公开(公告)号：US20150143071A1

公开(公告)日：2015-05-21

申请号：US13995337

申请日：2011-12-30

申请人： Ravi L. Sahita ,  Yasser Rasheed ,  Vedvyas Shanbhogue ,  David M. Durham ,  Scott H. Robinson ,  Paul S. Schmitz

发明人： Ravi L. Sahita ,  Yasser Rasheed ,  Vedvyas Shanbhogue ,  David M. Durham ,  Scott H. Robinson ,  Paul S. Schmitz

IPC分类号： G06F12/10 ,  G06F21/55

CPC分类号： G06F12/10 ,  G06F21/554 ,  G06F21/6227 ,  G06F2212/251 ,  G06F2221/034

摘要： Embodiments of apparatuses and methods for memory event notification are disclosed. In one embodiment, a processor includes address translation hardware and memory event hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory event hardware is to detect an access to a registered portion of memory.

摘要翻译： 公开了用于存储器事件通知的装置和方法的实施例。 在一个实施例中，处理器包括地址转换硬件和存储器事件硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 存储器事件硬件是检测对存储器的注册部分的访问。

公开(公告)号：US08635705B2

公开(公告)日：2014-01-21

申请号：US12658876

申请日：2010-02-17

申请人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

发明人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F21/53 ,  G06F21/55

摘要： In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.

摘要翻译： 在一些实施例中，方法可以提供带外（OOB）代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中，可管理性引擎可以向带内和带外安全代理提供带外连接，并提供对系统存储器资源的访问，而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。

公开(公告)号：US20110078799A1

公开(公告)日：2011-03-31

申请号：US12658876

申请日：2010-02-17

申请人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

发明人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

IPC分类号： G06F12/14 ,  G06F21/00 ,  G06F21/22

CPC分类号： G06F21/53 ,  G06F21/55

摘要： In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.

摘要翻译： 在一些实施例中，方法可以提供带外（OOB）代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中，可管理性引擎可以向带内和带外安全代理提供带外连接，并提供对系统存储器资源的访问，而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。

公开(公告)号：US10515023B2

公开(公告)日：2019-12-24

申请号：US15088739

申请日：2016-04-01

申请人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

发明人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F12/1027 ,  G06F21/78

摘要： This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20160179665A1

公开(公告)日：2016-06-23

申请号：US14581730

申请日：2014-12-23

申请人： Michael LeMay ,  Ravi L. Sahita ,  Barry E. Huntley ,  David M. Durham ,  Vedvyas Shanbhogue

发明人： Michael LeMay ,  Ravi L. Sahita ,  Barry E. Huntley ,  David M. Durham ,  Vedvyas Shanbhogue

IPC分类号： G06F12/08 ,  G06F9/455

CPC分类号： G06F12/08 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1491 ,  G06F21/79 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2212/151 ,  G06F2212/657

摘要： Generally, this disclosure provides systems, devices, methods and computer readable media for controlled memory view switching. The system may include a memory module comprising a shared address space between a first memory view and a second memory view. The system may also include a virtual machine monitor (VMM) to maintain a list of Controlled View Switch (CVS) descriptors. The system may further include a processor to receive a memory view switch request and to execute an instruction to save processor state information and switch from the first memory view to the second memory view, wherein the second memory view is specified by an extended page table pointer (EPTP) provided by one of the CVS descriptors.

