-
公开(公告)号:US20080022065A1
公开(公告)日:2008-01-24
申请号:US11490824
申请日:2006-07-21
申请人: Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
发明人: Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
IPC分类号: G06F12/00
CPC分类号: G06F12/1475 , G06F12/145
摘要: In one embodiment, the present invention includes a method for receiving a request from a caller code portion of a first color to color at least a portion of a stack with a second color, determining if the request is valid, and if so remapping the stack portion from a first mapping colored with the first color to a second mapping colored with the second color. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种方法,用于从第一颜色的呼叫者代码部分接收请求以对具有第二颜色的堆栈的至少一部分进行着色,确定请求是否有效,以及如果重新映射堆栈 从具有第一颜色的第一映射部分到第二颜色的第二映射。 描述和要求保护其他实施例。
-
32.发明申请GENERATING MULTIPLE ADDRESS SPACE IDENTIFIERS PER VIRTUAL MACHINE TO SWITCH BETWEEN PROTECTED MICRO-CONTEXTS 有权每个虚拟机产生多个地址空间识别器,以保护受保护的微控制器公开(公告)号:US20130036291A1
公开(公告)日:2013-02-07
申请号:US13650227
申请日:2012-10-12
IPC分类号: G06F12/10
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,一种方法包括接收需要地址转换的指令; 响应于接收到指令,从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中,所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个,多个虚拟分区标识符中的至少两个 与多个虚拟机中的一个相关联; 并重新启动页面散步。
-
公开(公告)号:US07512768B2
公开(公告)日:2009-03-31
申请号:US11490824
申请日:2006-07-21
申请人: Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
发明人: Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
CPC分类号: G06F12/1475 , G06F12/145
摘要: In one embodiment, the present invention includes a method for receiving a request from a caller code portion of a first color to color at least a portion of a stack with a second color, determining if the request is valid, and if so remapping the stack portion from a first mapping colored with the first color to a second mapping colored with the second color. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种方法,用于从第一颜色的呼叫者代码部分接收请求以对具有第二颜色的堆栈的至少一部分进行着色,确定请求是否有效,以及如果重新映射堆栈 从具有第一颜色的第一映射部分到第二颜色的第二映射。 描述和要求保护其他实施例。
-
公开(公告)号:US20080082722A1
公开(公告)日:2008-04-03
申请号:US11541474
申请日:2006-09-29
申请人: Uday Savagaonkar , Ravi Sahita , David Durham
发明人: Uday Savagaonkar , Ravi Sahita , David Durham
IPC分类号: G06F21/00
摘要: Methods, apparatuses, articles, and systems for observing, by a virtual machine manager of a physical device, execution of a target process of a virtual machine of the physical device, including virtual addresses of the virtual machine referenced during the execution, are described herein. The virtual machine manager further determines whether the target process is executing in an expected manner based at least in part on the observed virtual address references and expected virtual address references.
摘要翻译: 本文描述了由物理设备的虚拟机管理器观察物理设备的虚拟机的目标进程(包括在执行期间引用的虚拟机的虚拟地址)的方法,装置,物品和系统 。 虚拟机管理器进一步基于观察到的虚拟地址引用和预期的虚拟地址引用来进一步确定目标进程是否以预期的方式执行。
-
35.发明授权公开(公告)号:US08327359B2
公开(公告)日:2012-12-04
申请号:US13356918
申请日:2012-01-24
申请人: Ravi Sahita , Uday Savagaonkar
发明人: Ravi Sahita , Uday Savagaonkar
CPC分类号: G06F9/45533 , G06F21/51 , G06F21/57
摘要: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译: 本文描述了系统和方法,其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。 这可能会在初始运行时以及连续操作期间发生,并允许平台用户从各种供应商安装软件,而不会牺牲完整性测量,因此可以平台的可信赖性。
-
36.发明授权公开(公告)号:US08181025B2
公开(公告)日:2012-05-15
申请号:US11591258
申请日:2006-10-31
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: H04L9/32 , G06F12/14 , G06F11/30 , G06F1/00 , G06F7/04 , G06G7/48 , G06F9/46 , G06F9/455 , G06F1/32 , G06F12/08
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译: 用于管理代理的方法包括响应于注册请求验证代理的完整性。 在完整性验证期间为代理提供内存保护。 当代理商的注册已经完成时生成指示。 根据本发明的一个方面,提供存储器保护包括具有虚拟机监视器对代理的限制访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20120090016A1
公开(公告)日:2012-04-12
申请号:US13373957
申请日:2011-12-06
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
-
公开(公告)号:US07467285B2
公开(公告)日:2008-12-16
申请号:US11191468
申请日:2005-07-27
IPC分类号: G06F12/00
CPC分类号: G06F12/145 , G06F12/1009 , G06F21/52 , G06F21/554
摘要: Provided are a method, system, program and device for maintaining shadow page tables in a sequestered memory region. A first processor executing an application invokes a second processor to create a shadow page table used for address translation for the application in a sequestered memory region non-alterable by processes controlled by an operating system executed by the first processor. The shadow page table references at least one page in an operating system memory region accessible to processes controlled by the operating system.
摘要翻译: 提供了一种用于在隔离存储器区域中保持阴影页表的方法,系统,程序和设备。 执行应用的第一处理器调用第二处理器来创建用于经由由第一处理器执行的操作系统控制的进程不可修改的存储存储器区域中的应用的地址转换的影子页表。 影子页面表引用由操作系统控制的进程可访问的操作系统存储器区域中的至少一个页面。
-
39.发明申请METHOD AND APPARATUS FOR MANAGING PAGE TABLES FROM A NON-PRIVILEGED SOFTWARE DOMAIN 有权用于从非特权软件域管理页表的方法和装置公开(公告)号:US20080244573A1
公开(公告)日:2008-10-02
申请号:US11695021
申请日:2007-03-31
申请人: Ravi Sahita , Uday Savagaonkar , Paul Schmitz
发明人: Ravi Sahita , Uday Savagaonkar , Paul Schmitz
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/45583
摘要: A virtual machine monitor; and an executive virtual machine to manage page tables in place of the virtual machine monitor are described. Other embodiments may be described and claimed.
摘要翻译: 虚拟机监视器; 并且描述了代替虚拟机监视器来管理页表的执行器虚拟机。 可以描述和要求保护其他实施例。
-
40.发明申请公开(公告)号:US20150095617A1
公开(公告)日:2015-04-02
申请号:US14039663
申请日:2013-09-27
IPC分类号: G06F9/30
CPC分类号: G06F9/30054 , G06F9/30076 , G06F9/30181 , G06F9/3861 , G06F21/00
摘要: In an embodiment, the present invention includes a processor having a decode unit, an execution unit, and a retirement unit. The decode unit is to decode control transfer instructions and the execution unit is to execute control transfer instructions. The retirement unit is to retire a first control transfer instruction, and to raise a fault if a next instruction to be retired after the first control transfer instruction is not a second control transfer instruction and a target instruction of the first control transfer instruction is in code using the control transfer instructions.
摘要翻译: 在一个实施例中,本发明包括具有解码单元,执行单元和退休单元的处理器。 解码单元用于解码控制传输指令,执行单元执行控制传输指令。 退休单元将退出第一控制传输指令,并且如果在第一控制传输指令之后的下一指令不是第二控制传送指令并且第一控制传输指令的目标指令处于代码中,则引起故障 使用控制传输指令。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.026 秒)
