-
公开(公告)号:US20180046803A1
公开(公告)日:2018-02-15
申请号:US15235806
申请日:2016-08-12
申请人: Xiaoning Li , Ravi L. Sahita , David M. Durham
发明人: Xiaoning Li , Ravi L. Sahita , David M. Durham
CPC分类号: G06F21/566 , G06F11/1417 , G06F11/302 , G06F11/3089 , G06F21/54 , G06F2201/84
摘要: Technologies for hardware assisted native malware detection include a computing device. The computing device includes one or more processors with hook logic to monitor for execution of branch instructions of an application, compare the monitored branch instructions to filter criteria, and determine whether a monitored branch instruction satisfies the filter criteria. Additionally, the computing device includes a malware detector to provide the filter criteria to the hook logic, provide an address of a callback function to the hook logic to be executed in response to a determination that a monitored branch instruction satisfies the filter criteria, and analyze, in response to execution of the callback function, the monitored branch instruction to determine whether the monitored branch instruction is indicative of malware. Other embodiments are also described and claimed.
-
2.发明授权公开(公告)号:US08479295B2
公开(公告)日:2013-07-02
申请号:US13076378
申请日:2011-03-30
CPC分类号: G06F21/54 , G06F11/3644 , G06F21/566
摘要: Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory.
摘要翻译: 通常,本公开描述了用于透明地测试计算机进程的系统和方法。 这些系统和方法被配置为允许检测可执行代码,同时允许旧的存储器扫描工具来监视存储在存储器中的相应的未被记录的可执行代码。
-
公开(公告)号:US10515023B2
公开(公告)日:2019-12-24
申请号:US15088739
申请日:2016-04-01
申请人: Ravi L. Sahita , Gilbert Neiger , Vedvyas Shanbhogue , David M. Durham , Andrew V. Anderson , David A. Koufaty , Asit K. Mallick , Arumugam Thiyagarajah , Barry E. Huntley , Deepak K. Gupta , Michael Lemay , Joseph F. Cihula , Baiju V. Patel
发明人: Ravi L. Sahita , Gilbert Neiger , Vedvyas Shanbhogue , David M. Durham , Andrew V. Anderson , David A. Koufaty , Asit K. Mallick , Arumugam Thiyagarajah , Barry E. Huntley , Deepak K. Gupta , Michael Lemay , Joseph F. Cihula , Baiju V. Patel
IPC分类号: G06F12/00 , G06F12/14 , G06F12/1009 , G06F9/455 , G06F12/1027 , G06F21/78
摘要: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
-
公开(公告)号:US09405570B2
公开(公告)日:2016-08-02
申请号:US13341891
申请日:2011-12-30
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/45583
摘要: Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.
摘要翻译: 本公开的各种实施例可以描述用于减少由程序之间切换存储器页面许可视图而引起的系统延迟的方法,装置和系统,同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。
-
公开(公告)号:US20160179665A1
公开(公告)日:2016-06-23
申请号:US14581730
申请日:2014-12-23
CPC分类号: G06F12/08 , G06F9/45558 , G06F12/1009 , G06F12/1491 , G06F21/79 , G06F2009/45583 , G06F2009/45591 , G06F2212/151 , G06F2212/657
摘要: Generally, this disclosure provides systems, devices, methods and computer readable media for controlled memory view switching. The system may include a memory module comprising a shared address space between a first memory view and a second memory view. The system may also include a virtual machine monitor (VMM) to maintain a list of Controlled View Switch (CVS) descriptors. The system may further include a processor to receive a memory view switch request and to execute an instruction to save processor state information and switch from the first memory view to the second memory view, wherein the second memory view is specified by an extended page table pointer (EPTP) provided by one of the CVS descriptors.
