-
公开(公告)号:US20130191577A1
公开(公告)日:2013-07-25
申请号:US13734834
申请日:2013-01-04
IPC分类号: G06F12/08
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20150242333A1
公开(公告)日:2015-08-27
申请号:US14709369
申请日:2015-05-11
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20130191611A1
公开(公告)日:2013-07-25
申请号:US13734851
申请日:2013-01-04
IPC分类号: G06F12/10
CPC分类号: G06F12/1009 , G06F2212/151
摘要: Embodiments of techniques and systems for using substitute virtualized-memory page tables are described. In embodiments, a virtual machine monitor (VMM) may determine that a virtualized memory access to be performed by an instruction executing on a guest software virtual machine is not allowed in accordance with a current virtualized-memory page table (VMPT). The VMM may select a substitute VMPT that permits the virtualized memory access, In scenarios where a data access length for the instruction is known, the substitute VMPT may include full execute, read, and write permissions for the entire guest software address space. In scenarios where a data access length for the instruction is not known, the substitute VMPT may include less than full execute, read, and write permissions for the entire guest software address space, and may be modified to allow the requested virtualized memory access. Other embodiments may be described and claimed.
摘要翻译: 描述了使用替代虚拟化内存页表的技术和系统的实施例。 在实施例中,虚拟机监视器(VMM)可以根据当前的虚拟存储器页表(VMPT)来确定不允许通过在客户软件虚拟机上执行的指令执行的虚拟化存储器访问。 VMM可以选择允许虚拟化存储器访问的替代VMPT。在已知指令的数据访问长度的情况下,替代VMPT可以包括整个客户软件地址空间的完全执行,读取和写入权限。 在不知道指令的数据访问长度的情况下,替代VMPT可以包括对于整个客户软件地址空间的小于完全执行,读取和写入许可,并且可以被修改以允许所请求的虚拟存储器访问。 可以描述和要求保护其他实施例。
-
4.发明授权Determining policy actions for the handling of data read/write extended page table violations 有权确定处理数据读/写扩展页表违规的策略动作公开(公告)号:US09372812B2
公开(公告)日:2016-06-21
申请号:US13995131
申请日:2011-12-22
CPC分类号: G06F12/1441 , G06F9/45558 , G06F12/0292 , G06F12/1458 , G06F2009/45587
摘要: Embodiments of systems, apparatuses, and methods for determining if an instruction of a virtual machine is allowed to modify a protected memory region are described. In some embodiments, a system detects an indication of an attempt by the instruction to write to the protected memory region. In addition, the system determines if the instruction is allowed to write to the protected memory region based on a starting address and data length of the instruction. Furthermore, if the instruction is allowed to write to the protected memory region, the system updates the protected memory region with the instruction results.
摘要翻译: 描述了用于确定虚拟机的指令是否被允许修改受保护的存储器区域的系统,装置和方法的实施例。 在一些实施例中,系统通过写入受保护的存储器区域的指令来检测尝试的指示。 此外,系统基于指令的起始地址和数据长度来确定是否允许指令写入受保护的存储器区域。 此外,如果指令被允许写入受保护的存储器区域,则系统用指令结果更新受保护的存储器区域。
-
5.发明申请DETERMINING POLICY ACTIONS FOR THE HANDLING OF DATA READ/WRITE EXTENDED PAGE TABLE VIOLATIONS 有权决定处理数据读/写扩展页表违规的政策行动公开(公告)号:US20140201422A1
公开(公告)日:2014-07-17
申请号:US13995131
申请日:2011-12-22
CPC分类号: G06F12/1441 , G06F9/45558 , G06F12/0292 , G06F12/1458 , G06F2009/45587
摘要: Embodiments of systems, apparatuses, and methods for determining if an instruction of a virtual machine is allowed to modify a protected memory region are described. In some embodiments, a system detects an indication of an attempt by the instruction to write to the protected memory region. In addition, the system determines if the instruction is allowed to write to the protected memory region based on a starting address and data length of the instruction. Furthermore, if the instruction is allowed to write to the protected memory region, the system updates the protected memory region with the instruction results.
