-
公开(公告)号:US07571298B2
公开(公告)日:2009-08-04
申请号:US11428335
申请日:2006-06-30
申请人: Hormuzd M. Khosravi , David M. Durham , Travis Schluessler , Ravi Sahita , Uday Savagaonkar , Priya Rajagopal
发明人: Hormuzd M. Khosravi , David M. Durham , Travis Schluessler , Ravi Sahita , Uday Savagaonkar , Priya Rajagopal
CPC分类号: G06F12/1081 , G06F12/00
摘要: Systems and methods are described herein to provide for host virtual memory reconstitution. Virtual memory reconstitution is the ability to translate the host device's virtual memory addresses to the host device's physical memory addresses. The virtual memory reconstitution methods are independent of the operating system running on the host device.
摘要翻译: 这里描述了系统和方法来提供主机虚拟存储器重构。 虚拟内存重构是将主机设备的虚拟内存地址转换为主机设备的物理内存地址的功能。 虚拟内存重构方法与在主机设备上运行的操作系统无关。
-
公开(公告)号:US20080244758A1
公开(公告)日:2008-10-02
申请号:US11694548
申请日:2007-03-30
CPC分类号: G06F21/6218 , G06F21/57 , G06F21/70
摘要: An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.
摘要翻译: 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置,并且在一个实施例中包括虚拟机管理器,存储器保护模块和完整性测量管理器。 在另一实施例中,提供对一个或多个硬件设备的安全访问的方法可以包括:修改页表,验证设备驱动程序的完整性,以及如果设备驱动程序被验证,则向设备驱动程序提供存储器保护。
-
3.发明申请Method and apparatus for secure page swapping in virtual memory systems 审中-公开用于在虚拟存储器系统中进行安全页面交换的方法和装置公开(公告)号:US20080077767A1
公开(公告)日:2008-03-27
申请号:US11528161
申请日:2006-09-27
申请人: Hormuzd M. Khosravi , Uday Savagaonkar , Ravi Sahita , David Durham , Travis Schluessler , Gayathri Nagabhushan
发明人: Hormuzd M. Khosravi , Uday Savagaonkar , Ravi Sahita , David Durham , Travis Schluessler , Gayathri Nagabhushan
CPC分类号: G06F12/1475 , G06F12/0804 , G06F12/1408 , G06F12/1491
摘要: Embodiments described herein disclose a method and apparatus for secure page swapping in a virtual memory system. An integrity check value mechanism is used to protect software programs from run-time attacks against memory pages while those pages are swapped to secondary memory. A hash value is computed for an agent page as it is swapped from primary memory to secondary memory. When the page is swapped back into primary memory from secondary memory, that hash value is recomputed to verify that the page was not modified while stored in secondary memory. Alternatively, the hash value is pre-computed and placed in an integrity manifest wherein it is retrieved and verified when the page is loaded back into primary memory from secondary memory.
摘要翻译: 本文描述的实施例公开了一种用于虚拟存储器系统中的安全页面交换的方法和装置。 完整性检查值机制用于保护软件程序免受针对存储器页面的运行时攻击,而这些页面被交换到辅助存储器。 当代理页面从主存储器交换到辅助存储器时,计算哈希值。 当页面从辅助存储器交换回主存储器时,重新计算该哈希值,以验证在存储在辅助存储器中的页面是否未被修改。 或者,哈希值是预先计算的并且被放置在完整性清单中,其中当从第二存储器将页面加载回主存储器时,其被检索和验证。
-
公开(公告)号:US07467285B2
公开(公告)日:2008-12-16
申请号:US11191468
申请日:2005-07-27
IPC分类号: G06F12/00
CPC分类号: G06F12/145 , G06F12/1009 , G06F21/52 , G06F21/554
摘要: Provided are a method, system, program and device for maintaining shadow page tables in a sequestered memory region. A first processor executing an application invokes a second processor to create a shadow page table used for address translation for the application in a sequestered memory region non-alterable by processes controlled by an operating system executed by the first processor. The shadow page table references at least one page in an operating system memory region accessible to processes controlled by the operating system.
摘要翻译: 提供了一种用于在隔离存储器区域中保持阴影页表的方法,系统,程序和设备。 执行应用的第一处理器调用第二处理器来创建用于经由由第一处理器执行的操作系统控制的进程不可修改的存储存储器区域中的应用的地址转换的影子页表。 影子页面表引用由操作系统控制的进程可访问的操作系统存储器区域中的至少一个页面。
-
5.发明授权Method and apparatus for run-time in-memory patching of code from a service processor 有权从服务处理器的代码运行时内存补丁的方法和装置公开(公告)号:US08286238B2
公开(公告)日:2012-10-09
申请号:US11540373
申请日:2006-09-29
IPC分类号: H04L29/06
CPC分类号: G06F8/656
摘要: Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.
摘要翻译: 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中,包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁,并且不会暂停程序的执行。
-
6.发明申请Method and apparatus for run-time in-memory patching of code from a service processor 有权从服务处理器的代码运行时内存补丁的方法和装置公开(公告)号:US20080083030A1
公开(公告)日:2008-04-03
申请号:US11540373
申请日:2006-09-29
IPC分类号: G06F12/14
CPC分类号: G06F8/656
摘要: Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.
摘要翻译: 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中,包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁,并且不会暂停程序的执行。
-
公开(公告)号:US20080244725A1
公开(公告)日:2008-10-02
申请号:US11695016
申请日:2007-03-31
IPC分类号: G06F21/00
CPC分类号: G06F9/545 , G06F9/544 , G06F21/606 , G06F2209/542
摘要: According to one example embodiment of the inventive subject matter, there is described herein a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers. According to one embodiment described in more detail below, there is provided a method and apparatus for optimally transferring packet data across contexts (protected and unprotected) in a commodity operating system.
摘要翻译: 根据本发明主题的一个示例实施例,这里描述了一种使用分组队列和触发器在内部分区系统上安全有效地管理分组缓冲区之间的分组缓冲器的方法和装置。 根据下面更详细描述的一个实施例,提供了一种用于在商品操作系统中跨越上下文(受保护和未受保护)最佳地传送分组数据的方法和装置。
-
公开(公告)号:US20100262739A1
公开(公告)日:2010-10-14
申请号:US12824074
申请日:2010-06-25
CPC分类号: G06F12/1491
摘要: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置,物品,方法和系统的实施例。 可以描述和要求保护其他实施例。
-
9.发明授权公开(公告)号:US07761674B2
公开(公告)日:2010-07-20
申请号:US11322669
申请日:2005-12-30
CPC分类号: G06F12/1491
摘要: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置,物品,方法和系统的实施例。 可以描述和要求保护其他实施例。
-
10.发明授权公开(公告)号:US07865683B2
公开(公告)日:2011-01-04
申请号:US12824074
申请日:2010-06-25
CPC分类号: G06F12/1491
摘要: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置,物品,方法和系统的实施例。 可以描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
93 条记录 (耗时 0.024 秒)
