Initiating and debugging a process in a high assurance execution environment
    1.
    发明授权
    Initiating and debugging a process in a high assurance execution environment 有权
    在高可靠执行环境中启动和调试进程

    公开(公告)号:US07293251B2

    公开(公告)日:2007-11-06

    申请号:US10759818

    申请日:2004-01-16

    IPC分类号: G06F9/44

    CPC分类号: G06F11/3664 G06F11/362

    摘要: Bifurcated processes, in which a shadow process in a first environment is controlling thread scheduling for a trusted agent in a second, high assurance environment, can be debugged via a two-phase initialization of the debugger. In the first phase, initial set up is accomplished for the trusted agent, but no shadow process will schedule execution for any thread of the trusted agent. The debugger will then be attached. In a second phase, the shadow process will begin scheduling threads for the trusted agent. In order to allow the debugger access to the process memory of the trusted agent or to set or get information regarding a particular thread of the trusted agent, a thread which is either a thread belonging to the trusted agent or belonging to the second execution environment and matched with the trusted agent is used. This admin thread is used to perform the work of retrieving process memory and information regarding threads of the trusted agent, allowing such information from the high assurance environment to be found and used in the debugger in the first execution environment.

    摘要翻译: 可以通过调试器的两阶段初始化来调试在第一环境中的影子进程控制第二高保证环境中的可信代理的线程调度的分叉进程。 在第一阶段,为可信代理完成初始设置,但是没有影子进程将调度可信代理的任何线程的执行。 然后调试器将被附加。 在第二阶段,影子进程将开始为可信代理程序调度线程。 为了允许调试器访问可信代理的进程存储器,或设置或获取关于可信代理的特定线程的信息,作为属于可信代理或属于第二执行环境的线程的线程,以及 与可信代理匹配使用。 该管理线程用于执行检索进程内存和有关可信代理的线程的信息的工作,允许在第一执行环境中在调试器中找到并使用来自高保证环境的这些信息。

    Securely launching encrypted operating systems
    2.
    发明授权
    Securely launching encrypted operating systems 有权
    安全地启动加密的操作系统

    公开(公告)号:US07913074B2

    公开(公告)日:2011-03-22

    申请号:US11864418

    申请日:2007-09-28

    CPC分类号: G06F15/16

    摘要: Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.

    摘要翻译: 本文描述了用于安全启动加密操作系统的工具和技术。 这些工具可以提供包括为系统定义引导路径的操作系统(OS)的计算系统。 该引导路径可以包括第一和第二OS加载器组件。 第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令,并且用于从加密的第二存储中检索这些指定的扇区。 第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中,并且可以调用第二加载器来尝试使用这些扇区启动操作系统。 反过来,第二装载器可以包括用于从第三商店检索这些扇区的指令,以及用于解密用于对这些扇区进行解密的密钥。 然后,第二加载器可以解密这些扇区,并尝试从这些扇区启动OS。

    Securely Launching Encrypted Operating Systems
    3.
    发明申请
    Securely Launching Encrypted Operating Systems 有权
    安全启动加密操作系统

    公开(公告)号:US20090089568A1

    公开(公告)日:2009-04-02

    申请号:US11864418

    申请日:2007-09-28

    IPC分类号: G06F15/177

    CPC分类号: G06F15/16

    摘要: Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.

    摘要翻译: 本文描述了用于安全启动加密操作系统的工具和技术。 这些工具可以提供包括为系统定义引导路径的操作系统(OS)的计算系统。 该引导路径可以包括第一和第二OS加载器组件。 第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令,并且用于从加密的第二存储中检索这些指定的扇区。 第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中,并且可以调用第二加载器来尝试使用这些扇区启动操作系统。 反过来,第二装载器可以包括用于从第三商店检索这些扇区的指令,以及用于解密用于对这些扇区进行解密的密钥。 然后,第二加载器可以解密这些扇区,并尝试从这些扇区启动OS。

    Attested content protection
    5.
    发明授权
    Attested content protection 有权
    受理内容保护

    公开(公告)号:US08387152B2

    公开(公告)日:2013-02-26

    申请号:US12163426

    申请日:2008-06-27

    CPC分类号: G06F21/57 G06F21/10

    摘要: Computer systems and environments implemented herein permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, this computing environment can facilitate more robust and efficient authorization decisions when access to protected content is requested.

    摘要翻译: 本文实现的计算机系统和环境允许本地机器增加对授权访问受保护内容的参与。 操作系统在相应的计算机系统上证明计算环境。 如果计算环境是允许访问受保护内容的计算环境,则允许操作系统根据生殖策略进一步(例如,应用)调整对受保护内容的访问。 因此,授权决定部分分配,减轻了内容保护服务器的资源负担。 因此,当请求对受保护内容的访问时,该计算环境可以促进更强大和有效的授权决定。

    ATTESTED CONTENT PROTECTION
    6.
    发明申请
    ATTESTED CONTENT PROTECTION 有权
    强制内容保护

    公开(公告)号:US20090327705A1

    公开(公告)日:2009-12-31

    申请号:US12163426

    申请日:2008-06-27

    IPC分类号: H04L9/32 G06F21/24 H04L9/08

    CPC分类号: G06F21/57 G06F21/10

    摘要: The present invention extends to methods, systems, and computer program products for protecting content. Embodiments of the invention permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.

