-
公开(公告)号:US20120090016A1
公开(公告)日:2012-04-12
申请号:US13373957
申请日:2011-12-06
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
-
62.发明申请METHOD AND APPARATUS FOR MANAGING PAGE TABLES FROM A NON-PRIVILEGED SOFTWARE DOMAIN 有权用于从非特权软件域管理页表的方法和装置公开(公告)号:US20080244573A1
公开(公告)日:2008-10-02
申请号:US11695021
申请日:2007-03-31
申请人: Ravi Sahita , Uday Savagaonkar , Paul Schmitz
发明人: Ravi Sahita , Uday Savagaonkar , Paul Schmitz
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/45583
摘要: A virtual machine monitor; and an executive virtual machine to manage page tables in place of the virtual machine monitor are described. Other embodiments may be described and claimed.
摘要翻译: 虚拟机监视器; 并且描述了代替虚拟机监视器来管理页表的执行器虚拟机。 可以描述和要求保护其他实施例。
-
63.发明授权公开(公告)号:US08327359B2
公开(公告)日:2012-12-04
申请号:US13356918
申请日:2012-01-24
申请人: Ravi Sahita , Uday Savagaonkar
发明人: Ravi Sahita , Uday Savagaonkar
CPC分类号: G06F9/45533 , G06F21/51 , G06F21/57
摘要: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译: 本文描述了系统和方法,其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。 这可能会在初始运行时以及连续操作期间发生,并允许平台用户从各种供应商安装软件,而不会牺牲完整性测量,因此可以平台的可信赖性。
-
64.发明授权公开(公告)号:US08181025B2
公开(公告)日:2012-05-15
申请号:US11591258
申请日:2006-10-31
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: H04L9/32 , G06F12/14 , G06F11/30 , G06F1/00 , G06F7/04 , G06G7/48 , G06F9/46 , G06F9/455 , G06F1/32 , G06F12/08
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译: 用于管理代理的方法包括响应于注册请求验证代理的完整性。 在完整性验证期间为代理提供内存保护。 当代理商的注册已经完成时生成指示。 根据本发明的一个方面,提供存储器保护包括具有虚拟机监视器对代理的限制访问。 描述和要求保护其他实施例。
-
65.发明申请公开(公告)号:US20150095617A1
公开(公告)日:2015-04-02
申请号:US14039663
申请日:2013-09-27
IPC分类号: G06F9/30
CPC分类号: G06F9/30054 , G06F9/30076 , G06F9/30181 , G06F9/3861 , G06F21/00
摘要: In an embodiment, the present invention includes a processor having a decode unit, an execution unit, and a retirement unit. The decode unit is to decode control transfer instructions and the execution unit is to execute control transfer instructions. The retirement unit is to retire a first control transfer instruction, and to raise a fault if a next instruction to be retired after the first control transfer instruction is not a second control transfer instruction and a target instruction of the first control transfer instruction is in code using the control transfer instructions.
摘要翻译: 在一个实施例中,本发明包括具有解码单元,执行单元和退休单元的处理器。 解码单元用于解码控制传输指令,执行单元执行控制传输指令。 退休单元将退出第一控制传输指令,并且如果在第一控制传输指令之后的下一指令不是第二控制传送指令并且第一控制传输指令的目标指令处于代码中,则引起故障 使用控制传输指令。
-
公开(公告)号:US08555380B2
公开(公告)日:2013-10-08
申请号:US12039486
申请日:2008-02-28
IPC分类号: G06F11/00
CPC分类号: G06F9/4484 , G06F2209/542
摘要: A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded.
摘要翻译: 提供了一种用于自动修改软件代理的可执行文件的方法。 该方法包括检测可执行文件中的原始静态入口点和出口点,并产生相应的变换点; 通过将可执行文件链接到完整性服务环境并嵌入签名的代理清单来修改可执行文件; 将修改的可执行文件加载到存储器中并且与所述软件代理的管理程序注册目标列表,其中所述目标列表提供受保护页面和活动页面表之间的映射; 检测可执行文件中的动态入口点和出口点,并生成相应的转换点; 响应于被转换的退出点被调用,切换到受保护的上下文,并且响应于被转换的入口点被切换到活动上下文; 以及响应于所述软件代理被卸载,将所述软件代理与所述存储器保护模块取消注册。
-
67.发明申请公开(公告)号:US20120124579A1
公开(公告)日:2012-05-17
申请号:US13356918
申请日:2012-01-24
申请人: Ravi Sahita , Uday Savagaonkar
发明人: Ravi Sahita , Uday Savagaonkar
CPC分类号: G06F9/45533 , G06F21/51 , G06F21/57
摘要: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译: 本文描述了系统和方法,其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。 这可能会在初始运行时以及连续操作期间发生,并允许平台用户从各种供应商安装软件,而不会牺牲完整性测量,因此可以平台的可信赖性。
-
公开(公告)号:US20080244758A1
公开(公告)日:2008-10-02
申请号:US11694548
申请日:2007-03-30
CPC分类号: G06F21/6218 , G06F21/57 , G06F21/70
摘要: An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.
摘要翻译: 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置,并且在一个实施例中包括虚拟机管理器,存储器保护模块和完整性测量管理器。 在另一实施例中,提供对一个或多个硬件设备的安全访问的方法可以包括:修改页表,验证设备驱动程序的完整性,以及如果设备驱动程序被验证,则向设备驱动程序提供存储器保护。
-
69.发明申请公开(公告)号:US20080244572A1
公开(公告)日:2008-10-02
申请号:US11694478
申请日:2007-03-30
申请人: Ravi Sahita , Uday Savagaonkar
发明人: Ravi Sahita , Uday Savagaonkar
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F21/51 , G06F21/57
摘要: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译: 本文描述了系统和方法,其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。 这可能会在初始运行时以及连续操作期间发生,并允许平台用户从各种供应商安装软件,而不会牺牲完整性测量,因此可以平台的可信赖性。
-
70.发明申请Method for adding integrity information to portable executable (PE) object files after compile and link steps 审中-公开在编译和链接步骤之后,将可靠性可执行文件(PE)对象文件中的完整性信息添加到方法中公开(公告)号:US20070192761A1
公开(公告)日:2007-08-16
申请号:US11355859
申请日:2006-02-15
IPC分类号: G06F9/45
CPC分类号: G06F21/53
摘要: A method and apparatus for adding integrity information to portable executable object files after compile and link steps is described. In one embodiment, the invention is a method. The method includes compiling and linking a portable executable file with a data section for aiding in integrity measurement of a measured program when the measured program is loaded into memory. The method further includes overwriting data fields of the data section with an offset before the file is loaded into the memory.
摘要翻译: 描述了在编译和链接步骤之后向便携式可执行目标文件添加完整性信息的方法和装置。 在一个实施例中,本发明是一种方法。 该方法包括在将测量的程序加载到存储器中时将可移植可执行文件与数据部分进行编译和链接,以帮助测量程序的完整性测量。 该方法还包括在将文件加载到存储器之前用偏移覆盖数据部分的数据字段。
-
-
-
-
-
-
-
-
-
搜索结果
143 条记录 (耗时 0.026 秒)
