公开(公告)号：US11062033B2

公开(公告)日：2021-07-13

申请号：US16409902

申请日：2019-05-13

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Sachin Shinde ,  Achindra Bhatnagar

IPC: G06F21/57 ,  G06F21/71 ,  G06F21/64

Abstract: The disclosure herein describes verifying integrity of security policies on a client device. Policy data sets associated with security applications of virtual machines on the client device are received from a server and stored on the client device. An integrity verifier on the client device receives verified checksums from the server, wherein the verified checksums are associated with the policy data sets. Client-side checksums are generated by the integrity verifier based on the stored policy data sets. Upon generating the client-side checksums, the integrity verifier compares the verified checksums to the generated client-side checksums. Based on the comparison indicating that a verified checksum and a client-side checksum differ, the integrity verifier generates a checksum failure indicator, wherein the client device is configured to take corrective measures to restore integrity of the virtual machines based on the checksum failure indicator.

公开(公告)号：US10592267B2

公开(公告)日：2020-03-17

申请号：US15402243

申请日：2017-01-10

Applicant: VMWARE, INC.

Inventor： David Dunn ,  Alok Nemchand Kataria ,  Wei Xu ,  Jeffrey W. Sheldon

IPC: G06F9/455 ,  G06F21/55 ,  G06F12/14 ,  G06F21/57

Abstract: Mechanisms to protect the integrity of a data structure that is traversed to locate protected memory pages are provided. Leaf nodes of the data structure store mappings that indicate which memory pages are protected. Both the pages indicated by the mappings and the pages that store the data structure are monitored by a tracing service that sends a notification to the hypervisor when a write to a traced page occurs. When system software receives such a notification, the system software traverses the data structure to determine whether any of the memory pages of the data structure is the traced page that was written to. If so, the alert action for that page is performed. If not, the system software determines whether any of the mappings in the leaf nodes include such a page and, if so, the alert action for that page is performed.

公开(公告)号：US20160299851A1

公开(公告)日：2016-10-13

申请号：US14798483

申请日：2015-07-14

Applicant: VMWARE, INC.

Inventor： James S. Mattson, JR. ,  Rakesh Agarwal ,  Alok Nemchand Kataria ,  Wei Xu ,  Frederick Joseph Jacobs

IPC: G06F12/10

CPC classification number: G06F12/145 ,  G06F9/45558 ,  G06F21/78 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/151

Abstract: A hypervisor provides a guest operating system with a plurality of protection domains, including a root protection domain and one or more secure protection domains, and mechanisms for controlling the transitions between the protection domains. The guest physical memory region of a secure protection domain, which is mapped to host physical memory by secure nested page tables, stores secure guest code and data, and guest page tables for the secure guest code. When executing secure guest code, the guest page tables stored in the secure protection domain region are used for guest virtual to guest physical address translations, and the secure nested page tables are used for guest physical to host physical address translations.

Abstract translation: 管理程序为客户机操作系统提供了多个保护域，包括根保护域和一个或多个安全保护域，以及用于控制保护域之间转换的机制。 通过安全嵌套页面表映射到主机物理内存的安全保护域的访客物理内存区域存储安全访客代码和数据，以及安全访客代码的访客页面表。 当执行安全访客代码时，存储在安全保护域区域中的访客页面表用于访客虚拟客户物理地址转换，并且安全嵌套页面表用于访客物理主机物理地址转换。

公开(公告)号：US20160294559A1

公开(公告)日：2016-10-06

申请号：US14749684

申请日：2015-06-25

Applicant: VMWARE, INC.

Inventor： Prasad Dabak ,  Alok Nemchand Kataria

IPC: H04L9/32 ,  G06F9/455 ,  G06F21/60

CPC classification number: H04L9/3247 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/45587 ,  H04L2209/24 ,  H04L2209/72

Abstract: Examples perform external verification of authenticity of software components loaded onto virtual machines (VM). A processor, external to the VM, reads the loaded software component from the VM, and restores the loaded software component to its disk image state by undoing any changes made to load the software component. The digital signature is read from the restored disk image of the software and compared to the verified digital signature of the publisher of the software component. Some examples contemplate marking the software component as verified or unverified, and preventing unverified software components from making global changes.

Abstract translation: 示例对加载到虚拟机（VM）上的软件组件的真实性执行外部验证。 虚拟机外部的处理器从VM读取加载的软件组件，并通过撤消对加载软件组件所做的任何更改，将加载的软件组件恢复到其磁盘映像状态。 从软件的恢复的磁盘映像读取数字签名，并与软件组件的发行者的已验证数字签名进行比较。 一些示例考虑将软件组件标记为已验证或未验证，并防止未验证的软件组件进行全局更改。

公开(公告)号：US11379385B2

公开(公告)日：2022-07-05

申请号：US15444350

申请日：2017-02-28

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Wei Xu ,  Radu Rugina ,  Jeffrey W. Sheldon ,  James S. Mattson ,  Rakesh Agarwal ,  David Dunn

IPC: G06F12/14 ,  G06F21/50 ,  G06F9/455 ,  G06F9/46 ,  G06F21/74

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

公开(公告)号：US10922402B2

公开(公告)日：2021-02-16

申请号：US14550881

申请日：2014-11-21

Applicant: VMware, Inc.