    摘要翻译: 本发明扩展到用于保护内容的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加对授权对受保护内容的访问的参与。 操作系统在相应的计算机系统上证明计算环境。 如果计算环境是允许访问受保护内容的计算环境,则允许操作系统根据生殖策略进一步(例如,应用)调整对受保护内容的访问。 因此,授权决定部分分配,减轻了内容保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。

    Disposable red partitions
    7.
    发明授权
    Disposable red partitions 有权
    一次性红色分区

    公开(公告)号:US07805761B2

    公开(公告)日:2010-09-28

    申请号:US11118062

    申请日:2005-04-29

    CPC分类号: G06F21/575 G06F21/57

    摘要: A system and method are provided, whereby data that is easily re-created is separated from data that is not easily re-created, such that the easily re-created data can be disposed of based on a variety of events and the not easily re-created data can be kept in its original state. In one aspect of the invention, such easily re-created data is disposed of based on a “panic button” being pushed by a computer system user, such as when a user becomes aware that some malware has infected the computer system. In other aspects of the invention, such data is disposed of every time the computer system boots up, or detects via its anti-virus program that some malware is present. In other aspects of the invention, the easily re-created data can be rolled back or rolled forward without affecting the non-easily re-created data.

    摘要翻译: 提供了一种系统和方法,由此容易重新创建的数据与不容易重新创建的数据分离,使得可以基于各种事件来处理容易重新创建的数据,并且不容易地重新生成 处理的数据可以保持原来的状态。 在本发明的一个方面中,基于由计算机系统用户推送的“紧急按钮”(例如当用户意识到某些恶意软件已经感染了计算机系统时)来处理这样容易重新创建的数据。 在本发明的其他方面,每当计算机系统启动时处理这样的数据,或者通过其防病毒程序来检测存在一些恶意软件。 在本发明的其它方面,容易重新创建的数据可以回滚或滚动,而不影响不容易重新创建的数据。

    Systems and methods for an augmented interrupt controller and synthetic interrupt sources
    9.
    发明授权
    Systems and methods for an augmented interrupt controller and synthetic interrupt sources 有权
    扩展中断控制器和合成中断源的系统和方法

    公开(公告)号:US07689747B2

    公开(公告)日:2010-03-30

    申请号:US11092012

    申请日:2005-03-28

    IPC分类号: G06F13/24

    CPC分类号: G06F13/26

    摘要: Various embodiments of the present invention are directed to augmented interrupt controllers (AICs) and to synthetic interrupt sources (SISs) providing richer interrupt information (or “synthetic interrupts” or “SIs”). The AIC and SIS provide efficient means for sending and receiving interrupts, and particularly interrupts sent to and received by virtual machines. Several of these embodiments are specifically directed to an interrupt controller that is extended to accept and deliver additional information associated with an incoming interrupt. For certain such embodiments, a memory-mapped extension to the interrupt controller includes a data structure that is populated with the additional information as part of the interrupt delivery. Although several of the embodiments described herein are disclosed in the context of a virtual machine system, the inventions disclosed herein can also be applied to traditional computer systems (without a virtualization layer) as well.

    摘要翻译: 本发明的各种实施例涉及增强中断控制器(AIC)和提供更丰富的中断信息(或“合成中断”或“SI”)的合成中断源(SIS)。 AIC和SIS提供发送和接收中断的有效手段,特别是发送到虚拟机并由其接收的中断。 这些实施例中的几个具体涉及一个中断控制器,该中断控制器被扩展以接受和传送与进入中断相关联的附加信息。 对于某些这样的实施例,对中断控制器的存储器映射扩展包括作为中断传递的一部分的附加信息的数据结构。 虽然本文所描述的几个实施例在虚拟机系统的上下文中被公开,但是本文公开的发明也可以应用于传统的计算机系统(没有虚拟化层)。

    Systems and methods for hypervisor discovery and utilization
    10.
    发明授权
    Systems and methods for hypervisor discovery and utilization 有权
    管理程序发现和利用的系统和方法

    公开(公告)号:US08635612B2

    公开(公告)日:2014-01-21

    申请号:US11119200

    申请日:2005-04-29

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45533

    摘要: Systems and methods are provided, whereby partitions may become enlightened and discover the presence of a hypervisor. Several techniques of hypervisor discovery are discussed, such as detecting the presence of virtual processor registers (e.g. model specific registers or special-purpose registers) or the presence of virtual hardware devices. Upon discovery, information (code and/or data) may be injected in a partition by the hypervisor, whereby such injection allows the partition to call the hypervisor. Moreover, the hypervisor may present a versioning mechanism that allows the partition to match up the version of the hypervisor to its virtual devices. Next, once code and/or data is injected, calling conventions are established that allow the partition and the hypervisor to communicate, so that the hypervisor may perform some operations on behalf of the partition. Four exemplary calling conventions are considered: restartable instructions, a looping mechanism, shared memory transport, and synchronous or asynchronous processed packets. Last, cancellation mechanisms are considered, whereby partition requests may be cancelled.

    摘要翻译: 提供了系统和方法,由此分区可能变得开明并发现管理程序的存在。 讨论了管理程序发现的几种技术,例如检测虚拟处理器寄存器(例如模型特定寄存器或专用寄存器)的存在或虚拟硬件设备的存在。 一旦发现,信息(代码和/或数据)可以由管理程序注入到分区中,由此这种注入允许分区调用管理程序。 此外,管理程序可以呈现允许分区将虚拟机管理程序的版本与其虚拟设备相匹配的版本控制机制。 接下来,一旦注入了代码和/或数据,就建立了允许分区和管理程序进行通信的调用约定,以便管理程序可以代表分区执行一些操作。 考虑四个示例性的呼叫约定:可重新启动的指令,循环机制,共享存储器传输和同步或异步处理的分组。 最后,考虑取消机制,从而可能会取消分区请求。