公开(公告)号：WO2013101188A1

公开(公告)日：2013-07-04

申请号：PCT/US2011/068118

申请日：2011-12-30

Applicant: INTEL CORPORATION ,  SAHITA, Ravi L. ,  RASHEED, Yasser ,  SHANBHOGUE, Vedvyas ,  DURHAM, David M. ,  ROBINSON, Scott H. ,  SCHMITZ, Paul S.

Inventor： SAHITA, Ravi L. ,  RASHEED, Yasser ,  SHANBHOGUE, Vedvyas ,  DURHAM, David M. ,  ROBINSON, Scott H. ,  SCHMITZ, Paul S.

IPC: G06F21/22 ,  G06F21/20

CPC classification number: G06F12/10 ,  G06F21/554 ,  G06F21/6227 ,  G06F2212/251 ,  G06F2221/034

Abstract: Embodiments of apparatuses and methods for memory event notification are disclosed. In one embodiment, a processor includes address translation hardware and memory event hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory event hardware is to detect an access to a registered portion of memory.

Abstract translation: 公开了用于存储器事件通知的装置和方法的实施例。 在一个实施例中，处理器包括地址转换硬件和存储器事件硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 存储器事件硬件是检测对存储器的注册部分的访问。

公开(公告)号：WO2014039665A1

公开(公告)日：2014-03-13

申请号：PCT/US2013/058239

申请日：2013-09-05

Applicant: INTEL CORPORATION ,  GREWAL, Karanvir S. ,  SAHITA, Ravi L. ,  DURHAM, David

Inventor： GREWAL, Karanvir S. ,  SAHITA, Ravi L. ,  DURHAM, David

IPC: G06F12/14

CPC classification number: H04L63/0428 ,  G06F21/52 ,  G06F21/53 ,  G06F21/606 ,  G06F21/78 ,  G06F21/85

Abstract: One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.

Abstract translation: 用于减轻对数据业务的未经授权访问的装置的一个特定示例实现包括：操作系统栈以分配未受保护的内核传送缓冲器; 分配受保护的存储器数据缓冲器的管理程序，其中数据将被存储在受保护的存储器数据缓冲器中，然后被复制到未受保护的内核传送缓冲器; 以及编码器模块，用于加密存储在受保护的存储器数据缓冲器中的数据，其中未受保护的内核传送缓冲器接收到加密数据的副本。

公开(公告)号：WO2013101208A1

公开(公告)日：2013-07-04

申请号：PCT/US2011/068192

申请日：2011-12-30

Applicant: INTEL CORPORATION ,  DURHAM, David M. ,  SAHITA, Ravi L. ,  DEWAN, Prashant

Inventor： DURHAM, David M. ,  SAHITA, Ravi L. ,  DEWAN, Prashant

IPC: G06F21/20 ,  G06F21/22

CPC classification number: G06F12/1458 ,  G06F21/121 ,  G06F21/50 ,  G06F21/79

Abstract: Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation.

Abstract translation: 公开了用于硬件强制存储器访问许可的设备和方法的实施例。 在一个实施例中，处理器包括地址转换硬件和存储器访问硬件。 地址转换硬件是支持由软件使用的访问存储器的第一地址到由处理器使用以访问存储器的第二地址的翻译。 内存访问硬件是检测访问权限冲突。

公开(公告)号：WO2013074071A1

公开(公告)日：2013-05-23

申请号：PCT/US2011/060621

申请日：2011-11-14

Applicant: INTEL CORPORATION ,  VIPAT, Harshawardhan ,  SAHITA, Ravi ,  CHATTERJEE, Roshni ,  TALLAM, Madhukar

Inventor： VIPAT, Harshawardhan ,  SAHITA, Ravi ,  CHATTERJEE, Roshni ,  TALLAM, Madhukar

IPC: G06F9/44 ,  G06F9/06 ,  G06F12/00

CPC classification number: G06F12/1491 ,  G06F9/45558 ,  G06F12/145 ,  G06F2009/45583 ,  G06F2212/151

Abstract: Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed.

