-
1.发明授权Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US07464412B2
公开(公告)日:2008-12-09
申请号:US10693061
申请日:2003-10-24
IPC分类号: G06F12/14
摘要: Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.
摘要翻译: 公开了技术来为用户输入提供安全性,其中第一主机操作系统与第二高保证操作系统一起使用,其中第一系统为第二系统提供至少一些基础设施。 提出了两种模式。 在第一模式中,用户数据被传递到主机操作系统。 在第二模式中,用户数据被保留在第二操作系统中,以便使用在第二操作系统上运行的第二操作系统或进程。 节点之间的转换可以根据诸如按键组合之类的假设的用户动作,或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。 在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下,可以通过阴影图形元素的编程激活来指示该程序化激活。
-
2.发明申请PROVIDING SECURE INPUT TO A SYSTEM WITH A HIGH-ASSURANCE EXECUTION ENVIROMENT 有权提供安全输入到具有高保证执行环境的系统公开(公告)号:US20090083862A1
公开(公告)日:2009-03-26
申请号:US12323169
申请日:2008-11-25
IPC分类号: G06F21/04
摘要: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译: 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态,通过第二环境和安全执行环境的安全内核来定向用户输入流。
-
3.发明授权Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US07882566B2
公开(公告)日:2011-02-01
申请号:US12323169
申请日:2008-11-25
IPC分类号: G06F12/14
摘要: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译: 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态,通过第二环境和安全执行环境的安全内核来定向用户输入流。
-
4.发明申请Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US20050091530A1
公开(公告)日:2005-04-28
申请号:US10693061
申请日:2003-10-24
申请人: Idan Avraham , Christine Chew , John Paff , Paul Roberts , Hirofumi Yamamoto
发明人: Idan Avraham , Christine Chew , John Paff , Paul Roberts , Hirofumi Yamamoto
摘要: Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.
摘要翻译: 公开了技术来为用户输入提供安全性,其中第一主机操作系统与第二高保证操作系统一起使用,其中第一系统为第二系统提供至少一些基础设施。 提出了两种模式。 在第一模式中,用户数据被传递到主机操作系统。 在第二模式中,用户数据被保留在第二操作系统中,以便使用在第二操作系统上运行的第二操作系统或进程。 节点之间的转换可以根据诸如按键组合之类的假设的用户动作,或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。 在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下,可以通过阴影图形元素的编程激活来指示该程序化激活。
-
5.发明授权Providing a graphical user interface in a system with a high-assurance execution environment 有权在具有高保证执行环境的系统中提供图形用户界面公开(公告)号:US08122361B2
公开(公告)日:2012-02-21
申请号:US10691759
申请日:2003-10-23
CPC分类号: G06F21/84
摘要: Techniques are disclosed to provide security for graphical user interface elements being displayed in a system having a host operating system and a high assurance operating system. Graphical user interface elements associated with the high-assurance operating system may be prevented from being obscured and from any partial transparency. Additionally, a piece of secret information may be stored and displayed by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system. Public title information may be furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window may be used in the high assurance operating system.
摘要翻译: 公开了技术来提供在具有主机操作系统和高保证操作系统的系统中显示的图形用户界面元素的安全性。 可以防止与高保证操作系统相关联的图形用户界面元素被遮蔽和不受任何部分透明度影响。 此外,一个秘密信息可以由与高保证操作系统相关联的图形用户界面元素存储和显示。 与高保证操作系统相关联的图形用户界面元素的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素。 可以向主机操作系统窗口系统提供公开标题信息,以识别在高保证操作系统上运行的进程所拥有的窗口。 可以在高保证操作系统中使用与同一窗口相关联的私有标题信息。
-
6.发明申请Providing a graphical user interface in a system with a high-assurance execution environment 有权在具有高保证执行环境的系统中提供图形用户界面公开(公告)号:US20050091486A1
公开(公告)日:2005-04-28
申请号:US10691759
申请日:2003-10-23
申请人: Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
发明人: Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
IPC分类号: G06F21/24 , G06F1/00 , G06F3/00 , G06F3/048 , G06F3/14 , G06F9/06 , G06F9/455 , G06F9/46 , G06F12/14 , G06F13/00 , G06F21/00 , G09G5/14 , H04L9/00
CPC分类号: G06F21/84
摘要: Techniques are disclosed to provide security for graphical user interface elements being displayed in a system in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Graphical user interface elements associated with the high-assurance operating system are prevented from being obscured and from any partial transparency. Additionally, a piece of secret information is stored which can be displayed upon command by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the display of all graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system, as opposed to impostor elements which are not. Where a windowing system is used, public title information is furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window is used only in the high assurance operating system.
