-
1.发明授权Systems, methods and computer program products for bootstrapping a type 1 virtual machine monitor after operating system launch 有权用于在操作系统启动后引导1型虚拟机监视器的系统,方法和计算机程序产品公开(公告)号:US09323564B2
公开(公告)日:2016-04-26
申请号:US13995245
申请日:2011-12-28
CPC分类号: G06F9/45558 , G06F9/4401
摘要: Systems, methods, and computer program products that provide for the use of a type 2 VMM to de-link or isolate underlying processor hardware from an operating system. This may allow the launching of a task that requires direct access to processor hardware, where such access requires the absence of an operating system. Such a task may take the form of a type 1 VMM, such as an information security or integrity VMM, e.g., an anti-malware VMM.
摘要翻译: 提供使用2型VMM的操作系统,方法和计算机程序产品,用于将底层处理器硬件与操作系统解耦或隔离。 这可能允许启动需要直接访问处理器硬件的任务,其中这种访问需要不存在操作系统。 这样的任务可以采取类型1 VMM的形式,诸如信息安全性或完整性VMM,例如反恶意软件VMM。
-
2.发明申请SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING A TYPE 1 VIRTUAL MACHINE MONITOR AFTER OPERATING SYSTEM LAUNCH 有权运行系统启动后1型虚拟机监控器的系统,方法和计算机程序产品公开(公告)号:US20140223429A1
公开(公告)日:2014-08-07
申请号:US13995245
申请日:2011-12-28
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4401
摘要: Systems, methods, and computer program products that provide for the use of a type 2 VMM to de-link or isolate underlying processor hardware from an operating system. This may allow the launching of a task that requires direct access to processor hardware, where such access requires the absence of an operating system. Such a task may take the form of a type 1 VMM, such as an information security or integrity VMM, e.g., an anti-malware VMM.
摘要翻译: 提供使用2型VMM的操作系统,方法和计算机程序产品,用于将底层处理器硬件与操作系统解耦或隔离。 这可能允许启动需要直接访问处理器硬件的任务,其中这种访问需要不存在操作系统。 这样的任务可以采取类型1 VMM的形式,诸如信息安全性或完整性VMM,例如反恶意软件VMM。
-
3.发明申请TECHNOLOGIES FOR PREVENTING HOOK-SKIPPING ATTACKS USING PROCESSOR VIRTUALIZATION FEATURES 有权使用处理器虚拟化功能防止跳槽攻击的技术公开(公告)号:US20150379263A1
公开(公告)日:2015-12-31
申请号:US14318215
申请日:2014-06-27
IPC分类号: G06F21/56
摘要: Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.
摘要翻译: 用于监视系统API调用的技术包括具有硬件虚拟化支持的计算设备。 计算设备建立默认内存视图和安全内存视图来定义物理内存映射和权限。 计算设备在默认存储器视图中执行应用程序,并响应于对API函数的调用执行默认内联钩子。 默认内联挂钩将使用硬件支持切换到安全内存视图,而不会导致虚拟机退出。 安全内联钩调用安全回调函数来验证安全内存视图中的API函数调用。 通过将默认内存视图中的不可执行的API函数的内存页指定为不可执行的内存页,或者通过将应用程序的内存页指定为不可执行的方式,可以通过使用无操作指令填充默认内联钩来防止跳钩攻击 安全内存视图。 描述和要求保护其他实施例。
-
公开(公告)号:US20130191611A1
公开(公告)日:2013-07-25
申请号:US13734851
申请日:2013-01-04
IPC分类号: G06F12/10
CPC分类号: G06F12/1009 , G06F2212/151
摘要: Embodiments of techniques and systems for using substitute virtualized-memory page tables are described. In embodiments, a virtual machine monitor (VMM) may determine that a virtualized memory access to be performed by an instruction executing on a guest software virtual machine is not allowed in accordance with a current virtualized-memory page table (VMPT). The VMM may select a substitute VMPT that permits the virtualized memory access, In scenarios where a data access length for the instruction is known, the substitute VMPT may include full execute, read, and write permissions for the entire guest software address space. In scenarios where a data access length for the instruction is not known, the substitute VMPT may include less than full execute, read, and write permissions for the entire guest software address space, and may be modified to allow the requested virtualized memory access. Other embodiments may be described and claimed.
