公开(公告)号：US20170300430A1

公开(公告)日：2017-10-19

申请号：US15444350

申请日：2017-02-28

Applicant: VMWARE, INC.

Inventor： ALOK NEMCHAND KATARIA ,  WEI XU ,  RADU RUGINA ,  JEFFREY W. SHELDON ,  JAMES S. MATTSON ,  RAKESH AGARWAL ,  DAVID DUNN

IPC: G06F12/14 ,  G06F9/455 ,  G06F9/46 ,  G06F21/74

CPC classification number: G06F12/1458 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/50 ,  G06F21/74 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/152

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

公开(公告)号：US20180307829A1

公开(公告)日：2018-10-25

申请号：US15818783

申请日：2017-11-21

Applicant: VMWARE, INC.

Inventor： ALOK NEMCHAND KATARIA ,  DOUG COVELLI ,  JEFFREY W. SHELDON ,  FREDERICK JOSEPH JACOBS ,  DAVID DUNN

IPC: G06F21/53 ,  G06F3/06 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F3/0604 ,  G06F3/0634 ,  G06F3/0644 ,  G06F3/0664 ,  G06F3/0673 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2221/2149

Abstract: Techniques for securely supporting a global view of system memory in a physical/virtual computer system comprising a plurality of physical/virtual CPUs are provided. In one set of embodiments, the physical/virtual computer system can receive an interrupt indicating that a first physical/virtual CPU should enter a privileged CPU operating mode. The physical/virtual computer system can further determine that none of the plurality of physical/virtual CPUs are currently in the privileged CPU operating mode. In response to this determination, the physical/virtual computer system can modify the global view of system memory to include a special memory region comprising program code to be executed while in the privileged CPU operating mode; communicate, to the other physical/virtual CPUs, a signal to enter a stop state in which execution is halted but interrupts are accepted for entering the privileged CPU operating mode; and cause the first physical/virtual CPU to enter the privileged CPU operating mode.

公开(公告)号：US20170337000A1

公开(公告)日：2017-11-23

申请号：US15402243

申请日：2017-01-10

Applicant: VMWARE, INC.

Inventor： DAVID DUNN ,  ALOK NEMCHAND KATARIA ,  WEI XU ,  JEFFREY W. SHELDON

IPC: G06F3/06 ,  G06F21/55 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F12/145 ,  G06F21/554 ,  G06F21/575 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: Mechanisms to protect the integrity of a data structure that is traversed to locate protected memory pages are provided. Leaf nodes of the data structure store mappings that indicate which memory pages are protected. Both the pages indicated by the mappings and the pages that store the data structure are monitored by a tracing service that sends a notification to the hypervisor when a write to a traced page occurs. When system software receives such a notification, the system software traverses the data structure to determine whether any of the memory pages of the data structure is the traced page that was written to. If so, the alert action for that page is performed. If not, the system software determines whether any of the mappings in the leaf nodes include such a page and, if so, the alert action for that page is performed.