-
公开(公告)号:US09087200B2
公开(公告)日:2015-07-21
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
2.发明授权Switching between multiple operating systems (OSes) using sleep state management and sequestered re-baseable memory 有权在多个操作系统(OS)之间切换使用睡眠状态管理和隔离的可重新存储的内存公开(公告)号:US08843733B2
公开(公告)日:2014-09-23
申请号:US13567421
申请日:2012-08-06
申请人: David Durham
发明人: David Durham
CPC分类号: G06F12/0284 , G06F1/3203 , G06F9/4418
摘要: Embodiments of switching between multiple operating systems (OSes) using sleep state management and sequestered re-baseable memory are generally described herein. Embodiments of the invention allow one OS to be suspended into S3 or sleep mode, saving its state to memory and turning off its devices. Then, another sleeping OS can be resumed from another location in memory by switching a memory base addressed to a sequestered memory region and restoring its device state. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述使用休眠状态管理和隔离式可重新存储的存储器的多个操作系统(OS)之间切换的实施例。 本发明的实施例允许一个OS被暂停到S3或睡眠模式,将其状态保存到存储器并关闭其设备。 然后,通过切换寻址到隔离的存储器区域的存储器基座并恢复其器件状态,可以从存储器中的另一位置恢复另一个休眠OS。 可以描述和要求保护其他实施例。
-
公开(公告)号:US08752169B2
公开(公告)日:2014-06-10
申请号:US12059877
申请日:2008-03-31
申请人: Men Long , David Durham , Hormuzd Khosravi
发明人: Men Long , David Durham , Hormuzd Khosravi
CPC分类号: G06F21/566 , G06F21/50 , G06F21/56 , H04L51/12 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/144
摘要: A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
摘要翻译: 公开了一种方法和装置。 在一个实施例中,该方法包括确定尝试从第一计算机系统发送的分组具有可能包含垃圾邮件的人类通信消息的至少一部分。 该方法然后当分组内的时间戳中的第一时间值与耦合到第一计算机系统的人类输入设备的最新活动的第二时间值之间的时间差与阈值 时间差值。 如果垃圾邮件计数器超出垃圾邮件出站阈值,该方法也不允许将数据包发送到远程位置。
-
4.发明授权Generating multiple address space identifiers per virtual machine to switch between protected micro-contexts 有权为每个虚拟机生成多个地址空间标识符,以便在受保护的微上下文之间切换公开(公告)号:US08738889B2
公开(公告)日:2014-05-27
申请号:US13650227
申请日:2012-10-12
IPC分类号: G06F12/00
CPC分类号: G06F12/1027 , G06F12/145
摘要: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译: 公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。 在一个实施例中,一种方法包括接收需要地址转换的指令; 响应于接收到指令,从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中,所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个,多个虚拟分区标识符中的至少两个 与多个虚拟机中的一个相关联; 并重新启动页面散步。
-
5.发明授权Signed manifest for run-time verification of software program identity and integrity 有权用于软件程序身份和完整性的运行时验证的签名清单公开(公告)号:US08601273B2
公开(公告)日:2013-12-03
申请号:US13118017
申请日:2011-05-27
IPC分类号: H04L9/32
CPC分类号: G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要: A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program's source code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.
摘要翻译: 测量引擎执行主动平台观察。 程序包括一个完整性清单,用于指示程序源代码的一部分的完整性检查值。 测量引擎计算内存中程序映像的比较值,并确定比较值是否与预期的完整性校验值相匹配。 如果值不匹配,则确定程序的图像被修改,并且可以触发适当的补救动作。 完整性清单可以包括安全签名以验证完整性清单的有效性。
-
公开(公告)号:US20130159726A1
公开(公告)日:2013-06-20
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
IPC分类号: G06F21/72
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
7.发明授权Dynamic generation of integrity manifest for run-time verification of software program 有权动态生成软件程序的运行时验证的完整性清单公开(公告)号:US08364973B2
公开(公告)日:2013-01-29
申请号:US11967928
申请日:2007-12-31
申请人: Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
发明人: Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
IPC分类号: G06F21/00
摘要: A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.
摘要翻译: 测量引擎为软件程序生成完整性清单,并使用它来执行主动平台观察。 完整性清单表示程序代码的一部分的完整性检查值。 测量引擎计算内存中程序映像的比较值,并确定比较值是否与预期的完整性校验值相匹配。 如果值不匹配,则确定程序的图像被修改,并且可能触发适当的补救动作。
-
8.发明申请Switching Between Multiple Operating Systems (OSes) Using Sleep State Management And Sequestered Re-Baseable Memory 有权在多操作系统(OS)之间切换使用睡眠状态管理和隔离式可重新存储的内存公开(公告)号:US20120303947A1
公开(公告)日:2012-11-29
申请号:US13567421
申请日:2012-08-06
申请人: David Durham
发明人: David Durham
IPC分类号: G06F9/24
CPC分类号: G06F12/0284 , G06F1/3203 , G06F9/4418
摘要: Embodiments of switching between multiple operating systems (OSes) using sleep state management and sequestered re-baseable memory are generally described herein. Embodiments of the invention allow one OS to be suspended into S3 or sleep mode, saving its state to memory and turning off its devices. Then, another sleeping OS can be resumed from another location in memory by switching a memory base addressed to a sequestered memory region and restoring its device state. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述使用休眠状态管理和隔离式可重新存储的存储器的多个操作系统(OS)之间切换的实施例。 本发明的实施例允许一个OS被暂停到S3或睡眠模式,将其状态保存到存储器并关闭其设备。 然后,通过切换寻址到隔离的存储器区域的存储器基座并恢复其器件状态,可以从存储器中的另一位置恢复另一个休眠OS。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20120284525A1
公开(公告)日:2012-11-08
申请号:US13550583
申请日:2012-07-16
申请人: David Durham , Travis Schluessler , Raj Yavatkar , Vincent Zimmer , Carey Smith
发明人: David Durham , Travis Schluessler , Raj Yavatkar , Vincent Zimmer , Carey Smith
CPC分类号: G06F21/57 , G06F12/1433 , G06F21/575 , G06F21/64
摘要: A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region.
摘要翻译: 描述了使用多个子系统进行数据交叉验证的方法和装置。 根据本发明的一个实施例,计算机包括第一子系统和第二子系统; 以及存储器,所述存储器包括第一存储器区域和第二存储器区域,所述第一存储器区域与所述第一子系统相关联,以及与所述第二子系统相关联的第二存储器区域; 在计算机启动时,第一子系统用于验证第二存储器区域和第二子系统以验证第一存储器区域。
-
公开(公告)号:US08261065B2
公开(公告)日:2012-09-04
申请号:US11770067
申请日:2007-06-28
申请人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号: G06F21/00
CPC分类号: G06F21/52 , G06F9/4486
摘要: Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译: 公开了一种用于从第二功能限制多个代码的第一代码和第一函数的数据的访问的方法。 该方法包括通过第一功能调用第二功能,多个数据的地址可以被存储在堆栈页面中并以第一颜色(102)着色。 该方法包括在转换页面中执行访问控制检查,以验证第一功能是否具有调用第二功能的权限(104)。 此外,该方法包括通过使第二颜色(106)中的数据和/或地址着色来保护第一代码免受第二功能。 此外,该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数,第二函数的地址以第三颜色(108)着色,并且通过着色第一代码中的第一代码的地址来对第一代码进行保护 第一颜色(110)。
-
-
-
-
-
-
-
-
-
搜索结果
151 条记录 (耗时 0.037 秒)