Abstract translation: 这里描述了用于虚拟机管理器的装置，计算机实现的方法，系统和计算机可读介质的实施例，其中虚拟机管理器被配置为选择性地采用具有不同权限的不同视图来映射虚拟机的虚拟机的客体物理存储器 用于承载设备的物理存储器的装置，以调节对位于物理存储器的不同部分中的虚拟机的应用的不同部分的访问和保护。 可以描述和/或要求保护其他实施例。

公开(公告)号：WO2013062719A1

公开(公告)日：2013-05-02

申请号：PCT/US2012/058079

申请日：2012-09-28

Applicant: INTEL CORPORATION ,  NEIGER, Gilbert ,  HUNTLEY, Barry E. ,  SAHITA, Ravi L. ,  SHANBHOGUE, Vedvyas ,  BRANDT, Jason W.

Inventor： NEIGER, Gilbert ,  HUNTLEY, Barry E. ,  SAHITA, Ravi L. ,  SHANBHOGUE, Vedvyas ,  BRANDT, Jason W.

IPC: G06F9/06 ,  G06F9/30 ,  G06F9/44

CPC classification number: G06F9/45545 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/4555

Abstract: A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.

Abstract translation: 处理核心，包括指令执行逻辑电路和寄存器空间。 要从VMCS加载的与VM条目相称的寄存器空间，其中指示是否启用了代表VMM的由处理核心提供的服务的信息。 指令执行逻辑响应客户软件调用指令：参考寄存器空间以确认服务已被使能，并且参考第二寄存器空间或存储器空间来获取由所述客户端写入的所述服务的输入参数 软件。

公开(公告)号：WO2012134584A1

公开(公告)日：2012-10-04

申请号：PCT/US2011/067796

申请日：2011-12-29

Applicant: INTEL CORPORATION ,  SAHITA, Ravi L. ,  DURHAM, David M. ,  DEWAN, Prashant ,  CASTELINO, Manohar R.

Inventor： SAHITA, Ravi L. ,  DURHAM, David M. ,  DEWAN, Prashant ,  CASTELINO, Manohar R.

IPC: G06F9/06 ,  G06F9/44 ,  G06F9/30

CPC classification number: G06F21/54 ,  G06F11/3644 ,  G06F21/566

Abstract: Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory.

Abstract translation: 通常，本公开描述了用于透明地测试计算机进程的系统和方法。 这些系统和方法被配置为允许检测可执行代码，同时允许旧的存储器扫描工具来监视存储在存储器中的相应的未被记录的可执行代码。

公开(公告)号：WO2007111662A2

公开(公告)日：2007-10-04

申请号：PCT/US2006/047905

申请日：2006-12-14

Applicant: INTEL CORPORATION ,  KOHLENBERG, Tobias, M. ,  SAHITA, Ravi, L.

Inventor： KOHLENBERG, Tobias, M. ,  SAHITA, Ravi, L.

CPC classification number: H04L63/1416

Abstract: A method, apparatus and system enable access control and intrusion detection on encrypted data. Specifically, application data on a node may be routed to a partition on the host. The partition may utilize Direct Memory Access ("DMA") to access session key stored in a host OS. The partition may thereafter utilize the session key to perform intrusion detection on encrypted data from the application.

Abstract translation: 一种方法，装置和系统启用对加密数据的访问控制和入侵检测。 具体来说，节点上的应用数据可以被路由到主机上的分区。 分区可以利用直接存储器访问（“DMA”）来访问存储在主机OS中的会话密钥。 该分区此后可以利用会话密钥对来自应用的加密数据执行入侵检测。

公开(公告)号：WO2014209269A1

公开(公告)日：2014-12-31

申请号：PCT/US2013/047381

申请日：2013-06-24

Applicant: INTEL CORPORATION ,  LEMAY, Michael ,  DURHAM, David M. ,  SAHITA, Ravi L. ,  ANDERSON, Andrew V.

