-
公开(公告)号:US20080244725A1
公开(公告)日:2008-10-02
申请号:US11695016
申请日:2007-03-31
IPC分类号: G06F21/00
CPC分类号: G06F9/545 , G06F9/544 , G06F21/606 , G06F2209/542
摘要: According to one example embodiment of the inventive subject matter, there is described herein a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers. According to one embodiment described in more detail below, there is provided a method and apparatus for optimally transferring packet data across contexts (protected and unprotected) in a commodity operating system.
摘要翻译: 根据本发明主题的一个示例实施例,这里描述了一种使用分组队列和触发器在内部分区系统上安全有效地管理分组缓冲区之间的分组缓冲器的方法和装置。 根据下面更详细描述的一个实施例,提供了一种用于在商品操作系统中跨越上下文(受保护和未受保护)最佳地传送分组数据的方法和装置。
-
公开(公告)号:US07467285B2
公开(公告)日:2008-12-16
申请号:US11191468
申请日:2005-07-27
IPC分类号: G06F12/00
CPC分类号: G06F12/145 , G06F12/1009 , G06F21/52 , G06F21/554
摘要: Provided are a method, system, program and device for maintaining shadow page tables in a sequestered memory region. A first processor executing an application invokes a second processor to create a shadow page table used for address translation for the application in a sequestered memory region non-alterable by processes controlled by an operating system executed by the first processor. The shadow page table references at least one page in an operating system memory region accessible to processes controlled by the operating system.
摘要翻译: 提供了一种用于在隔离存储器区域中保持阴影页表的方法,系统,程序和设备。 执行应用的第一处理器调用第二处理器来创建用于经由由第一处理器执行的操作系统控制的进程不可修改的存储存储器区域中的应用的地址转换的影子页表。 影子页面表引用由操作系统控制的进程可访问的操作系统存储器区域中的至少一个页面。
-
公开(公告)号:US07571298B2
公开(公告)日:2009-08-04
申请号:US11428335
申请日:2006-06-30
申请人: Hormuzd M. Khosravi , David M. Durham , Travis Schluessler , Ravi Sahita , Uday Savagaonkar , Priya Rajagopal
发明人: Hormuzd M. Khosravi , David M. Durham , Travis Schluessler , Ravi Sahita , Uday Savagaonkar , Priya Rajagopal
CPC分类号: G06F12/1081 , G06F12/00
摘要: Systems and methods are described herein to provide for host virtual memory reconstitution. Virtual memory reconstitution is the ability to translate the host device's virtual memory addresses to the host device's physical memory addresses. The virtual memory reconstitution methods are independent of the operating system running on the host device.
摘要翻译: 这里描述了系统和方法来提供主机虚拟存储器重构。 虚拟内存重构是将主机设备的虚拟内存地址转换为主机设备的物理内存地址的功能。 虚拟内存重构方法与在主机设备上运行的操作系统无关。
-
4.发明申请Method and apparatus for secure page swapping in virtual memory systems 审中-公开用于在虚拟存储器系统中进行安全页面交换的方法和装置公开(公告)号:US20080077767A1
公开(公告)日:2008-03-27
申请号:US11528161
申请日:2006-09-27
申请人: Hormuzd M. Khosravi , Uday Savagaonkar , Ravi Sahita , David Durham , Travis Schluessler , Gayathri Nagabhushan
发明人: Hormuzd M. Khosravi , Uday Savagaonkar , Ravi Sahita , David Durham , Travis Schluessler , Gayathri Nagabhushan
CPC分类号: G06F12/1475 , G06F12/0804 , G06F12/1408 , G06F12/1491
摘要: Embodiments described herein disclose a method and apparatus for secure page swapping in a virtual memory system. An integrity check value mechanism is used to protect software programs from run-time attacks against memory pages while those pages are swapped to secondary memory. A hash value is computed for an agent page as it is swapped from primary memory to secondary memory. When the page is swapped back into primary memory from secondary memory, that hash value is recomputed to verify that the page was not modified while stored in secondary memory. Alternatively, the hash value is pre-computed and placed in an integrity manifest wherein it is retrieved and verified when the page is loaded back into primary memory from secondary memory.
摘要翻译: 本文描述的实施例公开了一种用于虚拟存储器系统中的安全页面交换的方法和装置。 完整性检查值机制用于保护软件程序免受针对存储器页面的运行时攻击,而这些页面被交换到辅助存储器。 当代理页面从主存储器交换到辅助存储器时,计算哈希值。 当页面从辅助存储器交换回主存储器时,重新计算该哈希值,以验证在存储在辅助存储器中的页面是否未被修改。 或者,哈希值是预先计算的并且被放置在完整性清单中,其中当从第二存储器将页面加载回主存储器时,其被检索和验证。
-
公开(公告)号:US20080244758A1
公开(公告)日:2008-10-02
申请号:US11694548
申请日:2007-03-30
CPC分类号: G06F21/6218 , G06F21/57 , G06F21/70
摘要: An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.