摘要翻译: 描述了使用替代虚拟化内存页表的技术和系统的实施例。 在实施例中,虚拟机监视器(VMM)可以根据当前的虚拟存储器页表(VMPT)来确定不允许通过在客户软件虚拟机上执行的指令执行的虚拟化存储器访问。 VMM可以选择允许虚拟化存储器访问的替代VMPT。在已知指令的数据访问长度的情况下,替代VMPT可以包括整个客户软件地址空间的完全执行,读取和写入权限。 在不知道指令的数据访问长度的情况下,替代VMPT可以包括对于整个客户软件地址空间的小于完全执行,读取和写入许可,并且可以被修改以允许所请求的虚拟存储器访问。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20140181888A1
公开(公告)日:2014-06-26
申请号:US13721912
申请日:2012-12-20
申请人: Hong C. Li , Mark D. Boucher , Conor P. Cahill , Manohar R. Castelino , Steve Orrin , Vinay Phegade , John E. Simpson, JR.
发明人: Hong C. Li , Mark D. Boucher , Conor P. Cahill , Manohar R. Castelino , Steve Orrin , Vinay Phegade , John E. Simpson, JR.
IPC分类号: G06F21/62
CPC分类号: H04L63/20 , G06F21/602 , G06F21/62 , G06F2221/2111 , H04L63/107
摘要: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.
摘要翻译: 装置,系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外,如果数据可远程访问,则数据可以分类为类别。 此外,安全策略可以基于该类别应用于数据。 在一个示例中,分离器可以基于类别将数据与其他数据分离,可以基于类别来加密/解密数据,和/或上下文信息,并且可以确定用户输入,以进一步基于 上下文信息和用户输入。
-
6.发明授权Secure handling of interrupted events utilizing a virtual interrupt definition table 有权使用虚拟中断定义表安全处理中断的事件公开(公告)号:US08578080B2
公开(公告)日:2013-11-05
申请号:US13175544
申请日:2011-07-01
CPC分类号: G06F13/24 , G06F9/45558 , G06F21/53 , G06F2009/45579
摘要: Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.
摘要翻译: 本公开的各种实施例可以描述用于减少由程序之间切换存储器页面许可视图而引起的系统延迟的方法,装置和系统,同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。
-
公开(公告)号:US10956571B2
公开(公告)日:2021-03-23
申请号:US14998060
申请日:2015-12-24
摘要: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.
-
8.发明授权公开(公告)号:US08479295B2
公开(公告)日:2013-07-02
申请号:US13076378
申请日:2011-03-30
CPC分类号: G06F21/54 , G06F11/3644 , G06F21/566
摘要: Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory.
摘要翻译: 通常,本公开描述了用于透明地测试计算机进程的系统和方法。 这些系统和方法被配置为允许检测可执行代码,同时允许旧的存储器扫描工具来监视存储在存储器中的相应的未被记录的可执行代码。
-
公开(公告)号:US20130007325A1
公开(公告)日:2013-01-03
申请号:US13175544
申请日:2011-07-01
IPC分类号: G06F13/24
CPC分类号: G06F13/24 , G06F9/45558 , G06F21/53 , G06F2009/45579
摘要: Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.
摘要翻译: 本公开的各种实施例可以描述用于减少由程序之间切换存储器页面许可视图而引起的系统延迟的方法,装置和系统,同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。
-
公开(公告)号:US20160085967A1
公开(公告)日:2016-03-24
申请号:US14494260
申请日:2014-09-23
CPC分类号: G06F21/56 , G06F12/1408 , G06F21/6218 , G06F21/64 , G06F2212/1052 , G06F2221/034 , G06F2221/2107 , H04L63/145
摘要: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.
摘要翻译: 各种实施例旨在使反恶意软件与操作系统的保护特征共存。 设备可以包括处理器组件,其包括存储IDT大小的指示的IDT寄存器; 监视部件,用于检索所述指示并响应于所述IDT寄存器的修改将所述指示与所述保护IDT的大小进行比较,以确定所述保护例程是否检查所述IDT和一组ISR; 以及高速缓存组件,用于分别基于所述确定并且在检查之前分别具有缓存的IDT和缓存的ISR集合来覆盖IDT和ISR集合,以防止保护例程检测到反恶意程序的修改, 在修改之前分别从IDT和ISR集合生成的缓存的IDT和缓存的ISR集合。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.018 秒)