Abstract:
A hypervisor provides a guest operating system with a plurality of protection domains, including a root protection domain and one or more secure protection domains, and mechanisms for controlling the transitions between the protection domains. The guest physical memory region of a secure protection domain, which is mapped to host physical memory by secure nested page tables, stores secure guest code and data, and guest page tables for the secure guest code. When executing secure guest code, the guest page tables stored in the secure protection domain region are used for guest virtual to guest physical address translations, and the secure nested page tables are used for guest physical to host physical address translations.
Abstract:
In a computer system operable at more than one privilege level, an application is securely customized to use secret data without disclosing the secret data to a managing operating system. In operation, an integrity module executes at a higher privilege level than both the managing operating system and the application. After the managing operating system loads the application executable code, the integrity module injects the secret data directly into the instruction stream of the application executable code and then sets the memory location of the secret data as executable-only. As the application executes at the assigned privilege level, the instruction in the application directly accesses the secret data without performing any indirect memory access, thereby protecting the secret data from malicious attempts to read the secret data at a privilege level lower than the integrity module.
Abstract:
Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.
Abstract:
In a computer system operable at more than one privilege level, an interrupt security module handles interrupts without exposing a secret value of a register to virtual interrupt handling code that executes at a lower privilege level than the interrupt security module. The interrupt security module is configured to intercept interrupts generated while executing code at lower privilege levels. Upon receiving such an interrupt, the interrupt security module overwrites the secret value of the register with an unrelated constant. Subsequently, the interrupt security module generates a virtual interrupt corresponding to the interrupt and forwards the virtual interrupt to the virtual interrupt handling code. Advantageously, although the virtual interrupt handling code is able to determine the value of the register and consequently the unrelated constant, the virtual interrupt handling code is unable to determine the secret value.
Abstract:
A hypervisor provides a guest operating system with a plurality of protection domains, including a root protection domain and one or more secure protection domains, and mechanisms for controlling the transitions between the protection domains. The guest physical memory region of a secure protection domain, which is mapped to host physical memory by secure nested page tables, stores secure guest code and data, and guest page tables for the secure guest code. When executing secure guest code, the guest page tables stored in the secure protection domain region are used for guest virtual to guest physical address translations, and the secure nested page tables are used for guest physical to host physical address translations.
Abstract:
In a computer system operable at more than one privilege level, confidential code is securely customized to use secret data to establish a code protection domain without disclosing the secret data to a managing operating system. In operation, a security module executes at a higher privilege level than both the managing operating system and the confidential code. After the managing operating system loads the executable of the confidential code, the security module injects the secret data directly into an authorization instruction and a verification instruction included in the confidential code and then sets both the authorization instruction and the verification instruction as executable-only. As the confidential code executes at the assigned privilege level, the authorization instruction and the verification instruction use the secret data to distinguish between unauthorized and authorized execution of the confidential code.