-
1.发明授权Communication of information via a side-band channel, and use of same to verify positional relationship 失效通过边带通道进行信息通信,并使用它来验证位置关系公开(公告)号:US07493429B2
公开(公告)日:2009-02-17
申请号:US10759325
申请日:2004-01-16
申请人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
发明人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
CPC分类号: G06F21/606 , G06F21/85
摘要: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译: 本发明提供计算机系统中的组件之间的可靠的边带通信,从而可以避免使用系统总线。 两个组件可以通过除总线(例如,红外线端口,电线,未使用的引脚等)之外的方式连接,由此这些组件可以在不使用系统总线的情况下进行通信。 非总线通信信道可以被称为“边带”。 边带频道可以用于传达可能识别用户硬件(例如,公共密钥)的信息或用户可能不希望容易被公众容易地截获的其他信息。 通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。
-
公开(公告)号:US07457964B2
公开(公告)日:2008-11-25
申请号:US10771888
申请日:2004-02-04
CPC分类号: G06F21/10 , G06F21/606 , G06F2221/2129
摘要: A method is provided for a processor of a computing device to obtain a trusted identification of a hardware peripheral of the computing device, for the computing device and the peripheral to derive a set of shared keys, and for the processor to send trusted data to the peripheral.
摘要翻译: 提供了一种用于计算设备的处理器以获得计算设备的硬件外围设备的可信标识的方法,用于计算设备和外围设备以导出一组共享密钥,并且为了使处理器将可信数据发送到 外围设备
-
公开(公告)号:US07975117B2
公开(公告)日:2011-07-05
申请号:US10741629
申请日:2003-12-19
IPC分类号: G06F13/00
CPC分类号: G06F21/78 , G06F12/1425 , G06F12/1483
摘要: Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译: 多个客户机操作系统在计算机上运行,其中安全内核在客户机操作系统之间执行隔离策略。 排除向量定义了一组不能被直接存储器访问(DMA)设备访问的页面。 安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。 因此,允许来宾操作系统中的设备驱动程序直接控制DMA设备,而不会对这些设备进行虚拟化,同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。
-
4.发明授权Integration of high-assurance features into an application through application factoring 有权通过应用程序保理将高保证功能集成到应用程序中公开(公告)号:US07730318B2
公开(公告)日:2010-06-01
申请号:US10693749
申请日:2003-10-24
IPC分类号: H04L9/32
CPC分类号: G06F21/53
摘要: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
摘要翻译: 应用因子分解或分区用于将安全特征集成到常规应用中。 应用程序的功能根据给定操作是否涉及敏感数据的处理而分为两组。 创建独立的软件对象(处理器)来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器遇到安全数据时,该数据被发送到可信处理器。 以允许将数据路由到可信处理器的方式包装数据,并且防止数据被除可信处理器之外的任何实体解密。 提供了一个基础设施,用于包装对象,将它们路由到正确的处理器,并通过一系列信任来验证其完整性,并将其引导回已知可靠的基础组件。
-
5.发明授权Using limits on address translation to control access to an addressable entity 有权使用地址转换限制来控制对可寻址实体的访问公开(公告)号:US07565509B2
公开(公告)日:2009-07-21
申请号:US10286613
申请日:2002-11-01
申请人: Marcus Peinado , Paul England , Bryan Mark Willman
发明人: Marcus Peinado , Paul England , Bryan Mark Willman
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
摘要翻译: 数据存储资源可以通过物理地址和可选的虚拟地址来识别。 策略定义哪些资源是可访问的,哪些资源不可访问。 如果策略允许对资源的访问,则允许访问资源的请求,并且如果执行访问不会导致将虚拟地址分配给策略不允许访问的资源。 由于不允许访问的资源没有虚拟地址,因此可以允许在不咨询策略的情况下识别虚拟地址的资源的某些类型的访问请求。
-
6.发明授权Using limits on address translation to control access to an addressable entity 有权使用地址转换限制来控制对可寻址实体的访问公开(公告)号:US07650478B2
公开(公告)日:2010-01-19
申请号:US11299083
申请日:2005-12-09
申请人: Marcus Peinado , Paul England , Bryan Mark Willman
发明人: Marcus Peinado , Paul England , Bryan Mark Willman
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
摘要翻译: 数据存储资源可以通过物理地址和可选的虚拟地址来识别。 策略定义哪些资源是可访问的,哪些资源不可访问。 如果策略允许对资源的访问,则允许访问资源的请求,并且如果执行访问不会导致将虚拟地址分配给策略不允许访问的资源。 由于不允许访问的资源没有虚拟地址,因此可以允许在不咨询策略的情况下识别虚拟地址的资源的某些类型的访问请求。
-
7.发明授权Trusted data store for use in connection with trusted computer operating system 有权可信数据存储,用于与可信计算机操作系统连接公开(公告)号:US07269702B2
公开(公告)日:2007-09-11
申请号:US10456124
