-
1.发明授权Communication of information via a side-band channel, and use of same to verify positional relationship 失效通过边带通道进行信息通信,并使用它来验证位置关系公开(公告)号:US07493429B2
公开(公告)日:2009-02-17
申请号:US10759325
申请日:2004-01-16
申请人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
发明人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
CPC分类号: G06F21/606 , G06F21/85
摘要: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译: 本发明提供计算机系统中的组件之间的可靠的边带通信,从而可以避免使用系统总线。 两个组件可以通过除总线(例如,红外线端口,电线,未使用的引脚等)之外的方式连接,由此这些组件可以在不使用系统总线的情况下进行通信。 非总线通信信道可以被称为“边带”。 边带频道可以用于传达可能识别用户硬件(例如,公共密钥)的信息或用户可能不希望容易被公众容易地截获的其他信息。 通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。
-
公开(公告)号:US07457964B2
公开(公告)日:2008-11-25
申请号:US10771888
申请日:2004-02-04
CPC分类号: G06F21/10 , G06F21/606 , G06F2221/2129
摘要: A method is provided for a processor of a computing device to obtain a trusted identification of a hardware peripheral of the computing device, for the computing device and the peripheral to derive a set of shared keys, and for the processor to send trusted data to the peripheral.
摘要翻译: 提供了一种用于计算设备的处理器以获得计算设备的硬件外围设备的可信标识的方法,用于计算设备和外围设备以导出一组共享密钥,并且为了使处理器将可信数据发送到 外围设备
-
公开(公告)号:US07975117B2
公开(公告)日:2011-07-05
申请号:US10741629
申请日:2003-12-19
IPC分类号: G06F13/00
CPC分类号: G06F21/78 , G06F12/1425 , G06F12/1483
摘要: Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译: 多个客户机操作系统在计算机上运行,其中安全内核在客户机操作系统之间执行隔离策略。 排除向量定义了一组不能被直接存储器访问(DMA)设备访问的页面。 安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。 因此,允许来宾操作系统中的设备驱动程序直接控制DMA设备,而不会对这些设备进行虚拟化,同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。
-
公开(公告)号:USD539079S1
公开(公告)日:2007-03-27
申请号:US29232834
申请日:2005-06-24
申请人: Andrew John Thornton
设计人: Andrew John Thornton
-
公开(公告)号:US06871244B1
公开(公告)日:2005-03-22
申请号:US10085792
申请日:2002-02-28
CPC分类号: G06F13/102 , G06F13/4068
摘要: A system and method to facilitate communication between an associated bus, such as employs a standard bus protocol, and a connector to which a removable SFF device can be attached. A desired operating mode is selected based on the device attached at the connector, such as either to pass the protocol between the bus and device generally unchanged or to implement suitable protocol conversion for such communication. Thus, by configuring the SFF device to appear as device currently supported by the bus, the SFF device can operate at the connector with native operating system support.
摘要翻译: 一种促进诸如使用标准总线协议的关联总线之间的通信的系统和方法以及可移动SFF设备可以附接到的连接器。 基于附接在连接器处的设备来选择所需的操作模式,例如在总线和设备之间通常不改变协议以实现协议,或者为这种通信实现适当的协议转换。 因此,通过将SFF设备配置为当前由总线支持的设备,SFF设备可以在本地操作系统支持的连接器上运行。
-
公开(公告)号:US08700816B2
公开(公告)日:2014-04-15
申请号:US13368770
申请日:2012-02-08
IPC分类号: G06F3/00
CPC分类号: G06F9/45558 , G06F9/468 , G06F9/5077 , G06F2009/45579
摘要: Various aspects are disclosed herein for bounding the behavior of a non-privileged virtual machine that interacts with a device by creating a description of the device which indicates to a privileged authority (1) which operations on the device may have system-wide effects and (2) which operations have effects local to the device. The privileged authority may then permit or deny these actions. The privileged authority may also translate these actions into other actions with benign consequences.
摘要翻译: 本文公开了各种方面,以通过创建向特权机构指示的设备的描述来限制与设备交互的非特权虚拟机的行为(1)设备上的哪些操作可能具有系统范围的效果和( 2)哪些操作对设备本地具有影响。 特权当局可能会允许或否认这些行为。 特权当局也可将这些行为转化为具有良性后果的其他行动。
-
7.发明授权Efficient context switching of virtual processors by managing physical register states in a virtualized environment 有权通过管理虚拟化环境中的物理寄存器状态,对虚拟处理器进行有效的上下文切换公开(公告)号:US08296775B2
公开(公告)日:2012-10-23
申请号:US11701320
申请日:2007-01-31
CPC分类号: G06F9/45533 , G06F9/461
摘要: Various operations are disclosed for improving the operational efficiency of register handling in a virtualized environment. Some infrequently accessed software managed registers are managed lazily when switching contexts between virtual processors. The states of those registers are not saved on exit from a guest or restored on entry to the guest. Rather, guest accesses to those registers are intercepted. For some frequently accessed registers, register states are saved or restored only upon exit from a hypervisor to a different guest that that from which the hypervisor was entered. For enable-flag-gated registers, updates to a physical register value are not made unless the register is enabled. A shadow register cache may be used to speed accesses to some registers. When a shadowed register is modified, the new value is cached as a shadow copy in RAM and subsequent reads of the register are taken from the shadow copy.
