专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明授权

US08555380B2 Automatic modification of executable code 有权
标题翻译：自动修改可执行代码
公开(公告)号：US08555380B2
公开(公告)日：2013-10-08
申请号：US12039486
申请日：2008-02-28
申请人： Vedvyas Shanbhogue , Ravi Sahita , Uday Savagaonkar
发明人： Vedvyas Shanbhogue , Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F11/00
CPC分类号： G06F9/4484 , G06F2209/542
摘要： A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded.
摘要翻译：提供了一种用于自动修改软件代理的可执行文件的方法。该方法包括检测可执行文件中的原始静态入口点和出口点，并产生相应的变换点; 通过将可执行文件链接到完整性服务环境并嵌入签名的代理清单来修改可执行文件; 将修改的可执行文件加载到存储器中并且与所述软件代理的管理程序注册目标列表，其中所述目标列表提供受保护页面和活动页面表之间的映射; 检测可执行文件中的动态入口点和出口点，并生成相应的转换点; 响应于被转换的退出点被调用，切换到受保护的上下文，并且响应于被转换的入口点被切换到活动上下文; 以及响应于所述软件代理被卸载，将所述软件代理与所述存储器保护模块取消注册。

42. 发明授权

US08281402B2 Network vulnerability assessment of a host platform from an isolated partition in the host platform 有权
标题翻译：主机平台上的孤立分区的主机平台的网络漏洞评估
公开(公告)号：US08281402B2
公开(公告)日：2012-10-02
申请号：US11435038
申请日：2006-05-16
申请人： Ravi Sahita , Uday Savagaonkar , Hormuzd Khosravi , Uri Blumenthal
发明人： Ravi Sahita , Uday Savagaonkar , Hormuzd Khosravi , Uri Blumenthal
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F21/577 , H04L63/0227
摘要： According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.
摘要翻译：根据本发明的实施例，主机平台设备包括可以检测主机平台设备完全连接到网络的尝试的嵌入式固件代理。固件代理可以限制主机平台设备和网络之间的流量来引导流量，测试设备以确定设备漏洞，可能暂时停止访问其他外围设备，并将设备漏洞的报告传输到远程策略服务器。在执行测试之后，固件代理可以从远程策略服务器接收关于设备是否被允许完全连接到网络的指示，并且如果是，是否存在对业务流量的任何进一步的限制，对于例如，如果允许外围设备访问。

43. 发明申请

US20120124579A1 METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE 有权
标题翻译：计算机软件自适应完整度测量的方法与装置
公开(公告)号：US20120124579A1
公开(公告)日：2012-05-17
申请号：US13356918
申请日：2012-01-24
申请人： Ravi Sahita , Uday Savagaonkar
发明人： Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F9/455 , G06F11/00
CPC分类号： G06F9/45533 , G06F21/51 , G06F21/57
摘要： Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译：本文描述了系统和方法，其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。这可能会在初始运行时以及连续操作期间发生，并允许平台用户从各种供应商安装软件，而不会牺牲完整性测量，因此可以平台的可信赖性。

44. 发明申请

US20080244572A1 METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE 有权
标题翻译：计算机软件自适应完整度测量的方法与装置
公开(公告)号：US20080244572A1
公开(公告)日：2008-10-02
申请号：US11694478
申请日：2007-03-30
申请人： Ravi Sahita , Uday Savagaonkar
发明人： Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F9/455
CPC分类号： G06F9/45533 , G06F21/51 , G06F21/57
摘要： Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译：本文描述了系统和方法，其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。这可能会在初始运行时以及连续操作期间发生，并允许平台用户从各种供应商安装软件，而不会牺牲完整性测量，因此可以平台的可信赖性。

45. 发明申请

US20080082772A1 Tamper protection of software agents operating in a VT environment methods and apparatuses 失效
标题翻译：在VT环境中操作的软件代理的篡改保护方法和设备
公开(公告)号：US20080082772A1
公开(公告)日：2008-04-03
申请号：US11529828
申请日：2006-09-29
申请人： Uday Savagaonkar , Ravi Sahita , David Durham , Hormuzd Khosravi
发明人： Uday Savagaonkar , Ravi Sahita , David Durham , Hormuzd Khosravi
IPC分类号： G06F12/14
CPC分类号： G06F12/145 , G06F12/1491 , G06F21/54 , G06F21/6218 , G06F21/79 , G06F2221/2141
摘要： Methods, apparatuses, articles, and systems for comparing a first security domain of a first memory page of a physical device to a second security domain of a second memory page of the physical device, the security domains being stored in one or more registers of a processor of the physical device, are described herein. Based on the comparison, the processor disallows an instruction from the first memory page to access the second memory page if the first security domain is different from the second security domain. Resultantly, software agents, in particular, critical software agents, may be protected in a VT environment more efficiently and effectively.
摘要翻译：用于将物理设备的第一存储器页面的第一安全域与物理设备的第二存储器页面的第二安全域进行比较的方法，设备，文章和系统，所述安全域被存储在物理设备的一个或多个寄存器中物理设备的处理器。基于比较，如果第一安全域与第二安全域不同，则处理器不允许来自第一存储器页的指令访问第二存储器页。因此，软件代理，特别是关键软件代理，可以在VT环境中更有效和更有效地得到保护。