摘要翻译: 公开了技术来提供在系统中显示的图形用户界面元素的安全性,其中第一主机操作系统与第二高保证操作系统一起使用,其中第一系统为第二系统提供至少一些基础设施 系统。 与高保证操作系统相关联的图形用户界面元素被防止被遮蔽并且不受任何部分透明度的影响。 此外,存储一个秘密信息,该秘密信息可以根据与高保证操作系统相关联的图形用户界面元素的命令显示。 与高保证操作系统相关联的所有图形用户界面元素的显示的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素,而不是冒号元素。 在使用窗口系统的情况下,将主题信息提供给主机操作系统窗口系统,以识别在高保证操作系统上运行的进程所拥有的窗口。 与同一窗口相关联的私有标题信息仅在高保证操作系统中使用。
-
公开(公告)号:US20080022032A1
公开(公告)日:2008-01-24
申请号:US11487031
申请日:2006-07-13
申请人: Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
发明人: Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
IPC分类号: G06F12/00
CPC分类号: G06F11/1469 , G06F9/4418 , G06F9/45558 , G06F11/1438 , G06F11/1482 , G06F11/1484 , G06F2009/45575 , G06F2201/815 , G06F2201/84
摘要: Various mechanisms are disclosed herein for the saving and restoring of virtual machine environment state. For example, virtual machine state can be either be saved or (multiple) snapshots can be taken of the virtual machine state. In the latter case, virtual processors can be allowed to run while the memory of the virtual machine state is being saved. In either case, virtual devices associated with the virtual machine environment can be quiesced such that these devices can prepare themselves to be saved. Once such virtual devices and memory are saved, they can also be restored. For example, restoration of memory can occur while virtual processors are running at the same time. And, moreover, restoration can occur in batches of pages, thus optimizing the response time for restoring saved data.
摘要翻译: 本文公开了用于保存和恢复虚拟机环境状态的各种机制。 例如,可以保存虚拟机状态,或者可以采用虚拟机状态的(多个)快照。 在后一种情况下,可以允许虚拟处理器在虚拟机状态的存储器被保存时运行。 在任一种情况下,与虚拟机环境相关联的虚拟设备都可以停顿,以便这些设备可以准备好自己保存。 一旦这样的虚拟设备和内存被保存,它们也可以恢复。 例如,当虚拟处理器同时运行时,可能会发生内存的恢复。 而且,还可以批量进行页面恢复,从而优化恢复保存的数据的响应时间。
-
8.发明申请公开(公告)号:US20060218409A1
公开(公告)日:2006-09-28
申请号:US11090547
申请日:2005-03-25
申请人: Idan Avraham , John Dunn , Constantyn Koeman , Mark Williams , David Wooten
发明人: Idan Avraham , John Dunn , Constantyn Koeman , Mark Williams , David Wooten
IPC分类号: G06F12/14
CPC分类号: G06F13/102 , G06F21/53 , G06F21/85 , G06F2213/0042
摘要: Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.
摘要翻译: 公开了用于使可信软件监视和控制与主机控制器和USB拓扑中的设备的安全扩展相关联的USB流量的系统和方法。 主机控制器代理从主机控制器驱动器接收USB相关数据,确定数据是否具有安全关注,如果是,则将数据发送给驱动程序,以在可信执行环境中执行安全扩展。 类似地,在可信执行环境中执行软件后,对HCD代理发送的数据进行评估并适当地处理从硬件安全扩展检索的数据,HCD代理从可信执行环境接收数据以进一步传播。
-
公开(公告)号:US08447936B2
公开(公告)日:2013-05-21
申请号:US11480228
申请日:2006-06-30
申请人: Douglas A. Watkins , Idan Avraham
发明人: Douglas A. Watkins , Idan Avraham
IPC分类号: G06F12/00
CPC分类号: G06F9/44521 , G06F9/4555 , G06F9/45558 , G06F12/10 , G06F2009/45583
摘要: A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
摘要翻译: 用于管理共享计算环境的物理资源但运行在由虚拟化边界分隔的不同分区中的至少两个操作系统的软件模块的方法包括在指导分区的创建和管理的虚拟化子系统中累积模块信息。 累积的模块信息用于虚拟化边界,以管理软件模块的使用。 而且,用于管理软件模块的方法包括使至少两个操作系统意识到它们被托管在虚拟化计算环境中。
-
公开(公告)号:US07475183B2
公开(公告)日:2009-01-06
申请号:US11299409
申请日:2005-12-12
申请人: Eric P. Traut , Idan Avraham , Matthew D. Hendel
发明人: Eric P. Traut , Idan Avraham , Matthew D. Hendel
IPC分类号: G06F12/10
CPC分类号: G06F9/45504
摘要: Provided are optimizations to the memory virtualization model employed in a virtual machine environment. An opportunistic hypervisor page mapping process is used in order to utilize large memory pages in a virtual machine environment. Using these optimizations, physical memory is being virtualized for the virtual machine in a manner that allows the operating system (OS) running within the virtual machine to take real and full advantage of large physical memory pages.
摘要翻译: 提供了在虚拟机环境中使用的内存虚拟化模型的优化。 为了在虚拟机环境中利用大的内存页,使用机会性管理程序页面映射过程。 使用这些优化,物理内存正以虚拟机虚拟化,从而允许虚拟机中运行的操作系统(OS)充分利用大型物理内存页面。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.025 秒)