摘要翻译: 通常,本公开提供了用于受控存储器视图切换的系统,设备,方法和计算机可读介质。 该系统可以包括存储器模块,该存储器模块包括第一存储器视图和第二存储器视图之间的共享地址空间。 该系统还可以包括维护受控视图切换(CVS)描述符的列表的虚拟机监视器(VMM)。 该系统还可以包括处理器,用于接收存储器视图切换请求并且执行用于保存处理器状态信息并从第一存储器视图切换到第二存储器视图的指令,其中第二存储器视图由扩展页表指针 (EPTP)由其中一个CVS描述符提供。
-
公开(公告)号:US08635705B2
公开(公告)日:2014-01-21
申请号:US12658876
申请日:2010-02-17
申请人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
发明人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
摘要: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要翻译: 在一些实施例中,方法可以提供带外(OOB)代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中,可管理性引擎可以向带内和带外安全代理提供带外连接,并提供对系统存储器资源的访问,而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。
-
公开(公告)号:US09286245B2
公开(公告)日:2016-03-15
申请号:US13995360
申请日:2011-12-30
申请人: David M. Durham , Ravi L. Sahita , Prashant Dewan
发明人: David M. Durham , Ravi L. Sahita , Prashant Dewan
CPC分类号: G06F12/1458 , G06F21/121 , G06F21/50 , G06F21/79
摘要: Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation.
摘要翻译: 公开了用于硬件强制存储器访问许可的装置和方法的实施例。 在一个实施例中,处理器包括地址转换硬件和存储器访问硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 内存访问硬件是检测访问权限冲突。
-
8.发明申请PROTECTED MEMORY VIEW FOR NESTED PAGE TABLE ACCESS BY VIRTUAL MACHINE GUESTS 审中-公开受保护的内存视图,用于虚拟机客户访问的页面表公开(公告)号:US20140380009A1
公开(公告)日:2014-12-25
申请号:US14127561
申请日:2013-06-24
CPC分类号: G06F12/145 , G06F9/30076 , G06F9/45558 , G06F12/1009 , G06F12/1491 , G06F2009/45583 , G06F2212/1052 , G06F2212/151
摘要: Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure.
摘要翻译: 通常,本公开提供了用于虚拟机(VM)环境中的受保护的存储器视图的系统,方法和计算机可读介质,其实现了受VMX根模式之外的受信任客户机的嵌套页表访问。 该系统可以包括被配置为通过操作系统(OS)内核组件和由VM的来宾内的用户空间应用提供对嵌套页表结构的访问的编辑器模块,其中嵌套页表结构与 受保护的内存视图。 该系统还可以包括页面处理处理器,其被配置为通过维护嵌套页表结构中的安全信息来保护该访问。
-
公开(公告)号:US20140157410A1
公开(公告)日:2014-06-05
申请号:US13690401
申请日:2012-11-30
申请人: Prashant Dewan , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Jason Martin , Michael Goldsmith , Ravi L. Sahita , Frank X McKeen , Carlos Rozas , Vembu Balaji , Scott Janus , Geoffrey S. Strongin , Xiaozhu Kang , Karanvir S. Grewal , Siddhartha Chhabra , Alpha T. Narendra Trivedi
发明人: Prashant Dewan , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Jason Martin , Michael Goldsmith , Ravi L. Sahita , Frank X McKeen , Carlos Rozas , Vembu Balaji , Scott Janus , Geoffrey S. Strongin , Xiaozhu Kang , Karanvir S. Grewal , Siddhartha Chhabra , Alpha T. Narendra Trivedi
IPC分类号: G06F21/64
摘要: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.
摘要翻译: 根据一些实施例,可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载,还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外,信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害,那么该部分可以被远程修补,并且在一些实施例中可以通过验证远程验证修补。
-
公开(公告)号:US20130191577A1
公开(公告)日:2013-07-25
申请号:US13734834
申请日:2013-01-04
IPC分类号: G06F12/08
CPC分类号: G06F12/1458 , G06F9/45533 , G06F9/468 , G06F11/1484 , G06F11/2056 , G06F12/08 , G06F12/1009 , G06F12/1425 , G06F12/145 , G06F12/1483 , G06F2009/45583 , G06F2009/45587 , G06F2201/815 , G06F2201/84 , G06F2212/1052 , G06F2212/657
摘要: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.
摘要翻译: 描述了使用虚拟存储器提高计算系统效率的技术和系统的实施例。 在实施例中,位于虚拟存储器系统中的两个存储器页面中的指令,使得页面中的一个不允许执行位于其中的指令,并且然后在允许执行所识别的指令的临时许可下执行。 在各种实施例中,临时许可可来自修改的虚拟内存页表,允许执行的临时虚拟内存页表,和/或具有根访问的仿真器。 在实施例中,可以提供每核心虚拟内存页表以允许计算机处理器的两个核心根据不同的存储器访问许可来操作。 在实施例中,物理页面许可表可以用于提供对每个物理页面存储器访问许可的维护和跟踪。 可以描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
59 条记录 (耗时 0.041 秒)