摘要翻译: 描述了用于确定虚拟机的指令是否被允许修改受保护的存储器区域的系统,装置和方法的实施例。 在一些实施例中,系统通过写入受保护的存储器区域的指令来检测尝试的指示。 此外,系统基于指令的起始地址和数据长度来确定是否允许指令写入受保护的存储器区域。 此外,如果指令被允许写入受保护的存储器区域,则系统用指令结果更新受保护的存储器区域。
-
公开(公告)号:US07945786B2
公开(公告)日:2011-05-17
申请号:US11731164
申请日:2007-03-30
申请人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Madhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
发明人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Madhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
CPC分类号: G06F9/45558 , G06F9/4418 , G06F21/51 , G06F21/79 , G06F2009/45587
摘要: A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed.
摘要翻译: 处理系统具有随机存取存储器(RAM),处理器和可信平台模块(TPM)。 当处理系统进入休眠模式期间,RAM将保持供电状态,处理系统可以测量处理系统中的VMM和一个或多个安全VM。 然而,处理系统可能不能测量或加密所有的系统存储器。 从休眠状态恢复时,处理系统可以验证测量结果,以确保VMM和安全VM没有被篡改。 其他步骤可以包括将加密密钥封装到TPM,同时保留存储器中的斑点。 描述和要求保护其他实施例。
-
公开(公告)号:US20160085967A1
公开(公告)日:2016-03-24
申请号:US14494260
申请日:2014-09-23
CPC分类号: G06F21/56 , G06F12/1408 , G06F21/6218 , G06F21/64 , G06F2212/1052 , G06F2221/034 , G06F2221/2107 , H04L63/145
摘要: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.
摘要翻译: 各种实施例旨在使反恶意软件与操作系统的保护特征共存。 设备可以包括处理器组件,其包括存储IDT大小的指示的IDT寄存器; 监视部件,用于检索所述指示并响应于所述IDT寄存器的修改将所述指示与所述保护IDT的大小进行比较,以确定所述保护例程是否检查所述IDT和一组ISR; 以及高速缓存组件,用于分别基于所述确定并且在检查之前分别具有缓存的IDT和缓存的ISR集合来覆盖IDT和ISR集合,以防止保护例程检测到反恶意程序的修改, 在修改之前分别从IDT和ISR集合生成的缓存的IDT和缓存的ISR集合。 描述和要求保护其他实施例。
-
公开(公告)号:US10956571B2
公开(公告)日:2021-03-23
申请号:US14998060
申请日:2015-12-24
摘要: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.
-
公开(公告)号:US20080244292A1
公开(公告)日:2008-10-02
申请号:US11731164
申请日:2007-03-30
申请人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Mudhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
发明人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Mudhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
CPC分类号: G06F9/45558 , G06F9/4418 , G06F21/51 , G06F21/79 , G06F2009/45587
摘要: A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed.
摘要翻译: 处理系统具有随机存取存储器(RAM),处理器和可信平台模块(TPM)。 当处理系统进入休眠模式期间,RAM将保持供电状态,处理系统可以测量处理系统中的VMM和一个或多个安全VM。 然而,处理系统可能不能测量或加密所有的系统存储器。 从休眠状态恢复时,处理系统可以验证测量结果,以确保VMM和安全VM没有被篡改。 其他步骤可以包括将加密密钥封装到TPM,同时保留存储器中的斑点。 描述和要求保护其他实施例。
-
10.发明申请公开(公告)号:US20140173169A1
公开(公告)日:2014-06-19
申请号:US13716447
申请日:2012-12-17
申请人: Baohong Liu , Ritu Sood , Kuo-Lang Tseng , Duke Tallam
发明人: Baohong Liu , Ritu Sood , Kuo-Lang Tseng , Duke Tallam
IPC分类号: G06F12/10
CPC分类号: G06F12/1009 , G06F9/45558 , G06F12/1036 , G06F12/109 , G06F12/145 , G06F2009/45583 , G06F2212/151 , G06F2212/657
摘要: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.
摘要翻译: 公开了一种用于控制对虚拟化环境中的存储器页组的访问的发明的实施例。 在一个实施例中,处理器包括虚拟化单元和存储器管理单元。 虚拟化单元将处理器的控制转移到虚拟机。 存储器管理单元响应于尝试在虚拟机上执行存储在第一页面上的指令,执行通过寻呼结构寻找第二页面的页面,并且允许访问第二页面而不退出 虚拟机至少部分地基于在寻呼结构中对应于第二页的叶级别条目中设置一个位,并且在与寻呼结构的每个级别中的第一页对应的每个条目中设置相应的位。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.023 秒)