公开(公告)号：US20170344494A1

公开(公告)日：2017-11-30

申请号：US15667540

申请日：2017-08-02

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/14 ,  G06F9/46 ,  G06F9/455

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US10248786B2

公开(公告)日：2019-04-02

申请号：US14998087

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Harshawardhan Vipat ,  Manohar R. Castelino ,  Barry E. Huntley ,  Kuo-Lang Tseng

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/62 ,  G06F9/455

Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.

公开(公告)号：US20150301947A1

公开(公告)日：2015-10-22

申请号：US14755355

申请日：2015-06-30

Applicant: Intel Corporation

Inventor： Baohong Liu ,  Ritu Sood ,  Kuo-Lang Tseng ,  Madhukar Tallam

IPC: G06F12/10 ,  G06F9/455

CPC classification number: G06F12/1009 ,  G06F9/45558 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/145 ,  G06F2009/45583 ,  G06F2212/151 ,  G06F2212/657

Abstract: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.

Abstract translation: 公开了一种用于控制对虚拟化环境中的存储器页组的访问的发明的实施例。 在一个实施例中，处理器包括虚拟化单元和存储器管理单元。 虚拟化单元将处理器的控制转移到虚拟机。 存储器管理单元响应于尝试在虚拟机上执行存储在第一页面上的指令，执行通过寻呼结构寻找第二页面的页面，并且允许访问第二页面而不退出 虚拟机至少部分地基于在寻呼结构中对应于第二页的叶级别条目中设置一个位，并且在与寻呼结构的每个级别中的第一页对应的每个条目中设置相应的位。

公开(公告)号：US09965403B2

公开(公告)日：2018-05-08

申请号：US14709369

申请日：2015-05-11

Applicant: INTEL CORPORATION

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  G06F12/08

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US09449173B2

公开(公告)日：2016-09-20

申请号：US14494260

申请日：2014-09-23

Applicant: INTEL CORPORATION

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: G06F21/56 ,  G06F12/14 ,  G06F21/64 ,  G06F21/62

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

Abstract translation: 各种实施例旨在使反恶意软件与操作系统的保护特征共存。 设备可以包括处理器组件，其包括存储IDT大小的指示的IDT寄存器; 监视部件，用于检索所述指示并响应于所述IDT寄存器的修改将所述指示与所述保护IDT的大小进行比较，以确定所述保护例程是否检查所述IDT和一组ISR; 以及高速缓存组件，用于分别基于所述确定并且在检查之前分别具有缓存的IDT和缓存的ISR集合来覆盖IDT和ISR集合，以防止保护例程检测到反恶意程序的修改， 在修改之前分别从IDT和ISR集合生成的缓存的IDT和缓存的ISR集合。 描述和要求保护其他实施例。

公开(公告)号：US09141559B2

公开(公告)日：2015-09-22

申请号：US13734834

申请日：2013-01-04

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/08 ,  G06F12/14 ,  G06F12/10

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

Abstract translation: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中，位于虚拟存储器系统中的两个存储器页面中的指令，使得页面中的一个不允许执行位于其中的指令，并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中，临时许可可来自修改的虚拟内存页表，允许执行的临时虚拟内存页表，和/或具有根访问的仿真器。 在实施例中，可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中，物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。

公开(公告)号：US10169254B2

公开(公告)日：2019-01-01

申请号：US15667540

申请日：2017-08-02

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  G06F9/46 ,  G06F12/08

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US09990494B2

公开(公告)日：2018-06-05

申请号：US15269646

申请日：2016-09-19

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: G06F21/56 ,  G06F12/14 ,  G06F21/62 ,  G06F21/64 ,  H04L29/06

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

公开(公告)号：US20170142131A1

公开(公告)日：2017-05-18

申请号：US15269646

申请日：2016-09-19

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: H04L29/06 ,  G06F12/14

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

公开(公告)号：US20160308903A1

公开(公告)日：2016-10-20

申请号：US14998087

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Harshawardhan Vipat ,  Manohar R. Castelino ,  Barry E. Huntley ,  Kuo-Lang Tseng

IPC: H04L29/06

CPC classification number: G06F21/552 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/629 ,  G06F2009/45587

Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.

Abstract translation: 系统，装置和方法可以提供用于检测操作系统（OS）尝试访问非OS管理的资源，并且响应于该尝试，通过与所述客户端内核相关联的访客内核将访问事件注入平台安全组件 操作系统。 此外，可以基于来自平台安全组件的策略响应来对尝试做出响应。 在一个示例中，针对由安全虚拟机监视器（SVMM）设置的一个或多个扩展页表（EPT）权限检测到该尝试。 此外，将访问事件注入到平台安全组件中可以包括调用先前注册的策略回调。