-
公开(公告)号:US08607009B2
公开(公告)日:2013-12-10
申请号:US11487031
申请日:2006-07-13
申请人: Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
发明人: Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
IPC分类号: G06F12/00
CPC分类号: G06F11/1469 , G06F9/4418 , G06F9/45558 , G06F11/1438 , G06F11/1482 , G06F11/1484 , G06F2009/45575 , G06F2201/815 , G06F2201/84
摘要: Various mechanisms are disclosed herein for the saving and restoring of virtual machine environment state. For example, virtual machine state can be either be saved or (multiple) snapshots can be taken of the virtual machine state. In the latter case, virtual processors can be allowed to run while the memory of the virtual machine state is being saved. In either case, virtual devices associated with the virtual machine environment can be quiesced such that these devices can prepare themselves to be saved. Once such virtual devices and memory are saved, they can also be restored. For example, restoration of memory can occur while virtual processors are running at the same time. And, moreover, restoration can occur in batches of pages, thus optimizing the response time for restoring saved data.
-
公开(公告)号:US08214828B2
公开(公告)日:2012-07-03
申请号:US11479228
申请日:2006-06-30
申请人: Douglas A. Watkins , Idan Avraham
发明人: Douglas A. Watkins , Idan Avraham
IPC分类号: G06F9/455
CPC分类号: G06F9/4555 , G06F9/45558 , G06F2009/45583
摘要: A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
摘要翻译: 用于管理共享计算环境的物理资源但运行在由虚拟化边界分隔的不同分区中的至少两个操作系统的软件模块的方法包括在指导分区的创建和管理的虚拟化子系统中累积模块信息。 累积的模块信息用于虚拟化边界,以管理软件模块的使用。 而且,用于管理软件模块的方法包括使至少两个操作系统意识到它们被托管在虚拟化计算环境中。
-
3.发明授权公开(公告)号:US07886353B2
公开(公告)日:2011-02-08
申请号:US11090547
申请日:2005-03-25
CPC分类号: G06F13/102 , G06F21/53 , G06F21/85 , G06F2213/0042
摘要: Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.
摘要翻译: 公开了用于使可信软件监视和控制与主机控制器和USB拓扑中的设备的安全扩展相关联的USB流量的系统和方法。 主机控制器代理从主机控制器驱动器接收USB相关数据,确定数据是否具有安全关注,如果是,则将数据发送到驱动程序,以在可信执行环境中执行安全扩展。 类似地,在可信执行环境中执行软件后,对HCD代理发送的数据进行评估并适当地处理从硬件安全扩展检索的数据,HCD代理从可信执行环境接收数据以进一步传播。
-
4.发明授权Using a USB host controller security extension for controlling changes in and auditing USB topology 失效使用USB主机控制器安全扩展来控制USB拓扑的更改和审核公开(公告)号:US07761618B2
公开(公告)日:2010-07-20
申请号:US11090582
申请日:2005-03-25
申请人: Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
发明人: Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
CPC分类号: G06F21/554 , G06F21/55 , G06F2221/2101
摘要: Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system's information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system's topology map matches the actual USB topology.
摘要翻译: 公开了保护计算机系统免受试图改变USB拓扑并确保系统有关USB拓扑的信息准确的攻击。 定义了一种软件模型,它与安全USB硬件一起提供了一种定义可以正确监控和控制哪个USB流量的策略的能力。 实施的策略通过软件评估和硬件编程的组合来提供对USB命令的控制。 评估合法的命令,并通过主机控制器将“允许”命令发送到USB设备。 非法命令被评估和阻止。 另外,USB拓扑被审计,以验证系统的拓扑图匹配实际的USB拓扑。
-
公开(公告)号:US20080005489A1
公开(公告)日:2008-01-03
申请号:US11480228
申请日:2006-06-30
申请人: Douglas A. Watkins , Idan Avraham
发明人: Douglas A. Watkins , Idan Avraham
IPC分类号: G06F13/00
CPC分类号: G06F9/44521 , G06F9/4555 , G06F9/45558 , G06F12/10 , G06F2009/45583
摘要: A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
-
公开(公告)号:US20080005488A1
公开(公告)日:2008-01-03
申请号:US11479228
申请日:2006-06-30
申请人: Douglas A. Watkins , Idan Avraham
发明人: Douglas A. Watkins , Idan Avraham
IPC分类号: G06F13/28
CPC分类号: G06F9/4555 , G06F9/45558 , G06F2009/45583
摘要: A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
摘要翻译: 用于管理共享计算环境的物理资源但运行在由虚拟化边界分隔的不同分区中的至少两个操作系统的软件模块的方法包括在指导分区的创建和管理的虚拟化子系统中累积模块信息。 累积的模块信息用于虚拟化边界,以管理软件模块的使用。 而且,用于管理软件模块的方法包括使至少两个操作系统意识到它们被托管在虚拟化计算环境中。
-
7.发明申请Providing a graphical user interface in a system with a high-assurance execution environment 有权在具有高保证执行环境的系统中提供图形用户界面公开(公告)号:US20050091486A1
公开(公告)日:2005-04-28
申请号:US10691759
申请日:2003-10-23
申请人: Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
发明人: Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
IPC分类号: G06F21/24 , G06F1/00 , G06F3/00 , G06F3/048 , G06F3/14 , G06F9/06 , G06F9/455 , G06F9/46 , G06F12/14 , G06F13/00 , G06F21/00 , G09G5/14 , H04L9/00
CPC分类号: G06F21/84
摘要: Techniques are disclosed to provide security for graphical user interface elements being displayed in a system in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Graphical user interface elements associated with the high-assurance operating system are prevented from being obscured and from any partial transparency. Additionally, a piece of secret information is stored which can be displayed upon command by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the display of all graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system, as opposed to impostor elements which are not. Where a windowing system is used, public title information is furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window is used only in the high assurance operating system.
