公开(公告)号：US10169253B2

公开(公告)日：2019-01-01

申请号：US15682056

申请日：2017-08-21

Applicant: VMware, Inc.

Inventor： Xiaoxin Chen ,  Carl A. Waldspurger ,  Pratap Subrahmanyam ,  Tal Garfinkel ,  Dan Boneh

IPC: G06F12/14 ,  G06F21/62

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

公开(公告)号：US10255159B2

公开(公告)日：2019-04-09

申请号：US15818577

申请日：2017-11-20

Applicant: VMWare, Inc.

Inventor： James E. Chow ,  Tal Garfinkel ,  Peter M. Chen

IPC: G06F11/36 ,  G06F9/455

Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed.

公开(公告)号：US09740637B2

公开(公告)日：2017-08-22

申请号：US14048515

申请日：2013-10-08

Applicant: VMware, Inc.

Inventor： Xiaoxin Chen ,  Carl A. Waldspurger ,  Pratap Subrahmanyam ,  Tal Garfinkel ,  Dan Boneh

IPC: G06F12/00 ,  G06F12/14 ,  G06F21/62

CPC classification number: G06F12/1408 ,  G06F12/1491 ,  G06F21/6218 ,  G06F2212/151

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

公开(公告)号：US09658878B2

公开(公告)日：2017-05-23

申请号：US14467974

申请日：2014-08-25

Applicant: VMware, Inc.

Inventor： Daniel R. K. Ports ,  Xiaoxin Chen ,  Carl A. Waldspurger ,  Pratap Subrahmanyam ,  Tal Garfinkel

IPC: G06F9/46 ,  G06F11/14 ,  G06F9/48 ,  G06F9/455 ,  G06F9/44

CPC classification number: G06F9/461 ,  G06F9/4486 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/4881 ,  G06F11/1451 ,  G06F11/1484 ,  G06F2009/45562 ,  G06F2009/45583 ,  G06F2201/815 ,  G06F2201/84

Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.