摘要翻译: 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置,并且在一个实施例中包括虚拟机管理器,存储器保护模块和完整性测量管理器。 在另一实施例中,提供对一个或多个硬件设备的安全访问的方法可以包括:修改页表,验证设备驱动程序的完整性,以及如果设备驱动程序被验证,则向设备驱动程序提供存储器保护。
-
6.发明授权公开(公告)号:US08181025B2
公开(公告)日:2012-05-15
申请号:US11591258
申请日:2006-10-31
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: H04L9/32 , G06F12/14 , G06F11/30 , G06F1/00 , G06F7/04 , G06G7/48 , G06F9/46 , G06F9/455 , G06F1/32 , G06F12/08
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译: 用于管理代理的方法包括响应于注册请求验证代理的完整性。 在完整性验证期间为代理提供内存保护。 当代理商的注册已经完成时生成指示。 根据本发明的一个方面,提供存储器保护包括具有虚拟机监视器对代理的限制访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20120090016A1
公开(公告)日:2012-04-12
申请号:US13373957
申请日:2011-12-06
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
-
公开(公告)号:US20090172330A1
公开(公告)日:2009-07-02
申请号:US12005681
申请日:2007-12-28
申请人: Prashant Dewan , Uday Savagaonkar
发明人: Prashant Dewan , Uday Savagaonkar
IPC分类号: G06F12/00
CPC分类号: G06F12/1491 , G06F12/145
摘要: In one embodiment, the present invention includes a virtual machine monitor (VMM) to access a protection indicator of a page table entry (PTE) of a page of a set of memory buffers and determine a state of the protection indicator, and if the protection indicator indicates that the page is a user-level page and if certain information of an agent that seeks to use the page matches that in a protected memory address array, a page table base register (PTBR) is updated to a protected page table (PPT) base address. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一个虚拟机监视器(VMM),用于访问一组存储器缓冲器的页面的页表条目(PTE)的保护指示符,并确定保护指示符的状态,并且如果保护 指示符表示页面是用户级页面,并且如果寻求使用页面的代理的特定信息与受保护的存储器地址阵列中的那些信息匹配,则页表基址寄存器(PTBR)被更新到受保护页表(PPT) )基地址。 描述和要求保护其他实施例。
-
公开(公告)号:US09286235B2
公开(公告)日:2016-03-15
申请号:US13538900
申请日:2012-06-29
申请人: Gur Hildesheim , Shlomo Raikin , Ittai Anati , Gideon Gerzon , Uday Savagaonkar , Francis Mckeen , Carlos Rozas , Michael Goldsmith , Prashant Dewan
发明人: Gur Hildesheim , Shlomo Raikin , Ittai Anati , Gideon Gerzon , Uday Savagaonkar , Francis Mckeen , Carlos Rozas , Michael Goldsmith , Prashant Dewan
CPC分类号: G06F12/109 , G06F12/0284 , G06F12/1036 , G06F2212/656 , G06F2212/657
摘要: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.
摘要翻译: 公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。 在一个实施例中,处理器包括存储器接口,地址转换硬件和虚拟存储器地址比较硬件。 存储器接口是使用物理内存地址访问系统内存。 地址转换硬件是支持将虚拟内存地址转换为物理内存地址。 虚拟存储器地址由软件用于访问处理器的虚拟存储器地址空间中的虚拟存储器位置。 虚拟内存地址比较硬件是确定虚拟内存地址是否在虚拟内存地址范围内。
-
公开(公告)号:US20120096270A1
公开(公告)日:2012-04-19
申请号:US13337919
申请日:2011-12-27
申请人: Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
发明人: Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
IPC分类号: H04L9/32
CPC分类号: H04L63/0428 , H04L9/0631 , H04L9/3242 , H04L63/08 , H04L63/1466 , H04L63/168 , H04L2209/12 , H04L2209/38
摘要: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.
摘要翻译: 公开了客户机与服务器之间的端到端安全性,以及通过组合模式,单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。 在各种实施例中,组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元,并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签,其中 认证和加密密钥具有不同的密钥值。 在各种实施例中,密码单元以AES计数器模式运行,并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能,同时允许 中间设备访问用于解密数据的加密密钥,而不提供该设备损害数据完整性的能力,这在端到端设备之间保留。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.03 秒)
