公开(公告)号：US08943288B2

公开(公告)日：2015-01-27

申请号：US13736531

申请日：2013-01-08

Applicant: Samsung Electronics Co., Ltd.

Inventor： Sung-kwan Heo ,  Chan-ju Park ,  Sang-bum Suh ,  Joo-young Hwang ,  Jae-min Ryu

IPC: G06F12/14

CPC classification number: G06F12/1491 ,  G06F12/145

Abstract: Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.

Abstract translation: 提供了一种控制存储器访问的方法。 在包括以具有访问存储器的整个区域的权限的第一优先权的特权模式执行的第一层元素的系统中，以非权限模式执行的第二和第三层元素，其具有访问第 存储器，控制存储器访问的方法确定对于作为地址空间单元的每个页面，存储器是否可访问，基于哪种模式，当前访问存储器的层元素在特权模式和非特权模式之间执行; 并且基于所述第一，第二和第三层元素中的哪个元素对应于当前正在尝试从所述存储器的多个域中被访问的域来确定所述存储器是否可访问。 因此，分配给客户操作系统内核的存储器域被有效地保护在执行客户操作系统内核的非特权模式下执行的应用程序。

公开(公告)号：US09164919B2

公开(公告)日：2015-10-20

申请号：US14597761

申请日：2015-01-15

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Minsung Jang ,  Seong-yeol Park ,  Jae-Min Park ,  Sang-bum Suh ,  Sung-kwan Heo ,  Byung-woan Kim

IPC: G06F15/16 ,  G06F9/00 ,  G06F12/10 ,  G06F13/38 ,  G06F12/14 ,  G06F13/28 ,  G06F9/455

CPC classification number: G06F12/1081 ,  G06F9/45533 ,  G06F9/45537 ,  G06F12/1408 ,  G06F13/28 ,  G06F13/385

Abstract: A method and apparatus for inputting and outputting data by using a virtualization technique are provided. The method includes generating a virtual operating system (OS) for the external device, which is connected to a host, based on OS information stored in the external device, setting a partial area of a storage of the host as virtual storage for the external device, and storing the data in the virtual storage or a memory of the external device in response to a request for inputting and outputting the data from the virtual OS.

Abstract translation: 提供了一种通过使用虚拟化技术来输入和输出数据的方法和装置。 该方法包括基于存储在外部设备中的OS信息，生成连接到主机的外部设备的虚拟操作系统（OS），将主机的存储部分区域设置为外部设备的虚拟存储 并且响应于从虚拟OS输入和输出数据的请求，将数据存储在外部设备的虚拟存储器或存储器中。