公开(公告)号：US09418220B1

公开(公告)日：2016-08-16

申请号：US12260762

申请日：2008-10-29

申请人： Bret McKee ,  Chris D Hyser ,  Robert D. Gardner ,  Brian Watson

发明人： Bret McKee ,  Chris D Hyser ,  Robert D. Gardner ,  Brian Watson

IPC分类号： G06F21/53 ,  G06F9/455

CPC分类号： G06F21/53 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/72 ,  G06F21/85 ,  G06F2009/45587

摘要： A system includes a memory and a controller. The controller controls access to the memory and is adapted to be programmed with a key that is associated with a context. The controller is adapted to, in response to a request to access the memory, perform a cryptographic function on data associated with the request based on the key.

摘要翻译： 系统包括存储器和控制器。 控制器控制对存储器的访问，并适于用与上下文相关联的密钥进行编程。 控制器适于响应于访问存储器的请求，对基于密钥的与请求相关联的数据执行加密功能。

公开(公告)号：US07784063B2

公开(公告)日：2010-08-24

申请号：US10867048

申请日：2004-06-14

申请人： John Worley ,  Daniel J. Magenheimer ,  Chris D. Hyser ,  Robert D. Gardner ,  Thomas W. Christian ,  Bret McKee ,  Christopher Worley ,  William S. Worley, Jr.

发明人： John Worley ,  Daniel J. Magenheimer ,  Chris D. Hyser ,  Robert D. Gardner ,  Thomas W. Christian ,  Bret McKee ,  Christopher Worley ,  William S. Worley, Jr.

IPC分类号： G06F9/44 ,  H04L29/06

CPC分类号： G06F21/52 ,  G06F11/3636 ,  G06F21/554 ,  G06F2221/2101

摘要： In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

摘要翻译： 在本发明的各种实施例中，执行状态转换发生在系统的第一部分中，并且由系统的第二部分维护每个进程的累积执行状态，使得当调用第二部分例程时， 第二部分例程可以确定当前执行状态是否适合执行第二部分例程。 在各种实施例中，为每个进程分配和维护的调用点日志存储该进程的累积执行状态。 在一个实施例中，第一部分是操作系统，并且第二部分是安全内核，其中安全内核使用累积执行状态来防止通过错误或恶意调用的操作系统例程来非法访问以保护内核例程。 在另一个实施例中，累积执行状态被第二部分例程用作调试工具，以捕获第一部分例程的实现中的错误。

公开(公告)号：US07073059B2

公开(公告)日：2006-07-04

申请号：US10118646

申请日：2002-04-08

申请人： William S. Worely, Jr. ,  John S. Worley ,  Daniel J. Magenheimer ,  Chris D. Hyser ,  Tom Christian ,  Bret McKee ,  Robert Gardner

发明人： William S. Worely, Jr. ,  John S. Worley ,  Daniel J. Magenheimer ,  Chris D. Hyser ,  Tom Christian ,  Bret McKee ,  Robert Gardner

IPC分类号： G06F1/24

CPC分类号： G06F9/4812 ,  G06F12/1491 ,  G06F21/575

摘要： A combined-hardware-and-software secure-platform interface to which operating systems and customized control programs interface within a computer system. The combined-hardware-and-software secure-platform interface employs a hardware platform that provides at least four privilege levels, non-privileged instructions, non-privileged registers, privileged instructions, privileged registers, and firmware interfaces. The combined-hardware-and-software secure-platform interface conceals all privileged instructions, privileged registers, and firmware interfaces and privileged registers from direct access by operating systems and custom control programs, providing to the operating systems and custom control programs the non-privileged instructions and non-privileged registers provided by the hardware platform as well as a set of callable software services. The callable services provide a set of secure-platform management services for operational control of hardware resources that neither exposes privileged instructions, privileged registers, nor firmware interfaces of the hardware nor simulates privileged instructions and privileged registers. The callable services also provide a set of security-management services that employ internally generated secret data, each compartmentalized security-management service managing internal secret data without exposing the internal secret data to computational entities other than the security-management service itself.

公开(公告)号：US07925923B1

公开(公告)日：2011-04-12

申请号：US12260787

申请日：2008-10-29

申请人： Chris D Hyser ,  Bret McKee

发明人： Chris D Hyser ,  Bret McKee

IPC分类号： G06F11/00

CPC分类号： G06F11/203 ,  G06F9/4856 ,  G06F9/5044 ,  G06F11/2035 ,  G06F2201/815

摘要： A virtual machine is migrated from a first physical machine to a second physical machine in response to a failure of an instruction to execute. A migration constraint also is created which limits future migration of the virtual machine by a placement controller to only those physical machines that can execute the failed instruction.