Inventor： LEMAY, Michael ,  DURHAM, David M. ,  SAHITA, Ravi L. ,  ANDERSON, Andrew V.

IPC: G06F21/53

CPC classification number: G06F12/145 ,  G06F9/30076 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1491 ,  G06F2009/45583 ,  G06F2212/1052 ,  G06F2212/151

Abstract: Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure.

Abstract translation: 通常，本公开提供了用于虚拟机（VM）环境中的受保护的存储器视图的系统，方法和计算机可读介质，其实现了受VMX根模式之外的可信访客软件的嵌套页表访问。 该系统可以包括被配置为通过操作系统（OS）内核组件和由VM的来宾内的用户空间应用提供对嵌套页表结构的访问的编辑器模块，其中嵌套页表结构与 受保护的内存视图。 该系统还可以包括页面处理处理器，其被配置为通过维护嵌套页表结构中的安全信息来保护该访问。

公开(公告)号：WO2013006500A1

公开(公告)日：2013-01-10

申请号：PCT/US2012/045131

申请日：2012-06-29

Applicant: INTEL CORPORATION ,  SAHITA, Ravi L. ,  LI, Xiaoning ,  CASTELINO, Manohar R.

Inventor： SAHITA, Ravi L. ,  LI, Xiaoning ,  CASTELINO, Manohar R.

IPC: G06F21/22 ,  G06F9/48 ,  G06F12/14

CPC classification number: G06F13/24 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45579

Abstract: Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed.

Abstract translation: 本公开的各种实施例可以描述用于减少由程序之间切换存储​​器页面许可视图而引起的系统延迟的方法，装置和系统，同时仍保护存储器的关键区域免受恶意软件的攻击。 可以公开和要求保护其他实施例。

公开(公告)号：WO2011078861A1

公开(公告)日：2011-06-30

申请号：PCT/US2009/069386

申请日：2009-12-23

Applicant: INTEL CORPORATION ,  SAHITA, Ravi, L. ,  RAMANUJAN, Raj, K. ,  RAGHUNATH, Arun ,  ZINATY, Amir ,  SARANGAM, Parthasarathy

Inventor： SAHITA, Ravi, L. ,  RAMANUJAN, Raj, K. ,  RAGHUNATH, Arun ,  ZINATY, Amir ,  SARANGAM, Parthasarathy

IPC: G06F13/14 ,  G06F15/16 ,  G06F9/44 ,  G06F3/00

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L69/12 ,  H04L69/22 ,  H04L69/324

Abstract: A computer platform may support hardware assisted packet handling to efficiently filter and route packets in an ordered sequence through a virtual network of inline appliances and virtual machines via network interface card (NIC) and other platform hardware. The hardware may add, update, and parse tags representing routing action into packets. The computer platform may support hardware assisted inter-VM communication without requiring additional processor cycles to switch packets between inline appliances in single root I/O virtualized (SR-IOV) and multiple root I/O virtualized (MR-IOV) scenarios. The computer platform may support hardware assisted VM migration technique to reduce the complexity and software overheads involved in migrating a running virtual machine from one platform to the other.

Abstract translation: 计算机平台可以支持硬件辅助分组处理，以通过网络接口卡（NIC）和其他平台硬件通过内联设备和虚拟机的虚拟网络以有序序列有效地过滤和路由分组。 硬件可以将表示路由动作的标签添加，更新和解析成分组。 计算机平台可以支持硬件辅助的VM间通信，而不需要额外的处理器周期来在单根I / O虚拟化（SR-IOV）和多根I / O虚拟化（MR-IOV）场景中的内联设备之间切换数据包。 计算机平台可以支持硬件辅助的VM迁移技术，以减少将正在运行的虚拟机从一个平台迁移到另一个平台所涉及的复杂性和软件开销。