公开(公告)号：US20170344494A1

公开(公告)日：2017-11-30

申请号：US15667540

申请日：2017-08-02

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/14 ,  G06F9/46 ,  G06F9/455

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US10169254B2

公开(公告)日：2019-01-01

申请号：US15667540

申请日：2017-08-02

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  G06F9/46 ,  G06F12/08

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US09990494B2

公开(公告)日：2018-06-05

申请号：US15269646

申请日：2016-09-19

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: G06F21/56 ,  G06F12/14 ,  G06F21/62 ,  G06F21/64 ,  H04L29/06

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

公开(公告)号：US20170286278A1

公开(公告)日：2017-10-05

申请号：US15087647

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino

IPC: G06F11/36 ,  G06F21/52 ,  G06F9/44

CPC classification number: G06F11/3688 ,  G06F8/70 ,  G06F9/45558 ,  G06F21/52 ,  G06F2009/45587 ,  G06F2221/033

Abstract: A copy is made of at least a part a stack. A caller return address of a calling function in the stack is verified as trusted. A caller return address of a called function in the stack is verified as matching a source address of the calling function in the copy of the stack. If verification is affirmative, then the called function may be executed in a trusted domain.

公开(公告)号：US20170142131A1

公开(公告)日：2017-05-18

申请号：US15269646

申请日：2016-09-19

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: H04L29/06 ,  G06F12/14

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

公开(公告)号：US09965403B2

公开(公告)日：2018-05-08

申请号：US14709369

申请日：2015-05-11

Applicant: INTEL CORPORATION

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  G06F12/08

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

公开(公告)号：US09852052B2

公开(公告)日：2017-12-26

申请号：US15087647

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Manohar R. Castelino

IPC: G06F9/44 ,  G06F11/36 ,  G06F21/52

CPC classification number: G06F11/3688 ,  G06F8/70 ,  G06F9/45558 ,  G06F21/52 ,  G06F2009/45587 ,  G06F2221/033

Abstract: A copy is made of at least a part a stack. A caller return address of a calling function in the stack is verified as trusted. A caller return address of a called function in the stack is verified as matching a source address of the calling function in the copy of the stack. If verification is affirmative, then the called function may be executed in a trusted domain.

公开(公告)号：US09449173B2

公开(公告)日：2016-09-20

申请号：US14494260

申请日：2014-09-23

Applicant: INTEL CORPORATION

Inventor： Ramesh Thomas ,  Manohar R. Castelino ,  Kuo-Lang Tseng

IPC: G06F21/56 ,  G06F12/14 ,  G06F21/64 ,  G06F21/62

CPC classification number: G06F21/56 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/145

Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.

Abstract translation: 各种实施例旨在使反恶意软件与操作系统的保护特征共存。 设备可以包括处理器组件，其包括存储IDT大小的指示的IDT寄存器; 监视部件，用于检索所述指示并响应于所述IDT寄存器的修改将所述指示与所述保护IDT的大小进行比较，以确定所述保护例程是否检查所述IDT和一组ISR; 以及高速缓存组件，用于分别基于所述确定并且在检查之前分别具有缓存的IDT和缓存的ISR集合来覆盖IDT和ISR集合，以防止保护例程检测到反恶意程序的修改， 在修改之前分别从IDT和ISR集合生成的缓存的IDT和缓存的ISR集合。 描述和要求保护其他实施例。

公开(公告)号：US09141559B2

公开(公告)日：2015-09-22

申请号：US13734834

申请日：2013-01-04

Applicant: Intel Corporation

Inventor： Ramesh Thomas ,  Kuo-Lang Tseng ,  Ravi L. Sahita ,  David M. Durham ,  Madhukar Tallam

IPC: G06F12/08 ,  G06F12/14 ,  G06F12/10

CPC classification number: G06F12/1458 ,  G06F9/45533 ,  G06F9/468 ,  G06F11/1484 ,  G06F11/2056 ,  G06F12/08 ,  G06F12/1009 ,  G06F12/1425 ,  G06F12/145 ,  G06F12/1483 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  G06F2201/84 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.

Abstract translation: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中，位于虚拟存储器系统中的两个存储器页面中的指令，使得页面中的一个不允许执行位于其中的指令，并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中，临时许可可来自修改的虚拟内存页表，允许执行的临时虚拟内存页表，和/或具有根访问的仿真器。 在实施例中，可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中，物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。