Systems and methods for data encryption using plugins within virtual systems and subsystems
    1.
    发明授权
    Systems and methods for data encryption using plugins within virtual systems and subsystems 有权
    使用虚拟系统和子系统中的插件进行数据加密的系统和方法

    公开(公告)号:US07987497B1

    公开(公告)日:2011-07-26

    申请号:US10794898

    申请日:2004-03-05

    摘要: Several embodiments of the present invention provide a means for improving data access security in computer systems to support high-security applications, and certain of these embodiments are specifically directed to providing sector-level encryption of a virtual hard disk in a virtual machine environment. More specifically, certain embodiments are directed to providing sector-level encryption by using plug-ins in a virtual machine environment, thereby providing improved data access security in a computer system that supports high-security applications. Certain embodiments also use encryption plug-ins associated with standard encryption software for exchanging data between a virtual machine (VM) and its associated virtual hard drive(s) (VHDs). Moreover, several embodiments of the present invention are directed to the use of plug-in encryption services that interface with, and provide services for, a VM via a VM Encryption API (or its equivalent).

    摘要翻译: 本发明的几个实施例提供了一种用于改善计算机系统中的数据访问安全性以支持高安全性应用的手段,并且这些实施例中的某些具体涉及在虚拟机环境中提供虚拟硬盘的扇区级加密。 更具体地,某些实施例旨在通过在虚拟机环境中使用插件来提供扇区级加密,从而在支持高安全性应用的计算机系统中提供改进的数据访问安全性。 某些实施例还使用与标准加密软件相关联的加密插件来在虚拟机(VM)及其相关联的虚拟硬盘驱动器(VHD)之间交换数据。 此外,本发明的若干实施例涉及使用通过VM加密API(或其等价物)与VM接口并为VM提供服务的插件加密服务。

    Method and System For Caching Address Translations From Multiple Address Spaces In Virtual Machines
    2.
    发明申请
    Method and System For Caching Address Translations From Multiple Address Spaces In Virtual Machines 有权
    用于从虚拟机中的多个地址空间缓存地址转换的方法和系统

    公开(公告)号:US20080215848A1

    公开(公告)日:2008-09-04

    申请号:US12098766

    申请日:2008-04-07

    IPC分类号: G06F12/10

    摘要: A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.

    摘要翻译: 通过影像页表虚拟化存储器的方法,其缓存来自虚拟机中的多个访客地址空间的转换,包括硬件标记的翻译后备缓冲器的软件版本。 通过拦截向客户页面表创建客户机可写映射,并通过缓存在阴影页表中的翻译来检测访客页面表的编辑。 受影响的缓存翻译被标记为陈旧,并被清除在地址空间开关或客人不加区别地翻译翻译。 因此,非陈旧的翻译仍保持高速缓存,但是陈旧的翻译将被丢弃。 该方法包括跟踪访客页面表的访客可写映射,将此类映射的发现推迟到访客页面表,直到当未跟踪的访客页面表的数量超过阈值时清除所有缓存的翻译,并共享阴影 阴影地址空间和虚拟处理器之间的页表。

    Systems and methods for running a legacy 32-bit x86 virtual machine on a 64-bit x86 processor
    3.
    发明授权
    Systems and methods for running a legacy 32-bit x86 virtual machine on a 64-bit x86 processor 有权
    用于在64位x86处理器上运行旧版32位x86虚拟机的系统和方法

    公开(公告)号:US07260702B2

    公开(公告)日:2007-08-21

    申请号:US10883496

    申请日:2004-06-30

    IPC分类号: G06F12/00 G06F9/44 G06F9/46

    摘要: The present invention provides a virtualized computing systems and methods for transitioning in real time between LONG SUPER-MODE and LEGACY SUPER-MODE in the x86-64 architecture. In doing so, a virtual machine, which relies on the traditional 32-bit modes, i.e., REAL MODE and PROTECTED MODE (V86 SUB-MODE, RING-0 SUB-MODE, and RING-3 SUB-MODE), is able to run alongside other applications on x86-64 computer hardware (i.e., 64-bit). The method of performing a temporary processor mode context switch includes the steps of the virtual machine monitor's setting up a “virtual=real” page, placing the transition code for performing the processor mode context switch on this page, jumping to this page, disabling the memory management unit (MMU) of the x86-64 computer hardware, modifying the mode control register to set either the LONG SUPER-MODE bit or LEGACY SUPER-MODE bit, loading a new page table, and reactivating the MMU of the x86-64 computer hardware.

