公开(公告)号：US20060259487A1

公开(公告)日：2006-11-16

申请号：US11129872

申请日：2005-05-16

申请人： Darryl Havens ,  Arun Kishan ,  Richard Ward

发明人： Darryl Havens ,  Arun Kishan ,  Richard Ward

IPC分类号： G06F17/30

CPC分类号： G06F21/57 ,  G06F21/51

摘要： A secure process may be created which does not allow code to be injected into it, does not allow modification of its memory or inspection of its memory. The resources protected in a secure process include all the internal state and threads running in the secure process. Once a secure process is created, the secure process is protected from access by non-secure processes. Process creation occurs atomically in kernel mode. Creating the infrastructure of a process in kernel mode enables security features to be applied that are difficult or impossible to apply in user mode. By moving setup actions previously occurring in user mode (such as creating the initial thread, allocating the stack, initialization of the parameter block, environment block and context record) into kernel mode, the need of the caller for full access rights to the created process is removed. Instead, enough state is passed from the caller to the kernel with the first system call so that the kernel is able to perform the actions previously performed using a number of calls back and forth between caller and kernel. When the kernel returns the handle to the set-up process, some of the access rights accompanying the handle are not returned. Specifically, those access rights that enable the caller to inject threads, read/write virtual memory, and interrogate or modify state of the threads of the process are not returned to the caller.

摘要翻译： 可以创建不允许将代码注入其中的安全过程，不允许修改其存储器或检查其存储器。 在安全进程中保护的资源包括在安全进程中运行的所有内部状态和线程。 一旦创建了一个安全的进程，安全进程便受到非安全进程的访问保护。 进程创建在内核模式下以原子方式发生。 在内核模式下创建进程的基础架构可以应用在用户模式下难以应用的安全功能。 通过将先前发生在用户模式（如创建初始线程，分配堆栈，初始化参数块，环境块和上下文记录）的设置操作移动到内核模式，调用者需要对创建的进程进行完全访问权限 被删除。 相反，通过第一次系统调用，足够的状态从调用者传递到内核，以便内核能够使用调用者和内核之间的多个呼叫执行先前执行的操作。 当内核返回设置过程的句柄时，不会返回伴随句柄的一些访问权限。 具体来说，那些使呼叫者能够注入线程，读取/写入虚拟内存以及查询或修改进程的线程状态的访问权限不会返回给调用者。

公开(公告)号：US20060294522A1

公开(公告)日：2006-12-28

申请号：US11169071

申请日：2005-06-27

申请人： Darryl Havens

发明人： Darryl Havens

IPC分类号： G06F9/46

CPC分类号： G06F9/4887

摘要： A method and apparatus for enabling a general purpose operating system to maximize the probability of time-sensitive threads, e.g., multimedia threads, gaining access to CPU resources quickly enough to meet the demands of time-sensitive tasks while allowing time-insensitive threads to meet the demands of time-insensitive tasks, is disclosed. The priorities of time-sensitive threads in an operating system are adjusted so that the time-sensitive threads have a high probability of gaining access to CPU resources quickly enough to meet the demands of time-sensitive tasks while allowing time-insensitive threads to meet the demands of time-insensitive tasks. A system responsiveness cell (SRC) value is used to determine how quickly the operating system needs to respond to time-sensitive threads and time-insensitive threads. Priorities of threads are dynamically changed according to the relative CPU resource access requirements of system profile tasks. Criteria for mapping time-sensitive tasks are contained in system profile tasks. Priorities of cross-process groups of time-sensitive threads related to specific instances of tasks are adjusted according to the criteria in the system profile tasks. System profile tasks are stored in a system profile which may vary by machine. Priorities of system profile tasks are the regrouped priorities used by the operating system.

摘要翻译： 一种用于使通用操作系统能够最大化时间敏感线程（例如，多媒体线程）的可能性的方法和装置，以便快速获得对CPU资源的访问，足以满足时间敏感任务的需求，同时允许不敏感线程满足 披露了对时间不敏感任务的要求。 调整操作系统中时间敏感线程的优先级，使得时间敏感的线程具有很快获得CPU资源访问的可能性，足以满足时间敏感任务的需求，同时允许不敏感线程满足 对时间不敏感任务的要求。 系统响应单元（SRC）值用于确定操作系统需要快速响应时间敏感的线程和不受时间敏感的线程。 线程的优先级根据系统配置文件任务的相对CPU资源访问要求动态更改。 映射时间敏感任务的标准包含在系统配置文件任务中。 与特定任务实例相关的时间敏感线程的跨进程组优先级根据系统配置文件任务中的标准进行调整。 系统配置文件任务存储在可能因机器而异的系统配置文件中。 系统配置文件任务的优先级是操作系统使用的重组优先级。