公开(公告)号：US08285987B1

公开(公告)日：2012-10-09

申请号：US12631099

申请日：2009-12-04

Applicant: William B. Kimball ,  Rusty O. Baldwin

Inventor： William B. Kimball ,  Rusty O. Baldwin

IPC: H04L29/06

CPC classification number: G06F21/14

Abstract: A method of emulation-based page granularity code signing comprising the steps of: copying guest operating system instructions and associated hash message authentication codes and/or digital signatures of each guest operating instruction from an untrusted guest operating system memory into a trusted host operating system memory; recomputing the hash message authentication codes using a secret key in the trusted host operating system memory; maintaining the secret key in the trusted host operating system memory and inaccessible by the untrusted guest operating system instructions; translating each guest operating system instruction that has a valid hash message authentication code to a set of host operating system instructions; executing the decrypted guest operating system instructions in the trusted host operating system; and modifying the guest operating system memory and registers when the set of translated host operating instructions executes in the trusted host operating system, such that it appears as if the original guest operating system instructions had been executed in the untrusted guest operating system.

Abstract translation: 一种基于仿真的页面粒度代码签名的方法，包括以下步骤：将客户操作系统指令和相关联的散列消息认证码和/或每个客户操作指令的数字签名从不受信任的客户操作系统存储器复制到可信主机操作系统存储器 ; 使用所述可信主机操作系统存储器中的秘密密钥重新计算所述散列消息认证码; 维护可信主机操作系统存储器中的秘密密钥并且由不受信任的客户操作系统指令访问不可访问; 将具有有效散列消息认证码的每个客户机操作系统指令转换成一组主机操作系统指令; 在所述可信主机操作系统中执行所述解密的客户操作系统指令; 以及在所述可信主机操作系统中执行所述翻译的主机操作指令的集合时，修改所述客户机操作系统存储器并进行注册，使得所述客户机操作系统的所述操作系统指令在所述不受信任的客户操作系统中已被执行。

公开(公告)号：US07906984B1

公开(公告)日：2011-03-15

申请号：US12393288

申请日：2009-02-26

Applicant: David P. Montminy ,  Rusty O. Baldwin ,  Paul D. Williams

Inventor： David P. Montminy ,  Rusty O. Baldwin ,  Paul D. Williams

IPC: H03K19/003

CPC classification number: H03K19/17732 ,  H03K19/17752 ,  H03K19/17756 ,  H03K19/17764

Abstract: A Field Programmable Gate Array (FPGA) circuit capable of operating through at least one fault. The FPGA circuit includes a configuration memory and an embedded microprocessor. The embedded microprocessor having access to the configuration memory, static modules, at least one relocatable module, and at least one spare module. The relocatable module being relocatable from a first target area to a second target area. The relocatable module being relocatable by manipulating a partial bitstream with the embedded microprocessor. The microprocessor calculating a plurality of bitstream changes, to relocate the at least one relocatable module using at least triple modular redundancy (TMR).

Abstract translation: 一种能够通过至少一个故障运行的现场可编程门阵列（FPGA）电路。 FPGA电路包括配置存储器和嵌入式微处理器。 嵌入式微处理器可访问配置存储器，静态模块，至少一个可重定位模块以及至少一个备用模块。 可重定位模块可从第一目标区域重新定位到第二目标区域。 可重定位模块可通过使用嵌入式微处理器操纵部分比特流来重新定位。 微处理器计算多个比特流改变，使用至少三重模块冗余（TMR）来重新定位至少一个可重定位模块。