摘要翻译： 通常，本公开提供了用于受控存储器视图切换的系统，设备，方法和计算机可读介质。 该系统可以包括存储器模块，该存储器模块包括第一存储器视图和第二存储器视图之间的共享地址空间。 该系统还可以包括维护受控视图切换（CVS）描述符的列表的虚拟机监视器（VMM）。 该系统还可以包括处理器，用于接收存储器视图切换请求并且执行用于保存处理器状态信息并从第一存储器视图切换到第二存储器视图的指令，其中第二存储器视图由扩展页表指针 （EPTP）由其中一个CVS描述符提供。

公开(公告)号：US20140157410A1

公开(公告)日：2014-06-05

申请号：US13690401

申请日：2012-11-30

申请人： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Frank X McKeen ,  Carlos Rozas ,  Vembu Balaji ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

发明人： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Frank X McKeen ,  Carlos Rozas ,  Vembu Balaji ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC分类号： G06F21/64

CPC分类号： G06F21/64 ,  G06F21/53 ,  G06F21/56

摘要： In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

摘要翻译： 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US20180046803A1

公开(公告)日：2018-02-15

申请号：US15235806

申请日：2016-08-12

申请人： Xiaoning Li ,  Ravi L. Sahita ,  David M. Durham

发明人： Xiaoning Li ,  Ravi L. Sahita ,  David M. Durham

IPC分类号： G06F21/56 ,  G06F21/52 ,  G06F11/14

CPC分类号： G06F21/566 ,  G06F11/1417 ,  G06F11/302 ,  G06F11/3089 ,  G06F21/54 ,  G06F2201/84

摘要： Technologies for hardware assisted native malware detection include a computing device. The computing device includes one or more processors with hook logic to monitor for execution of branch instructions of an application, compare the monitored branch instructions to filter criteria, and determine whether a monitored branch instruction satisfies the filter criteria. Additionally, the computing device includes a malware detector to provide the filter criteria to the hook logic, provide an address of a callback function to the hook logic to be executed in response to a determination that a monitored branch instruction satisfies the filter criteria, and analyze, in response to execution of the callback function, the monitored branch instruction to determine whether the monitored branch instruction is indicative of malware. Other embodiments are also described and claimed.

公开(公告)号：US08479295B2

公开(公告)日：2013-07-02

申请号：US13076378

申请日：2011-03-30

申请人： Ravi L. Sahita ,  David M. Durham ,  Prashant Dewan ,  Manohar R. Castelino

发明人： Ravi L. Sahita ,  David M. Durham ,  Prashant Dewan ,  Manohar R. Castelino

IPC分类号： G06F12/14 ,  G06F9/44

CPC分类号： G06F21/54 ,  G06F11/3644 ,  G06F21/566

摘要： Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory.

摘要翻译： 通常，本公开描述了用于透明地测试计算机进程的系统和方法。 这些系统和方法被配置为允许检测可执行代码，同时允许旧的存储器扫描工具来监视存储在存储器中的相应的未被记录的可执行代码。

公开(公告)号：US09405570B2

公开(公告)日：2016-08-02

申请号：US13341891

申请日：2011-12-30

申请人： Ravi L. Sahita ,  David M. Durham ,  Gilbert Neiger ,  Andrew V. Anderson ,  Scott D. Rodgers

发明人： Ravi L. Sahita ,  David M. Durham ,  Gilbert Neiger ,  Andrew V. Anderson ,  Scott D. Rodgers

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F2009/45583

摘要： Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.

摘要翻译： 本公开的各种实施例可以描述用于减少由程序之间切换存储​​器页面许可视图而引起的系统延迟的方法，装置和系统，同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。

公开(公告)号：US09286245B2

公开(公告)日：2016-03-15

申请号：US13995360

申请日：2011-12-30

申请人： David M. Durham ,  Ravi L. Sahita ,  Prashant Dewan

发明人： David M. Durham ,  Ravi L. Sahita ,  Prashant Dewan

IPC分类号： G06F21/00 ,  G06F12/14 ,  G06F21/50 ,  G06F21/12 ,  G06F21/79

CPC分类号： G06F12/1458 ,  G06F21/121 ,  G06F21/50 ,  G06F21/79

摘要： Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation.

摘要翻译： 公开了用于硬件强制存储器访问许可的装置和方法的实施例。 在一个实施例中，处理器包括地址转换硬件和存储器访问硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 内存访问硬件是检测访问权限冲突。