    摘要翻译: 本发明提供了一种用于在x86-64架构中的LONG SUPER-MODE和LEGACY SUPER-MODE之间实时转换的虚拟化计算系统和方法。 这样做,依靠传统的32位模式,即REAL模式和PROTECTED MODE(V86 SUB-MODE,RING-0 SUB-MODE和RING-3 SUB-MODE)的虚拟机能够 与x86-64计算机硬件(即64位)上的其他应用程序一起运行。 执行临时处理器模式上下文切换的方法包括虚拟机监视器设置“虚拟=真实”页面的步骤,将用于执行处理器模式上下文切换的转换代码放置在该页面上,跳转到该页面,禁用 x86-64计算机硬件的存储器管理单元(MMU),修改模式控制寄存器以设置LONG SUPER-MODE位或LEGACY SUPER-MODE位,加载新的页表,并重新激活x86-64的MMU 电脑硬件。

    Systems and methods for instruction sequence compounding in a virtual machine environment
    4.
    发明授权
    Systems and methods for instruction sequence compounding in a virtual machine environment 有权
    虚拟机环境中指令序列复合的系统和方法

    公开(公告)号:US08504703B2

    公开(公告)日:2013-08-06

    申请号:US10882891

    申请日:2004-06-30

    IPC分类号: G06F15/16 G06F9/455

    摘要: The present invention is a system for and method of providing instruction sequence compounding by (1) the virtual machine monitor's (VMM) looking ahead when an initial trap (exception) event occurs and recognizing traps within successive nearby instructions, combining and virtually executing the effects of multiple instructions while remaining inside the VMM's trap handler, and thereby minimizing the number of individual traps that would otherwise occur at each instruction and/or (2) the VMM's looking ahead when an initial context switch event occurs and recognizing context switches within successive nearby instructions, virtually combining the effects of multiple instructions and handing off this combined instruction to the host operating system, and thereby minimizing the number of individual context switches that would otherwise occur at each instruction. As a result, the number of processor cycles is reduced for exception handling and context switching in a virtual machine environment.

    摘要翻译: 本发明是一种通过(1)当初始陷阱(异常)事件发生时向前看的虚拟机监视器(VMM)提供指令序列复合的系统和方法,并且在连续附近的指令内识别陷阱,组合并虚拟地执行该效果 的多个指令,同时保留在VMM的陷阱处理器内,从而最小化否则将在每个指令处发生的各个陷阱的数量和/或(2)当初始上下文切换事件发生时VMM的前瞻性并且在连续的附近识别上下文切换 指令,虚拟地组合多个指令的效果并将该组合指令移交给主机操作系统,从而最小化否则将在每个指令处发生的各个上下文切换的数量。 因此,虚拟机环境中的异常处理和上下文切换减少了处理器周期数。

    Optimized interrupt delivery in a virtualized environment
    5.
    发明申请
    Optimized interrupt delivery in a virtualized environment 有权
    在虚拟化环境中优化中断传递

    公开(公告)号:US20080141277A1

    公开(公告)日:2008-06-12

    申请号:US11635455

    申请日:2006-12-06

    IPC分类号: G06F13/24 G06F13/38

    摘要: Various operations are disclosed for improving the operational efficiency of interrupt handling in a virtualized environment. A virtualized interrupt controller may obviate the need for an explicit end-of-interrupt command by providing an automatic EOI capability even when a physical interrupt controller offers no such mechanism. The use of a message pending bit for inter-partition communications facilitates avoiding an EOI command of inter-processor interrupts used in inter-partition communications whenever no further messages are cued for a particular message slot. A virtualized interrupt controller facilitates the selective EOI of an interrupt even when it is not the highest priority in-service interrupt irrespective of whether a physical interrupt controller provides such functionality.