摘要翻译: 公开了用于提高虚拟化环境中的寄存器处理的操作效率的各种操作。 在虚拟处理器之间切换上下文时,一些不经常访问的软件托管寄存器被懒惰地管理。 这些寄存器的状态不会保存在从guest虚拟机退出或在进入guest虚拟机后恢复。 相反,访问这些寄存器的访问被拦截。 对于一些经常访问的寄存器,寄存器状态仅在从虚拟机管理程序退出到进入虚拟机监控程序的不同客户端时被保存或恢复。 对于启用标志门控寄存器,除非启用寄存器,否则不会更新物理寄存器值。 影子寄存器缓存可用于加速对某些寄存器的访问。 当一个阴影寄存器被修改时,新的值被缓存为RAM中的卷影副本,并且从卷影副本中取出后续读取的寄存器。
-
公开(公告)号:USD523306S1
公开(公告)日:2006-06-20
申请号:US29229149
申请日:2005-05-03
申请人: Andrew John Thornton
设计人: Andrew John Thornton
-
公开(公告)号:US08635612B2
公开(公告)日:2014-01-21
申请号:US11119200
申请日:2005-04-29
IPC分类号: G06F9/455
CPC分类号: G06F9/45533
摘要: Systems and methods are provided, whereby partitions may become enlightened and discover the presence of a hypervisor. Several techniques of hypervisor discovery are discussed, such as detecting the presence of virtual processor registers (e.g. model specific registers or special-purpose registers) or the presence of virtual hardware devices. Upon discovery, information (code and/or data) may be injected in a partition by the hypervisor, whereby such injection allows the partition to call the hypervisor. Moreover, the hypervisor may present a versioning mechanism that allows the partition to match up the version of the hypervisor to its virtual devices. Next, once code and/or data is injected, calling conventions are established that allow the partition and the hypervisor to communicate, so that the hypervisor may perform some operations on behalf of the partition. Four exemplary calling conventions are considered: restartable instructions, a looping mechanism, shared memory transport, and synchronous or asynchronous processed packets. Last, cancellation mechanisms are considered, whereby partition requests may be cancelled.
摘要翻译: 提供了系统和方法,由此分区可能变得开明并发现管理程序的存在。 讨论了管理程序发现的几种技术,例如检测虚拟处理器寄存器(例如模型特定寄存器或专用寄存器)的存在或虚拟硬件设备的存在。 一旦发现,信息(代码和/或数据)可以由管理程序注入到分区中,由此这种注入允许分区调用管理程序。 此外,管理程序可以呈现允许分区将虚拟机管理程序的版本与其虚拟设备相匹配的版本控制机制。 接下来,一旦注入了代码和/或数据,就建立了允许分区和管理程序进行通信的调用约定,以便管理程序可以代表分区执行一些操作。 考虑四个示例性的呼叫约定:可重新启动的指令,循环机制,共享存储器传输和同步或异步处理的分组。 最后,考虑取消机制,从而可能会取消分区请求。
-
公开(公告)号:US20120144071A1
公开(公告)日:2012-06-07
申请号:US13368770
申请日:2012-02-08
IPC分类号: G06F3/00
CPC分类号: G06F9/45558 , G06F9/468 , G06F9/5077 , G06F2009/45579
摘要: Various aspects are disclosed herein for bounding the behavior of a non-privileged virtual machine that interacts with a device by creating a description of the device which indicates to a privileged authority (1) which operations on the device may have system-wide effects and (2) which operations have effects local to the device. The privileged authority may then permit or deny these actions. The privileged authority may also translate these actions into other actions with benign consequences.
摘要翻译: 本文公开了各种方面,以通过创建向特权机构指示的设备的描述来限制与设备交互的非特权虚拟机的行为(1)设备上的哪些操作可能具有系统范围的效果和( 2)哪些操作对设备本地具有影响。 特权当局可能会允许或否认这些行为。 特权当局也可将这些行为转化为具有良性后果的其他行动。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.02 秒)