件进行访问的存储器区域。 配置远程实体或网关只需要知道平台的公钥或证书层次结构来接收任何组件的验证。 验证或凭证有助于向远程实体确保在平台或网络上运行的恶意软件无法访问配置的资料。 代表在受保护的内存区域中提供的经认证/授权/验证的软件组件的软件组件可访问的基础平台来锁定和解锁秘密。
-
公开(公告)号:US20120102285A1
公开(公告)日:2012-04-26
申请号:US13336913
申请日:2011-12-23
申请人: Uday Savagaonkar , Travis T. Schluessler , Hormuzd Khosravi , Ravi Sahita , Gayathri Nagabhushan , David Durham
发明人: Uday Savagaonkar , Travis T. Schluessler , Hormuzd Khosravi , Ravi Sahita , Gayathri Nagabhushan , David Durham
IPC分类号: G06F12/14
CPC分类号: G06F12/145
摘要: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.
摘要翻译: 根据所公开的实施例,提供了用于实现基于虚拟处理器的系统的硬件的方法,系统和装置,该系统检测对所识别的存储器区域的指定类型的存储器访问,并且响应于该检测产生虚拟机的中断 基于虚拟化处理器的系统的监视器(VMM)。
-
34.发明授权Secure platform voucher service for software components within an execution environment 有权在执行环境中的软件组件的安全平台凭证服务公开(公告)号:US08132003B2
公开(公告)日:2012-03-06
申请号:US11864573
申请日:2007-09-28
申请人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
发明人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
IPC分类号: H04L29/06
CPC分类号: G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要: Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译: 这里一般地描述用于执行环境中的软件组件的安全平台凭单服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 配置远程实体或网关只需要知道平台的公钥或证书层次结构,以便接收平台中任何组件的验证证明。 验证证明或凭证有助于向远程实体确保在平台或网络上运行的中间人,rootkit,间谍软件或其他恶意软件将无法访问所提供的资料。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。
-
35.发明申请METHOD AND APPARATUS ALLOWING SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER 有权从远程服务器允许数据存储设备扫描的方法和设备公开(公告)号:US20110289146A1
公开(公告)日:2011-11-24
申请号:US12785131
申请日:2010-05-21
申请人: Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
发明人: Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
IPC分类号: G06F15/167 , G06F12/00
摘要: A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value.
摘要翻译: 公开了允许从远程服务器扫描数据存储设备的方法和设备。 在一些实施例中,计算设备可以包括带外(OOB),其被配置为在第一时间对存储在数据存储设备的一个或多个扇区中的数据计算第一散列值; 接收使用通信电路的请求,以在第二时间之后的第二时间第二时间发送存储在数据存储装置的一个或多个扇区中的数据的一部分的请求; 在第二次计算存储在数据存储设备的一个或多个扇区中的数据的第二哈希值; 并且仅当所述第二散列值与所述第一散列值不匹配时,才使用所述通信电路来发送所请求的数据部分。
-
36.发明授权Apparatus and method for managing subscription requests for a network interface component 有权用于管理网络接口组件的订阅请求的装置和方法公开(公告)号:US08032660B2
公开(公告)日:2011-10-04
申请号:US12317896
申请日:2008-12-30
IPC分类号: G06F15/16
CPC分类号: G06F9/45558 , G06F2009/45595 , H04L63/0227 , H04L63/08
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a network interface component, and a management controller. The management controller may be configured to receive information related to a subscription request for a virtual machine, generate configuration information for the network interface component based on the subscription request, and provide the configuration information to the network interface component. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,网络接口部件和管理控制器。 管理控制器可以被配置为接收关于虚拟机的订阅请求的信息,基于订阅请求生成针对网络接口组件的配置信息,并将配置信息提供给网络接口组件。 公开和要求保护其他实施例。
-
37.发明申请公开(公告)号:US20110161677A1
公开(公告)日:2011-06-30
申请号:US12651432
申请日:2009-12-31
申请人: Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
发明人: Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要: Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译: 公开了系统,装置和方法,并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中,一种装置包括解码器,控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。 密码逻辑是对数据进行交易操作。
-
38.发明授权Tamper protection of software agents operating in a vitual technology environment methods and apparatuses 失效软件代理商的篡改保护在操作技术环境中的方法和设备公开(公告)号:US07882318B2
公开(公告)日:2011-02-01
申请号:US11529828
申请日:2006-09-29
申请人: Uday Savagaonkar , Ravi Sahita , David Durham , Hormuzd Khosravi
发明人: Uday Savagaonkar , Ravi Sahita , David Durham , Hormuzd Khosravi
IPC分类号: G06F13/10
CPC分类号: G06F12/145 , G06F12/1491 , G06F21/54 , G06F21/6218 , G06F21/79 , G06F2221/2141
摘要: Methods, apparatuses, articles, and systems for comparing a first security domain of a first memory page of a physical device to a second security domain of a second memory page of the physical device, the security domains being stored in one or more registers of a processor of the physical device, are described herein. Based on the comparison, the processor disallows an instruction from the first memory page to access the second memory page if the first security domain is different from the second security domain. Resultantly, software agents, in particular, critical software agents, may be protected in a virtual technology (VT) environment more efficiently and effectively.
摘要翻译: 用于将物理设备的第一存储器页面的第一安全域与物理设备的第二存储器页面的第二安全域进行比较的方法,设备,文章和系统,所述安全域被存储在物理设备的一个或多个寄存器中 物理设备的处理器。 基于比较,如果第一安全域与第二安全域不同,则处理器不允许来自第一存储器页的指令访问第二存储器页。 因此,软件代理,特别是关键软件代理,可以在虚拟技术(VT)环境中更有效和更有效地得到保护。
-
39.发明授权公开(公告)号:US07739724B2
公开(公告)日:2010-06-15
申请号:US11174205
申请日:2005-06-30
申请人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号: G06F21/00
CPC分类号: H04L63/10 , G06F2221/2141 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/0209 , H04L63/08 , H04L63/20
摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
-
公开(公告)号:USD600860S1
公开(公告)日:2009-09-22
申请号:US29278940
申请日:2007-04-13
申请人: David Durham
设计人: David Durham
-
-
-
-
-
-
-
-
-
搜索结果
142 条记录 (耗时 0.031 秒)
