-
公开(公告)号:US08813240B1
公开(公告)日:2014-08-19
申请号:US13483880
申请日:2012-05-30
申请人: Eric R. Northup
发明人: Eric R. Northup
CPC分类号: G06F21/554 , G06F9/45533 , G06F21/53 , G06F21/556 , H04L63/1441 , G06F21/55 , G06F21/552
摘要: Among other disclosed subject matter, a computer-implemented method includes executing a plurality of virtual machines on a physical machine, wherein a first virtual machine of the plurality of virtual machines executes an encryption process. Execution of a hostile process that is configured to compromise the encryption process is detected, wherein the hostile process executes in a second virtual machine of the plurality of virtual machines. Migrating at least the second virtual machine to a different second physical machine based on the detection of the execution of the hostile process.
摘要翻译: 在其他公开的主题中,计算机实现的方法包括在物理机器上执行多个虚拟机,其中多个虚拟机中的第一虚拟机执行加密处理。 检测到被配置为危害加密过程的恶意进程的执行,其中所述敌对进程在所述多个虚拟机中的第二虚拟机中执行。 基于对恶意进程的执行的检测,至少将第二虚拟机迁移到不同的第二物理机。
-
公开(公告)号:US09015838B1
公开(公告)日:2015-04-21
申请号:US13483863
申请日:2012-05-30
申请人: Eric R. Northup
发明人: Eric R. Northup
CPC分类号: G06F21/554 , G06F21/53 , H04L9/005
摘要: Among other disclosed subject matter, a computer-implemented method includes executing a virtual machine on a physical machine, wherein the virtual machine comprises a hardware virtualization of a data processing apparatus. Access to a clock is monitored, wherein the clock is associated with the physical machine. A determination is made that the virtual machine is executing a malicious process based on the count. Access to the clock is limited by the virtual machine based on the determination that the virtual machine is executing a malicious process.
摘要翻译: 在其他公开的主题中,计算机实现的方法包括在物理机器上执行虚拟机,其中虚拟机包括数据处理设备的硬件虚拟化。 监视对时钟的访问,其中时钟与物理机相关联。 确定虚拟机正在根据计数执行恶意进程。 基于虚拟机正在执行恶意进程的确定,对时钟的访问受到虚拟机的限制。
-
公开(公告)号:US20140282510A1
公开(公告)日:2014-09-18
申请号:US13830013
申请日:2013-03-14
申请人: Evan K. Anderson , Alexander Mohr , Joseph S. Beda, III , Michael H. Waychison , Cory T. Maccarrone , Eric R. Northup , Sanjeet Singh Mehat
发明人: Evan K. Anderson , Alexander Mohr , Joseph S. Beda, III , Michael H. Waychison , Cory T. Maccarrone , Eric R. Northup , Sanjeet Singh Mehat
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4555 , G06F2009/45595
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service bridges. In one aspect, a method includes a host operating system performs operations comprising: receiving, using one or more service bridges that execute in the host operating system, a plurality of requests from the one or more virtual machines, wherein each service bridge is associated with a different virtual machine of the one or more virtual machines, and wherein each request is a request to interface with one or more external services; modifying, using a respective service bridge, each request to be processed by the one or more external services; and providing each modified request from the respective service bridge to the one or more external services, where the respective service bridge communicates with the one or more external services over a network.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的用于服务桥的计算机程序。 一方面,一种方法包括主机操作系统执行操作,包括:使用在所述主机操作系统中执行的一个或多个服务桥接器接收来自所述一个或多个虚拟机的多个请求,其中每个服务桥与 所述一个或多个虚拟机的不同虚拟机,并且其中每个请求是与一个或多个外部服务接口的请求; 使用相应的服务桥修改由所述一个或多个外部服务处理的每个请求; 以及将来自相应服务网桥的每个经修改的请求提供给所述一个或多个外部服务,其中所述相应服务网桥通过网络与所述一个或多个外部服务通信。
-
公开(公告)号:US20130104234A1
公开(公告)日:2013-04-25
申请号:US13277063
申请日:2011-10-19
申请人: Eric R. Northup
发明人: Eric R. Northup
IPC分类号: G06F21/00
摘要: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.
摘要翻译: 在其他公开的主题中,计算机实现的方法包括初始化第一描述符表和第二描述符表。 第一描述符表与第一权限级别相关联,并且第二描述符表与不同于第一许可级别的第二权限级别相关联。 第一描述符表和第二描述符表与硬件处理器相关联,并由操作系统内核初始化。 响应于描述符表地址请求,该方法还包括提供与第一描述符表相关联的存储器地址。 描述符表地址请求由软件进程提供。 该方法还包括响应于更新请求更新第二描述符表。
-
公开(公告)号:US08826440B2
公开(公告)日:2014-09-02
申请号:US13277063
申请日:2011-10-19
申请人: Eric R. Northup
发明人: Eric R. Northup
IPC分类号: G06F7/04
摘要: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.
摘要翻译: 在其他公开的主题中,计算机实现的方法包括初始化第一描述符表和第二描述符表。 第一描述符表与第一权限级别相关联,并且第二描述符表与不同于第一许可级别的第二权限级别相关联。 第一描述符表和第二描述符表与硬件处理器相关联,并由操作系统内核初始化。 响应于描述符表地址请求,该方法还包括提供与第一描述符表相关联的存储器地址。 描述符表地址请求由软件进程提供。 该方法还包括响应于更新请求更新第二描述符表。
-
-
-
-
搜索结果
5 条记录 (耗时 0.016 秒)
