公开(公告)号：US20170337000A1

公开(公告)日：2017-11-23

申请号：US15402243

申请日：2017-01-10

Applicant: VMWARE, INC.

Inventor： DAVID DUNN ,  ALOK NEMCHAND KATARIA ,  WEI XU ,  JEFFREY W. SHELDON

IPC: G06F3/06 ,  G06F21/55 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F12/145 ,  G06F21/554 ,  G06F21/575 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: Mechanisms to protect the integrity of a data structure that is traversed to locate protected memory pages are provided. Leaf nodes of the data structure store mappings that indicate which memory pages are protected. Both the pages indicated by the mappings and the pages that store the data structure are monitored by a tracing service that sends a notification to the hypervisor when a write to a traced page occurs. When system software receives such a notification, the system software traverses the data structure to determine whether any of the memory pages of the data structure is the traced page that was written to. If so, the alert action for that page is performed. If not, the system software determines whether any of the mappings in the leaf nodes include such a page and, if so, the alert action for that page is performed.

公开(公告)号：US20170337011A1

公开(公告)日：2017-11-23

申请号：US15256779

申请日：2016-09-06

Applicant: VMWARE, INC.

Inventor： WEI XU ,  Alok Nemchand Kataria ,  Jeffrey W. Sheldon

IPC: G06F3/06 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” as well as protections on the memory pages that store the guest integrity driver. To prevent spurious alerts associated with the GI driver accessing its own data, the hypervisor maintains two page tables. In one copy, pages storing data for the GI driver are not protected and in the other, those pages are protected. The hypervisor switches the page tables when entering and exiting integrity mode.

公开(公告)号：US20170300430A1

公开(公告)日：2017-10-19

申请号：US15444350

申请日：2017-02-28

Applicant: VMWARE, INC.

Inventor： ALOK NEMCHAND KATARIA ,  WEI XU ,  RADU RUGINA ,  JEFFREY W. SHELDON ,  JAMES S. MATTSON ,  RAKESH AGARWAL ,  DAVID DUNN

IPC: G06F12/14 ,  G06F9/455 ,  G06F9/46 ,  G06F21/74

CPC classification number: G06F12/1458 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/50 ,  G06F21/74 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/152

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.