Secure machine platform that interfaces to operating systems and customized control programs

    公开(公告)号:US07073059B2

    公开(公告)日:2006-07-04

    申请号:US10118646

    申请日:2002-04-08

    IPC分类号: G06F1/24

    摘要: A combined-hardware-and-software secure-platform interface to which operating systems and customized control programs interface within a computer system. The combined-hardware-and-software secure-platform interface employs a hardware platform that provides at least four privilege levels, non-privileged instructions, non-privileged registers, privileged instructions, privileged registers, and firmware interfaces. The combined-hardware-and-software secure-platform interface conceals all privileged instructions, privileged registers, and firmware interfaces and privileged registers from direct access by operating systems and custom control programs, providing to the operating systems and custom control programs the non-privileged instructions and non-privileged registers provided by the hardware platform as well as a set of callable software services. The callable services provide a set of secure-platform management services for operational control of hardware resources that neither exposes privileged instructions, privileged registers, nor firmware interfaces of the hardware nor simulates privileged instructions and privileged registers. The callable services also provide a set of security-management services that employ internally generated secret data, each compartmentalized security-management service managing internal secret data without exposing the internal secret data to computational entities other than the security-management service itself.

    Migrating a virtual machine in response to failure of an instruction to execute
    3.
    发明授权
    Migrating a virtual machine in response to failure of an instruction to execute 有权
    迁移虚拟机以响应执行指令的失败

    公开(公告)号:US07925923B1

    公开(公告)日:2011-04-12

    申请号:US12260787

    申请日:2008-10-29

    IPC分类号: G06F11/00

    摘要: A virtual machine is migrated from a first physical machine to a second physical machine in response to a failure of an instruction to execute. A migration constraint also is created which limits future migration of the virtual machine by a placement controller to only those physical machines that can execute the failed instruction.

    摘要翻译: 响应于执行指令的失败,虚拟机从第一物理机器迁移到第二物理机器。 还会创建迁移约束,限制将展示位置控制器将虚拟机进一步迁移到只能执行失败指令的物理机器。

    Method and apparatus for system caller authentication
    4.
    发明授权
    Method and apparatus for system caller authentication 有权
    用于系统呼叫者认证的方法和装置

    公开(公告)号:US07784063B2

    公开(公告)日:2010-08-24

    申请号:US10867048

    申请日:2004-06-14

    IPC分类号: G06F9/44 H04L29/06

    摘要: In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

    摘要翻译: 在本发明的各种实施例中,执行状态转换发生在系统的第一部分中,并且由系统的第二部分维护每个进程的累积执行状态,使得当调用第二部分例程时, 第二部分例程可以确定当前执行状态是否适合执行第二部分例程。 在各种实施例中,为每个进程分配和维护的调用点日志存储该进程的累积执行状态。 在一个实施例中,第一部分是操作系统,并且第二部分是安全内核,其中安全内核使用累积执行状态来防止通过错误或恶意调用的操作系统例程来非法访问以保护内核例程。 在另一个实施例中,累积执行状态被第二部分例程用作调试工具,以捕获第一部分例程的实现中的错误。

    Method and system for preventing current-privilege-level-information leaks to non-privileged code

    公开(公告)号:US20060023884A1

    公开(公告)日:2006-02-02

    申请号:US10909793

    申请日:2004-07-31

    申请人: Bret McKee

    发明人: Bret McKee

    IPC分类号: H04L9/00

    CPC分类号: G06F21/74 G06F21/556

    摘要: Various embodiments of the present invention introduce privilege-level mapping into a computer architecture not initially designed for supporting virtualization. Privilege-level mapping can, with relatively minor changes to processor logic, fully prevent privileged-level-information leaks by which non-privilege code can determine the current machine-level privilege level at which they are executing. In one embodiment of the present invention, a new privilege-level mapping register is introduced, and privilege-level mapping is enabled for all but code invoked by privileged-level-0-forcing hardware events.

