-
1.发明授权公开(公告)号:US08181025B2
公开(公告)日:2012-05-15
申请号:US11591258
申请日:2006-10-31
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: H04L9/32 , G06F12/14 , G06F11/30 , G06F1/00 , G06F7/04 , G06G7/48 , G06F9/46 , G06F9/455 , G06F1/32 , G06F12/08
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译: 用于管理代理的方法包括响应于注册请求验证代理的完整性。 在完整性验证期间为代理提供内存保护。 当代理商的注册已经完成时生成指示。 根据本发明的一个方面,提供存储器保护包括具有虚拟机监视器对代理的限制访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20120090016A1
公开(公告)日:2012-04-12
申请号:US13373957
申请日:2011-12-06
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
-
3.发明申请公开(公告)号:US20080114985A1
公开(公告)日:2008-05-15
申请号:US11591258
申请日:2006-10-31
申请人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人: Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号: H04L9/00
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译: 用于管理代理的方法包括响应于注册请求验证代理的完整性。 在完整性验证期间为代理提供内存保护。 当代理商的注册已经完成时生成指示。 根据本发明的一个方面,提供存储器保护包括具有虚拟机监视器对代理的限制访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20080244725A1
公开(公告)日:2008-10-02
申请号:US11695016
申请日:2007-03-31
IPC分类号: G06F21/00
CPC分类号: G06F9/545 , G06F9/544 , G06F21/606 , G06F2209/542
摘要: According to one example embodiment of the inventive subject matter, there is described herein a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers. According to one embodiment described in more detail below, there is provided a method and apparatus for optimally transferring packet data across contexts (protected and unprotected) in a commodity operating system.
摘要翻译: 根据本发明主题的一个示例实施例,这里描述了一种使用分组队列和触发器在内部分区系统上安全有效地管理分组缓冲区之间的分组缓冲器的方法和装置。 根据下面更详细描述的一个实施例,提供了一种用于在商品操作系统中跨越上下文(受保护和未受保护)最佳地传送分组数据的方法和装置。
-
公开(公告)号:US20090172330A1
公开(公告)日:2009-07-02
申请号:US12005681
申请日:2007-12-28
申请人: Prashant Dewan , Uday Savagaonkar
发明人: Prashant Dewan , Uday Savagaonkar
IPC分类号: G06F12/00
CPC分类号: G06F12/1491 , G06F12/145
摘要: In one embodiment, the present invention includes a virtual machine monitor (VMM) to access a protection indicator of a page table entry (PTE) of a page of a set of memory buffers and determine a state of the protection indicator, and if the protection indicator indicates that the page is a user-level page and if certain information of an agent that seeks to use the page matches that in a protected memory address array, a page table base register (PTBR) is updated to a protected page table (PPT) base address. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一个虚拟机监视器(VMM),用于访问一组存储器缓冲器的页面的页表条目(PTE)的保护指示符,并确定保护指示符的状态,并且如果保护 指示符表示页面是用户级页面,并且如果寻求使用页面的代理的特定信息与受保护的存储器地址阵列中的那些信息匹配,则页表基址寄存器(PTBR)被更新到受保护页表(PPT) )基地址。 描述和要求保护其他实施例。
-
6.发明授权公开(公告)号:US08327359B2
公开(公告)日:2012-12-04
申请号:US13356918
申请日:2012-01-24
申请人: Ravi Sahita , Uday Savagaonkar
发明人: Ravi Sahita , Uday Savagaonkar
CPC分类号: G06F9/45533 , G06F21/51 , G06F21/57
摘要: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译: 本文描述了系统和方法,其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。 这可能会在初始运行时以及连续操作期间发生,并允许平台用户从各种供应商安装软件,而不会牺牲完整性测量,因此可以平台的可信赖性。
-
公开(公告)号:US20080280593A1
公开(公告)日:2008-11-13
申请号:US11770067
申请日:2007-06-28
申请人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人: Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号: H04M1/66
CPC分类号: G06F21/52 , G06F9/4486
摘要: Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译: 公开了一种用于从第二功能限制多个代码的第一代码和第一函数的数据的访问的方法。 该方法包括通过第一功能调用第二功能,多个数据的地址可以被存储在堆栈页面中并以第一颜色(102)着色。 该方法包括在转换页面中执行访问控制检查,以验证第一功能是否具有调用第二功能的权限(104)。 此外,该方法包括通过使第二颜色(106)中的数据和/或地址着色来保护第一代码免受第二功能。 此外,该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数,第二函数的地址以第三颜色(108)着色,并且通过着色第一代码中的第一代码的地址来对第一代码进行保护 第一颜色(110)。
-
公开(公告)号:US20070056039A1
公开(公告)日:2007-03-08
申请号:US11220462
申请日:2005-09-07
IPC分类号: G06F12/14
CPC分类号: G06F21/53 , G06F21/564
摘要: The present disclosure relates to providing a remediation scheme for a compromised system and, more specifically, to providing a memory filtration scheme using an isolated partition within a system.
摘要翻译: 本公开涉及为受损系统提供修复方案,更具体地,提供使用系统内的隔离分区的存储器过滤方案。
-
公开(公告)号:US09286235B2
公开(公告)日:2016-03-15
申请号:US13538900
申请日:2012-06-29
申请人: Gur Hildesheim , Shlomo Raikin , Ittai Anati , Gideon Gerzon , Uday Savagaonkar , Francis Mckeen , Carlos Rozas , Michael Goldsmith , Prashant Dewan
发明人: Gur Hildesheim , Shlomo Raikin , Ittai Anati , Gideon Gerzon , Uday Savagaonkar , Francis Mckeen , Carlos Rozas , Michael Goldsmith , Prashant Dewan
CPC分类号: G06F12/109 , G06F12/0284 , G06F12/1036 , G06F2212/656 , G06F2212/657
摘要: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.
摘要翻译: 公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。 在一个实施例中,处理器包括存储器接口,地址转换硬件和虚拟存储器地址比较硬件。 存储器接口是使用物理内存地址访问系统内存。 地址转换硬件是支持将虚拟内存地址转换为物理内存地址。 虚拟存储器地址由软件用于访问处理器的虚拟存储器地址空间中的虚拟存储器位置。 虚拟内存地址比较硬件是确定虚拟内存地址是否在虚拟内存地址范围内。
-
公开(公告)号:US20120096270A1
公开(公告)日:2012-04-19
申请号:US13337919
申请日:2011-12-27
申请人: Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
发明人: Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
IPC分类号: H04L9/32
CPC分类号: H04L63/0428 , H04L9/0631 , H04L9/3242 , H04L63/08 , H04L63/1466 , H04L63/168 , H04L2209/12 , H04L2209/38
摘要: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.
摘要翻译: 公开了客户机与服务器之间的端到端安全性,以及通过组合模式,单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。 在各种实施例中,组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元,并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签,其中 认证和加密密钥具有不同的密钥值。 在各种实施例中,密码单元以AES计数器模式运行,并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能,同时允许 中间设备访问用于解密数据的加密密钥,而不提供该设备损害数据完整性的能力,这在端到端设备之间保留。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.022 秒)