摘要翻译： 响应于执行指令的失败，虚拟机从第一物理机器迁移到第二物理机器。 还会创建迁移约束，限制将展示位置控制器将虚拟机进一步迁移到只能执行失败指令的物理机器。

公开(公告)号：US20060023884A1

公开(公告)日：2006-02-02

申请号：US10909793

申请日：2004-07-31

申请人： Bret McKee

发明人： Bret McKee

IPC分类号： H04L9/00

CPC分类号： G06F21/74 ,  G06F21/556

摘要： Various embodiments of the present invention introduce privilege-level mapping into a computer architecture not initially designed for supporting virtualization. Privilege-level mapping can, with relatively minor changes to processor logic, fully prevent privileged-level-information leaks by which non-privilege code can determine the current machine-level privilege level at which they are executing. In one embodiment of the present invention, a new privilege-level mapping register is introduced, and privilege-level mapping is enabled for all but code invoked by privileged-level-0-forcing hardware events.

公开(公告)号：US07480797B2

公开(公告)日：2009-01-20

申请号：US10909793

申请日：2004-07-31

申请人： Bret McKee

发明人： Bret McKee

IPC分类号： H04L29/00 ,  G06F9/46

CPC分类号： G06F21/74 ,  G06F21/556

摘要： Various embodiments of the present invention introduce privilege-level mapping into a computer architecture not initially designed for supporting virtualization. Privilege-level mapping can, with relatively minor changes to processor logic, fully prevent privileged-level-information leaks by which non-privilege code can determine the current machine-level privilege level at which they are executing. In one embodiment of the present invention, a new privilege-level mapping register is introduced, and privilege-level mapping is enabled for all but code invoked by privileged-level-0-forcing hardware events.

摘要翻译： 本发明的各种实施例将权限级别映射引入到最初未被设计用于支持虚拟化的计算机体系结构中。 特权级别映射可以对处理器逻辑进行相对较小的更改，完全防止非特权代码可以确定其正在执行的当前机器级权限级别的特权级信息泄漏。 在本发明的一个实施例中，引入了新的权限级别映射寄存器，并且对于所有代码，除了通过强制级别强制硬件事件调用的代码之外，还启用了权限级别映射。

公开(公告)号：US20050166208A1

公开(公告)日：2005-07-28

申请号：US10867048

申请日：2004-06-14

申请人： John Worley ,  Daniel Magenheimer ,  Chris Hyser ,  Robert Gardner ,  Thomas Christian ,  Bret McKee ,  Christopher Worley ,  William Worley

发明人： John Worley ,  Daniel Magenheimer ,  Chris Hyser ,  Robert Gardner ,  Thomas Christian ,  Bret McKee ,  Christopher Worley ,  William Worley

IPC分类号： G06F9/00 ,  G06F21/00

CPC分类号： G06F21/52 ,  G06F11/3636 ,  G06F21/554 ,  G06F2221/2101

摘要： In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

摘要翻译： 在本发明的各种实施例中，执行状态转换发生在系统的第一部分中，并且由系统的第二部分维护每个进程的累积执行状态，使得当调用第二部分例程时， 第二部分例程可以确定当前执行状态是否适合执行第二部分例程。 在各种实施例中，为每个进程分配和维护的调用点日志存储该进程的累积执行状态。 在一个实施例中，第一部分是操作系统，并且第二部分是安全内核，其中安全内核使用累积执行状态来防止通过错误或恶意调用的操作系统例程来非法访问以保护内核例程。 在另一个实施例中，累积执行状态被第二部分例程用作调试工具，以捕获第一部分例程的实现中的错误。

公开(公告)号：US06745307B2

公开(公告)日：2004-06-01

申请号：US10001075

申请日：2001-10-31

申请人： Bret McKee

发明人： Bret McKee

IPC分类号： G06F1200

CPC分类号： G06F12/1475 ,  G06F12/1491

摘要： Method and system for controlling areas of memory within a computer system to routines executing at a specific privilege levels in a modern computer architecture featuring protection keys, operating-system-routine calls and interrupts result in promotion of the current privilege level to the highest privilege level prior to dispatch to an operating system routine with concomitant demotion of the CPL Current Privilege Level to operating-system-privilege level. By partitioning the 24-bit protection queue space into multiple protection-key domains, each protection-key domain associated with a privilege level, and by invalidating protection-key registers during each protection of the current privilege level to a higher privilege level, regions of memory are provided that can only be accessed by routines running at low privilege levels and by routines at the highest privilege level, but not accessible to routines running at intermediate privilege levels.

摘要翻译： 用于控制计算机系统内的存储器区域的方法和系统以在具有保护密钥，操作系统例程调用和中断的现代计算机体系结构中以特定特权级别执行的例程导致将当前特权级别提升到最高特权级别 在调度到操作系统程序之前，同时将CPL当前特权级别降级到操作系统权限级别。 通过将24位保护队列空间划分为多个保护关键域，每个与特权级别关联的保护密钥域，以及在将当前特权级别保护到更高权限级别期间使保护密钥寄存器无效， 提供的存储器只能由低权限级别运行的例程和最高特权级别的例程访问，但不能访问在中间特权级别运行的例程。