-
公开(公告)号:US20090300307A1
公开(公告)日:2009-12-03
申请号:US12130159
申请日:2008-05-30
申请人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego Zamboni
发明人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego Zamboni
IPC分类号: G06F12/16
CPC分类号: G06F21/53 , G06F9/45541 , G06F9/45558 , G06F2009/45587
摘要: A virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least one of a memory module and a storage module of the computer system. At least one of read access and write access to at least one portion of the at least one of a memory module and a storage module is controlled, with the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner (that is, without rebooting the computer system) An additional aspect includes controlling installation of a security program from the virtualization layer.
摘要翻译: 在(i)计算机系统的操作系统和(ii)计算机系统的存储器模块和存储模块中的至少一个之间插入虚拟化层。 使用虚拟化层来控制对存储器模块和存储模块中的至少一个的至少一部分的读访问和写入访问中的至少一个。 虚拟化层的插入是以动态的方式实现的(即,不重新启动计算机系统)。另外的方面包括控制来自虚拟化层的安全程序的安装。
-
公开(公告)号:US20090192780A1
公开(公告)日:2009-07-30
申请号:US12022184
申请日:2008-01-30
申请人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego M. Zamboni
发明人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego M. Zamboni
CPC分类号: G06F9/45537 , G06F11/0712 , G06F11/0793
摘要: At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.
摘要翻译: 与具有多个硬件元件的计算机系统中的至少一个实际硬件元件相关联的至少一个异常被寻址。 检测到异常,并且响应于检测,在(i)计算机系统的操作系统和(ii)多个硬件元件之间插入虚拟化层。 通过虚拟化层在至少一个实际硬件元件上执行硬件仿真和/或选择性硬件激活/去激活。 虚拟化层的插入是以飞行方式实现的。
-
公开(公告)号:US09250942B2
公开(公告)日:2016-02-02
申请号:US12022184
申请日:2008-01-30
申请人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego M. Zamboni
发明人: Martim Carbone , Bernhard Jansen , HariGovind V. Ramasamy , Matthias Schunter , Axel Tanner , Diego M. Zamboni
CPC分类号: G06F9/45537 , G06F11/0712 , G06F11/0793
摘要: At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.
摘要翻译: 与具有多个硬件元件的计算机系统中的至少一个实际硬件元件相关联的至少一个异常被寻址。 检测到异常,并且响应于检测,在(i)计算机系统的操作系统和(ii)多个硬件元件之间插入虚拟化层。 通过虚拟化层在至少一个实际硬件元件上执行硬件仿真和/或选择性硬件激活/去激活。 虚拟化层的插入是以飞行方式实现的。
-
公开(公告)号:US08689007B2
公开(公告)日:2014-04-01
申请号:US12054860
申请日:2008-03-25
申请人: Matthias Schunter , Axel Tanner , Bernhard Jansen
发明人: Matthias Schunter , Axel Tanner , Bernhard Jansen
IPC分类号: G06F21/00
CPC分类号: G06F12/145 , G06F12/1491 , G06F21/64 , G06F21/79
摘要: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
摘要翻译: 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
-
公开(公告)号:US08276201B2
公开(公告)日:2012-09-25
申请号:US12020612
申请日:2008-01-28
申请人: Matthias Schunter , Axel Tanner , Bernhard Jansen
发明人: Matthias Schunter , Axel Tanner , Bernhard Jansen
IPC分类号: G06F21/00
CPC分类号: G06F12/145 , G06F12/1491 , G06F21/64 , G06F21/79
摘要: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
摘要翻译: 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
-
公开(公告)号:US20080235534A1
公开(公告)日:2008-09-25
申请号:US12054860
申请日:2008-03-25
申请人: Matthias Schunter , Axel Tanner , Bernhard Jansen
发明人: Matthias Schunter , Axel Tanner , Bernhard Jansen
CPC分类号: G06F12/145 , G06F12/1491 , G06F21/64 , G06F21/79
摘要: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
摘要翻译: 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
-
公开(公告)号:US20100017866A1
公开(公告)日:2010-01-21
申请号:US12175503
申请日:2008-07-18
IPC分类号: H04L9/32
CPC分类号: H04L9/3234
摘要: A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.
摘要翻译: 在(i)计算机系统的操作系统和(ii)计算机系统的至少第一和第二硬件设备之间插入第一虚拟化层。 经由第一虚拟化层在第一硬件设备和第二硬件设备之间传送数据,而不将数据暴露给操作系统。
-
公开(公告)号:US20080235793A1
公开(公告)日:2008-09-25
申请号:US12020612
申请日:2008-01-28
申请人: Matthias Schunter , Axel Tanner , Bernhard Jansen
发明人: Matthias Schunter , Axel Tanner , Bernhard Jansen
CPC分类号: G06F12/145 , G06F12/1491 , G06F21/64 , G06F21/79
摘要: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
-
公开(公告)号:US08516564B2
公开(公告)日:2013-08-20
申请号:US12175503
申请日:2008-07-18
IPC分类号: G06F7/04
CPC分类号: H04L9/3234
摘要: A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.
摘要翻译: 在(i)计算机系统的操作系统和(ii)计算机系统的至少第一和第二硬件设备之间插入第一虚拟化层。 经由第一虚拟化层在第一硬件设备和第二硬件设备之间传送数据,而不将数据暴露给操作系统。
-
10.发明申请公开(公告)号:US20080289028A1
公开(公告)日:2008-11-20
申请号:US12121689
申请日:2008-05-15
申请人: Bernhard Jansen , Axel Tanner
发明人: Bernhard Jansen , Axel Tanner
IPC分类号: G06F21/00
CPC分类号: H04L63/0281 , G06F13/24 , G06F21/305 , H04L63/1441
摘要: A firewall system adapted for location outside the client machine, preferably in the same data processing device as the client machine but outside a virtual machine containing the client machine. Control logic of the firewall system receives incoming and outgoing connections from the network and client machine respectively. In response to a connection request initiating a connection between respective endpoints in the network and client machine, the control logic performs a security assessment comprising obtaining from at least one of the network and client machine information indicative of the security state of the endpoint therein, and allows or inhibits the connection in dependence on the result of the security assessment. The security assessment may be performed in accordance with a security policy of the system, and different security assessments may be performed for different connection requests in accordance with the security policy.
摘要翻译: 防火墙系统适于位于客户机外部,优选地在与客户机相同的数据处理设备中,但在包含客户端机器的虚拟机之外。 防火墙系统的控制逻辑分别从网络和客户机接收传入和传出的连接。 响应于发起网络中的相应端点和客户机之间的连接的连接请求,控制逻辑执行安全性评估,包括从网络和客户机中的至少一个获取指示其中的端点的安全状态的信息,以及 根据安全评估的结果允许或禁止连接。 可以根据系统的安全策略执行安全评估,并且可以根据安全策略对不同的连接请求执行不同的安全评估。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.03 秒)