    摘要翻译: 公开了用于提高虚拟化环境中的中断处理的操作效率的各种操作。 即使当物理中断控制器不提供这样的机制时,虚拟化中断控制器也可以通过提供自动EOI功能来消除对显式终止中断命令的需要。 使用消息等待位进行分区间通信有助于避免在分组间通信中使用的处理器间中断的EOI命令,无论对于特定消息时隙没有进一步的消息被提示。 即使虚拟中断控制器不是最高优先级的在役中断,无论物理中断控制器是否提供这样的功能,虚拟中断控制器便于中断的选择性EOI。

    Systems and methods for development of emulated devices in a virtual machine environment
    7.
    发明授权
    Systems and methods for development of emulated devices in a virtual machine environment 有权
    用于在虚拟机环境中开发仿真设备的系统和方法

    公开(公告)号:US07580826B2

    公开(公告)日:2009-08-25

    申请号:US10883620

    申请日:2004-06-30

    摘要: The present invention discloses dynamically adding virtual devices to a virtual computing environment. The system described in the invention includes a virtualized computing system with a manifest, which further includes device lists and an external device directory, which provides users of the virtualized computing system with a directory for adding software plug-ins that contain specifications needed to add virtual devices to the virtual computing environment. Certain embodiments are specifically directed to providing a method of adding and configuring virtual devices. Certain embodiments are specifically directed to providing a method of operating a virtualized computing system wherein the host operating system and the virtual devices progress through a series of states, such as: initializing, powering up, loading a stored state, operating in normal state, saving state for future restoration, powering down, and tearing down and turning off.

    摘要翻译: 本发明公开了将虚拟设备动态地添加到虚拟计算环境。 本发明中描述的系统包括具有清单的虚拟化计算系统,其还包括设备列表和外部设备目录,其向虚拟化计算系统的用户提供用于添加软件插件的目录,所述目录包含添加虚拟 设备到虚拟计算环境。 某些实施例具体涉及提供一种添加和配置虚拟设备的方法。 某些实施例具体涉及提供一种操作虚拟化计算系统的方法,其中主机操作系统和虚拟设备通过一系列状态进行,例如:初始化,上电,加载存储状态,以正常状态运行,保存 未来恢复状态,断电,断电和关闭。

    Optimized interrupt delivery in a virtualized environment
    8.
    发明授权
    Optimized interrupt delivery in a virtualized environment 有权
    在虚拟化环境中优化中断传递

    公开(公告)号:US07533207B2

    公开(公告)日:2009-05-12

    申请号:US11635455

    申请日:2006-12-06

    IPC分类号: G06F9/48

    摘要: Various operations are disclosed for improving the operational efficiency of interrupt handling in a virtualized environment. A virtualized interrupt controller may obviate the need for an explicit end-of-interrupt command by providing an automatic EOI capability even when a physical interrupt controller offers no such mechanism. The use of a message pending bit for inter-partition communications facilitates avoiding an EOI command of inter-processor interrupts used in inter-partition communications whenever no further messages are cued for a particular message slot. A virtualized interrupt controller facilitates the selective EOI of an interrupt even when it is not the highest priority in-service interrupt irrespective of whether a physical interrupt controller provides such functionality.

    摘要翻译: 公开了用于提高虚拟化环境中的中断处理的操作效率的各种操作。 即使当物理中断控制器不提供这样的机制时,虚拟化中断控制器也可以通过提供自动EOI功能来消除对显式终止中断命令的需要。 使用消息等待位进行分区间通信有助于避免在分组间通信中使用的处理器间中断的EOI命令,无论对于特定消息时隙没有进一步的消息被提示。 即使虚拟中断控制器不是最高优先级的在役中断,无论物理中断控制器是否提供这样的功能,虚拟中断控制器便于中断的选择性EOI。