    Method and system for preventing current-privilege-level-information leaks to non-privileged code
    6.
    发明授权
    Method and system for preventing current-privilege-level-information leaks to non-privileged code 有权
    用于防止当前特权级信息泄漏到非特权代码的方法和系统

    公开(公告)号:US07480797B2

    公开(公告)日:2009-01-20

    申请号:US10909793

    申请日:2004-07-31

    申请人: Bret McKee

    发明人: Bret McKee

    IPC分类号: H04L29/00 G06F9/46

    CPC分类号: G06F21/74 G06F21/556

    摘要: Various embodiments of the present invention introduce privilege-level mapping into a computer architecture not initially designed for supporting virtualization. Privilege-level mapping can, with relatively minor changes to processor logic, fully prevent privileged-level-information leaks by which non-privilege code can determine the current machine-level privilege level at which they are executing. In one embodiment of the present invention, a new privilege-level mapping register is introduced, and privilege-level mapping is enabled for all but code invoked by privileged-level-0-forcing hardware events.

    摘要翻译: 本发明的各种实施例将权限级别映射引入到最初未被设计用于支持虚拟化的计算机体系结构中。 特权级别映射可以对处理器逻辑进行相对较小的更改,完全防止非特权代码可以确定其正在执行的当前机器级权限级别的特权级信息泄漏。 在本发明的一个实施例中,引入了新的权限级别映射寄存器,并且对于所有代码,除了通过强制级别强制硬件事件调用的代码之外,还启用了权限级别映射。

    Method and system for caller authentication
    7.
    发明申请
    Method and system for caller authentication 有权
    呼叫方认证方法和系统

    公开(公告)号:US20050166208A1

    公开(公告)日:2005-07-28

    申请号:US10867048

    申请日:2004-06-14

    IPC分类号: G06F9/00 G06F21/00

    摘要: In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

    摘要翻译: 在本发明的各种实施例中,执行状态转换发生在系统的第一部分中,并且由系统的第二部分维护每个进程的累积执行状态,使得当调用第二部分例程时, 第二部分例程可以确定当前执行状态是否适合执行第二部分例程。 在各种实施例中,为每个进程分配和维护的调用点日志存储该进程的累积执行状态。 在一个实施例中,第一部分是操作系统,并且第二部分是安全内核,其中安全内核使用累积执行状态来防止通过错误或恶意调用的操作系统例程来非法访问以保护内核例程。 在另一个实施例中,累积执行状态被第二部分例程用作调试工具,以捕获第一部分例程的实现中的错误。

    Method and system for privilege-level-access to memory within a computer
    8.
    发明授权
    Method and system for privilege-level-access to memory within a computer 有权
    计算机内存权限级别访问的方法和系统

    公开(公告)号:US06745307B2

    公开(公告)日:2004-06-01

    申请号:US10001075

    申请日:2001-10-31

    申请人: Bret McKee

    发明人: Bret McKee

    IPC分类号: G06F1200

    CPC分类号: G06F12/1475 G06F12/1491

    摘要: Method and system for controlling areas of memory within a computer system to routines executing at a specific privilege levels in a modern computer architecture featuring protection keys, operating-system-routine calls and interrupts result in promotion of the current privilege level to the highest privilege level prior to dispatch to an operating system routine with concomitant demotion of the CPL Current Privilege Level to operating-system-privilege level. By partitioning the 24-bit protection queue space into multiple protection-key domains, each protection-key domain associated with a privilege level, and by invalidating protection-key registers during each protection of the current privilege level to a higher privilege level, regions of memory are provided that can only be accessed by routines running at low privilege levels and by routines at the highest privilege level, but not accessible to routines running at intermediate privilege levels.

    摘要翻译: 用于控制计算机系统内的存储器区域的方法和系统以在具有保护密钥,操作系统例程调用和中断的现代计算机体系结构中以特定特权级别执行的例程导致将当前特权级别提升到最高特权级别 在调度到操作系统程序之前,同时将CPL当前特权级别降级到操作系统权限级别。 通过将24位保护队列空间划分为多个保护关键域,每个与特权级别关联的保护密钥域,以及在将当前特权级别保护到更高权限级别期间使保护密钥寄存器无效, 提供的存储器只能由低权限级别运行的例程和最高特权级别的例程访问,但不能访问在中间特权级别运行的例程。