中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

12 records (took 0.018 seconds)

    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION
    2.
    发明申请
    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION 审中-公开
    CRYPTOGRAPHIC多重阴影与完整性验证

    公开(公告)号:US20150100791A1

    公开(公告)日:2015-04-09

    申请号:US14048515

    申请日:2013-10-08

    Applicant: VMware, Inc.

    Inventor: Xiaoxin CHEN Carl A. WALDSPURGER Pratap SUBRAHMANYAM Tal GARFINKEL Dan BONEH

    IPC: G06F12/14

    CPC classification number: G06F12/1408 G06F12/1491 G06F21/6218 G06F2212/151

    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

    Abstract translation: 一种基于虚拟机的系统,可以保护应用程序数据的隐私和完整性,即使在整个操作系统受损的情况下也是如此。 应用程序呈现其资源的正常视图,但操作系统呈现加密视图。 这允许操作系统执行管理应用程序资源的复杂任务,而不允许它读取或修改它们。 呈现“物理”存储器的不同视图,这取决于执行访问的上下文。 提供了超越由传统操作系统和处理器实现的分级保护域的附加维度。

    SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT
    4.
    发明申请
    SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT 有权
    增强虚拟机环境中程序的记忆保护的系统和方法

    公开(公告)号:US20130097359A1

    公开(公告)日:2013-04-18

    申请号:US13693552

    申请日:2012-12-04

    Applicant: VMWARE, INC.

    Inventor: Xiaoxin CHEN Pratap SUBRAHMANYAM

    IPC: G06F12/08

    CPC classification number: G06F12/08 G06F9/45558 G06F12/145 G06F21/79 G06F2009/45583

    Abstract: In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software.

    Abstract translation: 在支持虚拟化软件的执行和虚拟系统硬件的至少一个实例的计算机系统中,向虚拟化软件提供接口以允许程序直接定义其存储在物理存储器中的程序数据的访问特性。 该技术包括向虚拟化软件提供识别存储器页面及其访问特性的数据,然后从指定的数据导出存储器访问特性。 可选地,程序还可以指定在发生与所识别的存储器页面的访问相关联的故障时执行的预定义功能。 以这种方式,在虚拟化软件内部和外部运行的程序可以保护他的存储器页面,而不受操作系统软件的中介。

    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION
    6.
    发明申请
    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION 审中-公开

    公开(公告)号:US20170185531A9

    公开(公告)日:2017-06-29

    申请号:US14048515

    申请日:2013-10-08

    Applicant: VMware, Inc.

    Inventor: Xiaoxin CHEN Carl A. WALDSPURGER Pratap SUBRAHMANYAM Tal GARFINKEL Dan BONEH

    IPC: G06F12/14

    CPC classification number: G06F12/1408 G06F12/1491 G06F21/6218 G06F2212/151

    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION
    7.
    发明申请
    CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION 审中-公开

    公开(公告)号:US20170344496A1

    公开(公告)日:2017-11-30

    申请号:US15682056

    申请日:2017-08-21

    Applicant: VMware, Inc.

    Inventor: Xiaoxin CHEN Carl A. WALDSPURGER Pratap SUBRAHMANYAM Tal GARFINKEL Dan BONEH

    IPC: G06F12/14

    CPC classification number: G06F12/1408 G06F12/1491 G06F21/6218 G06F2212/151

    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

    ISOLATING DATA WITHIN A COMPUTER SYSTEM USING PRIVATE SHADOW MAPPINGS
    8.
    发明申请
    ISOLATING DATA WITHIN A COMPUTER SYSTEM USING PRIVATE SHADOW MAPPINGS 审中-公开
    在使用私人阴影映射的计算机系统中分离数据

    公开(公告)号:US20160179564A1

    公开(公告)日:2016-06-23

    申请号:US15055468

    申请日:2016-02-26

    Applicant: VMware, Inc.

    Inventor: Xiaoxin CHEN Carl A. WALDSPURGER Pratap SUBRAHMANYAM

    IPC: G06F9/455

    CPC classification number: G06F9/45558 G06F12/109 G06F12/1491 G06F2009/45583 G06F2212/1052 G06F2212/151 G06F2212/657

    Abstract: Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.

    Abstract translation: 虚拟化软件在虚拟机内建立多个执行环境,其中在一个环境中执行的软件模块不能访问另一环境的专用内存。 为每个执行环境维护一组单独的影子内存地址映射。 例如,可以为每个执行环境维护单独的影子页表。 虚拟化软件确保一个执行环境的影子地址映射不映射到包含其他执行环境的私有代码或数据的物理内存页面。 当执行从一个执行环境切换到另一个执行环境时,虚拟化软件会激活新执行环境的影子地址映射。 使用单独映射的类似方法也可用于防止一个执行环境中的软件模块访问另一个执行环境的专用磁盘空间或其他辅助存储。

Patent Agency Ranking