-
公开(公告)号:US07058768B2
公开(公告)日:2006-06-06
申请号:US10319148
申请日:2002-12-13
申请人: Bryan Mark Willman , Paul England , Marcus Peinado
发明人: Bryan Mark Willman , Paul England , Marcus Peinado
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.
-
公开(公告)号:US20060117169A1
公开(公告)日:2006-06-01
申请号:US11298033
申请日:2005-12-09
申请人: Marcus Peinado , Paul England , Bryan Willman
发明人: Marcus Peinado , Paul England , Bryan Willman
IPC分类号: G06F9/00
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
-
公开(公告)号:US20060095689A1
公开(公告)日:2006-05-04
申请号:US11299083
申请日:2005-12-09
申请人: Marcus Peinado , Paul England , Bryan Willman
发明人: Marcus Peinado , Paul England , Bryan Willman
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
-
公开(公告)号:US20050278531A1
公开(公告)日:2005-12-15
申请号:US11206579
申请日:2005-08-18
申请人: Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
发明人: Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
摘要: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
-
65.发明申请Integration of high-assurance features into an application through application factoring 有权通过应用程序保理将高保证功能集成到应用程序中公开(公告)号:US20050091661A1
公开(公告)日:2005-04-28
申请号:US10693749
申请日:2003-10-24
IPC分类号: G06F21/24 , G06F1/00 , G06F3/00 , G06F9/44 , G06F9/45 , G06F9/46 , G06F12/14 , G06F15/76 , G06F17/00 , G06F21/00 , G06F21/22
CPC分类号: G06F21/53
摘要: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
摘要翻译: 应用因子分解或分区用于将安全特征集成到常规应用中。 应用程序的功能根据给定操作是否涉及敏感数据的处理而分为两组。 创建独立的软件对象(处理器)来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器遇到安全数据时,该数据被发送到可信处理器。 以允许将数据路由到可信处理器的方式包装数据,并且防止数据被除可信处理器之外的任何实体解密。 提供了一个基础设施,用于包装对象,将它们路由到正确的处理器,并通过一系列信任来验证其完整性,并将其引导回已知可靠的基础组件。
-
公开(公告)号:US08744969B2
公开(公告)日:2014-06-03
申请号:US11866041
申请日:2007-10-02
申请人: Marcus Peinado , Paul England , Frank Yerrace
发明人: Marcus Peinado , Paul England , Frank Yerrace
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F2221/2107
摘要: Digital content is released to a rendering application for forwarding by such rendering application to an ultimate destination by way of a path therebetween. The path is defined by at least one module, and the digital content is initially in an encrypted form. An authentication of at least a portion of the path is performed to determine whether each defining module thereof is to be trusted to appropriately handle the digital content passing therethrough. The encrypted digital content is decrypted if in fact each such defining module is to be trusted, and the decrypted digital content is forwarded to the rendering application for further forwarding to the ultimate destination by way of the authenticated path.
摘要翻译: 数字内容被释放到呈现应用程序,用于通过这些渲染应用程序之间的路径转发到最终目的地。 该路径由至少一个模块定义,数字内容最初是加密形式。 执行路径的至少一部分的认证,以确定其每个定义模块是否被信任以适当地处理通过其中的数字内容。 如果实际上每个这样的定义模块都被信任,则加密的数字内容被解密,并且解密的数字内容被转发到呈现应用程序,以便通过认证路径进一步转发到最终目的地。
-
67.发明授权Secure processor architecture for use with a digital rights management (DRM) system on a computing device 有权与计算设备上的数字版权管理(DRM)系统一起使用的安全处理器架构公开(公告)号:US08065521B2
公开(公告)日:2011-11-22
申请号:US11754856
申请日:2007-05-29
申请人: Marcus Peinado , Paul England
发明人: Marcus Peinado , Paul England
IPC分类号: H04L29/06
CPC分类号: H04L63/0442 , G06F21/10 , G06F21/71 , G06F2221/2105 , H04L9/0897 , H04L9/3236 , H04L9/3263 , H04L63/068 , H04L63/0823 , H04L63/12 , H04L2209/603
摘要: A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.
摘要翻译: 安全处理器在正常和优选模式下可操作,并且包括当处理器进入优选模式时实例化的安全内核以及在优选模式期间由安全内核访问的安全密钥。 安全内核使用访问的安全密钥来认证安全应用程序,并允许处理器被信任以隐藏应用程序的秘密。 为了实例化应用程序,处理器进入可访问安全密钥的首选模式,并实例化和运行安全内核。 安全内核访问安全密钥并应用该密钥对应用程序的密钥进行解密,将解密的密钥存储在应用程序期望相同的位置,并实例化应用程序。 然后,处理器进入正常模式,其中安全密钥不可访问。
-
68.发明授权System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory 有权用于将第一计算环境与第二执行环境隔离的系统,同时通过将数据从第一部分复制到第二部分存储器来共享资源公开(公告)号:US07788669B2
公开(公告)日:2010-08-31
申请号:US10428279
申请日:2003-05-02
申请人: Paul England , Marcus Peinado , Bryan Mark Willman
发明人: Paul England , Marcus Peinado , Bryan Mark Willman
CPC分类号: G06F9/45537
摘要: Techniques are disclosed to support hosting of a first operating system by a second operating system, where the first system provides at least some of the infrastructure for the second system. A facility is provided whereby the second system can receive data from the first system without the first system being able to modify that data. The second system may use the first system's scheduler by creating shadow threads and synchronization objects known to the first system, while the second system makes the final decision as to whether a thread runs. Separate memory may be allocated to both systems at boot time, or dynamically during their operation. The techniques herein may be used to protect the second system from actions arising in the first system. Preferably, the interaction between the first and second systems is facilitated by a security monitor, which assists in protecting the second system from the first.
摘要翻译: 公开了技术来支持由第二操作系统托管第一操作系统,其中第一系统为第二系统提供至少一些基础设施。 提供了一种设施,其中第二系统可以从第一系统接收数据,而第一系统不能修改该数据。 第二系统可以通过创建第一系统已知的影子线程和同步对象来使用第一系统的调度器,而第二系统对线程是否运行做出最终决定。 分开的内存可能会在引导时分配给这两个系统,也可能在其操作期间动态分配。 这里的技术可以用于保护第二系统免受在第一系统中产生的动作。 优选地,通过安全监视器来促进第一和第二系统之间的相互作用,安全监视器有助于保护第二系统不受第一系统的影响。
-
公开(公告)号:US07752456B2
公开(公告)日:2010-07-06
申请号:US11557595
申请日:2006-11-08
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F11/30
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用对称密码,以允许只有一个或多个目标程序能够从密文获得数据的方式生成包含数据的密文。 根据其他方面,从呼叫程序接收到位串。 检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。 还验证数据的完整性,并使用对称密钥对数据进行解密。 只有当主叫程序被允许访问数据并且数据的完整性被成功验证时,才将数据返回给调用程序。
-
公开(公告)号:US07644246B2
公开(公告)日:2010-01-05
申请号:US11298033
申请日:2005-12-09
申请人: Marcus Peinado , Paul England , Bryan Mark Willman
发明人: Marcus Peinado , Paul England , Bryan Mark Willman
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
-
-
-
-
-
-
-
-
-
搜索结果
159 条记录 (耗时 0.036 秒)