申请日:2003-06-06
申请人: Bryan Mark Willman , Paul England , Keith Kaplan , Alan Stuart Geller , Brian A. LaMacchia , Blair Brewster Dillaway , Marcus Peinado , Michael Alfred Aday , Selena Wilson
发明人: Bryan Mark Willman , Paul England , Keith Kaplan , Alan Stuart Geller , Brian A. LaMacchia , Blair Brewster Dillaway , Marcus Peinado , Michael Alfred Aday , Selena Wilson
IPC分类号: G06F12/14
CPC分类号: G06F21/78
摘要: A trusted data store is provided for use with a trusted element of a trusted operating system on a computing machine. In the trusted data store, a storage medium stores data in a pre-determined arrangement, where the data includes trusted data from the trusted element of the trusted operating system on the computing machine. An access controller writes data to and reads data from the storage medium, and a trust controller is interposed between the computing machine and the access controller. The trust controller allows only the trusted element to perform operations on the trusted data thereof on the storage medium.
摘要翻译: 提供了可信赖的数据存储器,用于与计算机器上的可信操作系统的可信元件一起使用。 在可信数据存储器中,存储介质以预定的布置存储数据,其中数据包括来自计算机器上的可信操作系统的可信元件的可信数据。 访问控制器将数据写入存储介质并从存储介质读取数据,并且信任控制器插在计算机和访问控制器之间。 信任控制器仅允许可信元素对存储介质上的可信数据执行操作。
-
公开(公告)号:US07058768B2
公开(公告)日:2006-06-06
申请号:US10319148
申请日:2002-12-13
申请人: Bryan Mark Willman , Paul England , Marcus Peinado
发明人: Bryan Mark Willman , Paul England , Marcus Peinado
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.
-
9.发明授权System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory 有权用于将第一计算环境与第二执行环境隔离的系统,同时通过将数据从第一部分复制到第二部分存储器来共享资源公开(公告)号:US07788669B2
公开(公告)日:2010-08-31
申请号:US10428279
申请日:2003-05-02
申请人: Paul England , Marcus Peinado , Bryan Mark Willman
发明人: Paul England , Marcus Peinado , Bryan Mark Willman
CPC分类号: G06F9/45537
摘要: Techniques are disclosed to support hosting of a first operating system by a second operating system, where the first system provides at least some of the infrastructure for the second system. A facility is provided whereby the second system can receive data from the first system without the first system being able to modify that data. The second system may use the first system's scheduler by creating shadow threads and synchronization objects known to the first system, while the second system makes the final decision as to whether a thread runs. Separate memory may be allocated to both systems at boot time, or dynamically during their operation. The techniques herein may be used to protect the second system from actions arising in the first system. Preferably, the interaction between the first and second systems is facilitated by a security monitor, which assists in protecting the second system from the first.
摘要翻译: 公开了技术来支持由第二操作系统托管第一操作系统,其中第一系统为第二系统提供至少一些基础设施。 提供了一种设施,其中第二系统可以从第一系统接收数据,而第一系统不能修改该数据。 第二系统可以通过创建第一系统已知的影子线程和同步对象来使用第一系统的调度器,而第二系统对线程是否运行做出最终决定。 分开的内存可能会在引导时分配给这两个系统,也可能在其操作期间动态分配。 这里的技术可以用于保护第二系统免受在第一系统中产生的动作。 优选地,通过安全监视器来促进第一和第二系统之间的相互作用,安全监视器有助于保护第二系统不受第一系统的影响。
-
公开(公告)号:US07644246B2
公开(公告)日:2010-01-05
申请号:US11298033
申请日:2005-12-09
申请人: Marcus Peinado , Paul England , Bryan Mark Willman
发明人: Marcus Peinado , Paul England , Bryan Mark Willman
IPC分类号: G06F12/00
CPC分类号: G06F12/145
摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
-
-
-
-
-
-
-
-
-
搜索结果
159 条记录 (耗时 0.033 秒)