摘要翻译: 公开了技术来提供在系统中显示的图形用户界面元素的安全性,其中第一主机操作系统与第二高保证操作系统一起使用,其中第一系统为第二系统提供至少一些基础设施 系统。 与高保证操作系统相关联的图形用户界面元素被防止被遮蔽并且不受任何部分透明度的影响。 此外,存储一个秘密信息,该秘密信息可以根据与高保证操作系统相关联的图形用户界面元素的命令显示。 与高保证操作系统相关联的所有图形用户界面元素的显示的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素,而不是冒号元素。 在使用窗口系统的情况下,将主题信息提供给主机操作系统窗口系统,以识别在高保证操作系统上运行的进程所拥有的窗口。 与同一窗口相关联的私有标题信息仅在高保证操作系统中使用。
-
公开(公告)号:US08447936B2
公开(公告)日:2013-05-21
申请号:US11480228
申请日:2006-06-30
申请人: Douglas A. Watkins , Idan Avraham
发明人: Douglas A. Watkins , Idan Avraham
IPC分类号: G06F12/00
CPC分类号: G06F9/44521 , G06F9/4555 , G06F9/45558 , G06F12/10 , G06F2009/45583
摘要: A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
摘要翻译: 用于管理共享计算环境的物理资源但运行在由虚拟化边界分隔的不同分区中的至少两个操作系统的软件模块的方法包括在指导分区的创建和管理的虚拟化子系统中累积模块信息。 累积的模块信息用于虚拟化边界,以管理软件模块的使用。 而且,用于管理软件模块的方法包括使至少两个操作系统意识到它们被托管在虚拟化计算环境中。
-
9.发明授权Providing a graphical user interface in a system with a high-assurance execution environment 有权在具有高保证执行环境的系统中提供图形用户界面公开(公告)号:US08122361B2
公开(公告)日:2012-02-21
申请号:US10691759
申请日:2003-10-23
CPC分类号: G06F21/84
摘要: Techniques are disclosed to provide security for graphical user interface elements being displayed in a system having a host operating system and a high assurance operating system. Graphical user interface elements associated with the high-assurance operating system may be prevented from being obscured and from any partial transparency. Additionally, a piece of secret information may be stored and displayed by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system. Public title information may be furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window may be used in the high assurance operating system.
摘要翻译: 公开了技术来提供在具有主机操作系统和高保证操作系统的系统中显示的图形用户界面元素的安全性。 可以防止与高保证操作系统相关联的图形用户界面元素被遮蔽和不受任何部分透明度影响。 此外,一个秘密信息可以由与高保证操作系统相关联的图形用户界面元素存储和显示。 与高保证操作系统相关联的图形用户界面元素的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素。 可以向主机操作系统窗口系统提供公开标题信息,以识别在高保证操作系统上运行的进程所拥有的窗口。 可以在高保证操作系统中使用与同一窗口相关联的私有标题信息。
-
10.发明授权Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US07882566B2
公开(公告)日:2011-02-01
申请号:US12323169
申请日:2008-11-25
IPC分类号: G06F12/14
摘要: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译: 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态,通过第二环境和安全执行环境的安全内核来定向用户输入流。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.021 秒)