Inventor： Wei Xu ,  Alok Nemchand Kataria ,  Rakesh Agarwal ,  Martim Carbone

IPC: G06F21/53 ,  G06F13/24

Abstract: In a computer system operable at more than one privilege level, an interrupt security module handles interrupts without exposing a secret value of a register to virtual interrupt handling code that executes at a lower privilege level than the interrupt security module. The interrupt security module is configured to intercept interrupts generated while executing code at lower privilege levels. Upon receiving such an interrupt, the interrupt security module overwrites the secret value of the register with an unrelated constant. Subsequently, the interrupt security module generates a virtual interrupt corresponding to the interrupt and forwards the virtual interrupt to the virtual interrupt handling code. Advantageously, although the virtual interrupt handling code is able to determine the value of the register and consequently the unrelated constant, the virtual interrupt handling code is unable to determine the secret value.

公开(公告)号：US10678909B2

公开(公告)日：2020-06-09

申请号：US15818783

申请日：2017-11-21

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Doug Covelli ,  Jeffrey W. Sheldon ,  Frederick Joseph Jacobs ,  David Dunn

IPC: G06F21/53 ,  G06F3/06 ,  G06F9/455

Abstract: Techniques for securely supporting a global view of system memory in a physical/virtual computer system comprising a plurality of physical/virtual CPUs are provided. In one set of embodiments, the physical/virtual computer system can receive an interrupt indicating that a first physical/virtual CPU should enter a privileged CPU operating mode. The physical/virtual computer system can further determine that none of the plurality of physical/virtual CPUs are currently in the privileged CPU operating mode. In response to this determination, the physical/virtual computer system can modify the global view of system memory to include a special memory region comprising program code to be executed while in the privileged CPU operating mode; communicate, to the other physical/virtual CPUs, a signal to enter a stop state in which execution is halted but interrupts are accepted for entering the privileged CPU operating mode; and cause the first physical/virtual CPU to enter the privileged CPU operating mode.

公开(公告)号：US09870324B2

公开(公告)日：2018-01-16

申请号：US14798483

申请日：2015-07-14

Applicant: VMWARE, INC.

Inventor： James S. Mattson, Jr. ,  Rakesh Agarwal ,  Alok Nemchand Kataria ,  Wei Xu ,  Frederick Joseph Jacobs

IPC: G06F12/08 ,  G06F12/14

CPC classification number: G06F12/145 ,  G06F9/45558 ,  G06F21/78 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/151

Abstract: A hypervisor provides a guest operating system with a plurality of protection domains, including a root protection domain and one or more secure protection domains, and mechanisms for controlling the transitions between the protection domains. The guest physical memory region of a secure protection domain, which is mapped to host physical memory by secure nested page tables, stores secure guest code and data, and guest page tables for the secure guest code. When executing secure guest code, the guest page tables stored in the secure protection domain region are used for guest virtual to guest physical address translations, and the secure nested page tables are used for guest physical to host physical address translations.

公开(公告)号：US09531547B2

公开(公告)日：2016-12-27

申请号：US14749684

申请日：2015-06-25

Applicant: VMWARE, INC.

Inventor： Prasad Dabak ,  Alok Nemchand Kataria

IPC: G06F21/60 ,  H04L9/32 ,  G06F9/455

CPC classification number: H04L9/3247 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/45587 ,  H04L2209/24 ,  H04L2209/72

Abstract: Examples perform external verification of authenticity of software components loaded onto virtual machines (VM). A processor, external to the VM, reads the loaded software component from the VM, and restores the loaded software component to its disk image state by undoing any changes made to load the software component. The digital signature is read from the restored disk image of the software and compared to the verified digital signature of the publisher of the software component. Some examples contemplate marking the software component as verified or unverified, and preventing unverified software components from making global changes.

Abstract translation: 示例对加载到虚拟机（VM）上的软件组件的真实性执行外部验证。 虚拟机外部的处理器从VM读取加载的软件组件，并通过撤消对加载软件组件所做的任何更改，将加载的软件组件恢复到其磁盘映像状态。 从软件的恢复的磁盘映像中读取数字签名，并与软件组件的发行者的经过验证的数字签名进行比较。 一些示例考虑将软件组件标记为已验证或未验证，并防止未验证的软件组件进行全局更改。

公开(公告)号：US11327782B2

公开(公告)日：2022-05-10

申请号：US16561051

申请日：2019-09-05

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Martim Carbone ,  Deep Shah

IPC: G06F9/455 ,  H04L9/08 ,  H04L29/06

Abstract: The present disclosure provides an approach for migrating the contents of an enclave, together with a virtual machine comprising the enclave, from a source host to a destination host. The approach provides a technique that allows the contents of the enclave to remain secure during the migration process, and also allows the destination host to decrypt the contents of the enclave upon receiving the contents and upon receiving the VM that includes the enclave. The approach allows for the VM to continue execution on the destination host. The enclave retains its state from source host to destination host. Applications using the enclave in the source host are able to continue using the enclave on the destination host using the data migrated from the source host to the destination host.