46. 发明申请

US20080022065A1 Dynamically sharing a stack between different code segments 失效
标题翻译：在不同代码段之间动态共享堆栈
公开(公告)号：US20080022065A1
公开(公告)日：2008-01-24
申请号：US11490824
申请日：2006-07-21
申请人： Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
发明人： Subhash Gutti , Uday Savagaonkar , Ravi Sahita , David Durham
IPC分类号： G06F12/00
CPC分类号： G06F12/1475 , G06F12/145
摘要： In one embodiment, the present invention includes a method for receiving a request from a caller code portion of a first color to color at least a portion of a stack with a second color, determining if the request is valid, and if so remapping the stack portion from a first mapping colored with the first color to a second mapping colored with the second color. Other embodiments are described and claimed.
摘要翻译：在一个实施例中，本发明包括一种方法，用于从第一颜色的呼叫者代码部分接收请求以对具有第二颜色的堆栈的至少一部分进行着色，确定请求是否有效，以及如果重新映射堆栈从具有第一颜色的第一映射部分到第二颜色的第二映射。描述和要求保护其他实施例。

47. 发明申请

US20070006175A1 Intra-partitioning of software components within an execution environment 审中-公开
标题翻译：在执行环境内部分软件组件
公开(公告)号：US20070006175A1
公开(公告)日：2007-01-04
申请号：US11395488
申请日：2006-03-30
申请人： David Durham , Hormuzd Khosravi , Ravi Sahita , Uday Savagaonkar
发明人： David Durham , Hormuzd Khosravi , Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F9/44
CPC分类号： G06F21/54 , G06F2009/45587 , H04L63/123 , H04L63/126 , H04L63/20
摘要： Embodiments of apparatuses, articles, methods, and systems for intra-partitioning components within an execution environment are generally described herein. Other embodiments may be described and claimed.
摘要翻译：这里通常描述用于执行环境内的分区内部件的装置，物品，方法和系统的实施例。可以描述和要求保护其他实施例。

48. 发明授权

US08738889B2 Generating multiple address space identifiers per virtual machine to switch between protected micro-contexts 有权
标题翻译：为每个虚拟机生成多个地址空间标识符，以便在受保护的微上下文之间切换
公开(公告)号：US08738889B2
公开(公告)日：2014-05-27
申请号：US13650227
申请日：2012-10-12
申请人： Uday Savagaonkar , Madhavan Parthasarathy , Ravi Sahita , David Durham
发明人： Uday Savagaonkar , Madhavan Parthasarathy , Ravi Sahita , David Durham
IPC分类号： G06F12/00
CPC分类号： G06F12/1027 , G06F12/145
摘要： Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
摘要翻译：公开了用于在每个虚拟机之间生成多个地址空间标识符以在受保护的微上下文之间切换的发明的实施例。在一个实施例中，一种方法包括接收需要地址转换的指令; 响应于接收到指令，从页表指针存储位置的内容指向的页表中启动页面移动; 在页面散步期间发现转换条目; 将地址转换和多个地址源标识符之一存储在转换后备缓冲器中，所述多个地址源标识符中的一个基于多个虚拟分区标识符中的一个，多个虚拟分区标识符中的至少两个与多个虚拟机中的一个相关联; 并重新启动页面散步。

49. 发明授权

US08464251B2 Method and apparatus for managing page tables from a non-privileged software domain 有权
标题翻译：用于从非特权软件域管理页表的方法和装置
公开(公告)号：US08464251B2
公开(公告)日：2013-06-11
申请号：US11695021
申请日：2007-03-31
申请人： Ravi Sahita , Uday Savagaonkar , Paul Schmitz
发明人： Ravi Sahita , Uday Savagaonkar , Paul Schmitz
IPC分类号： G06F9/455 , G06F12/14 , G06F12/16
CPC分类号： G06F9/45558 , G06F2009/45583
摘要： A virtual machine monitor; and an executive virtual machine to manage page tables in place of the virtual machine monitor are described. Other embodiments may be described and claimed.
摘要翻译：虚拟机监视器; 并且描述了代替虚拟机监视器来管理页表的执行器虚拟机。可以描述和要求保护其他实施例。

50. 发明授权

US08261065B2 Protecting caller function from undesired access by callee function 有权
标题翻译：保护来电功能免受被叫功能的不期望的访问
公开(公告)号：US08261065B2
公开(公告)日：2012-09-04
申请号：US11770067
申请日：2007-06-28
申请人： Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人： Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号： G06F21/00
CPC分类号： G06F21/52 , G06F9/4486
摘要： Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译：公开了一种用于从第二功能限制多个代码的第一代码和第一函数的数据的访问的方法。该方法包括通过第一功能调用第二功能，多个数据的地址可以被存储在堆栈页面中并以第一颜色（102）着色。该方法包括在转换页面中执行访问控制检查，以验证第一功能是否具有调用第二功能的权限（104）。此外，该方法包括通过使第二颜色（106）中的数据和/或地址着色来保护第一代码免受第二功能。此外，该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数，第二函数的地址以第三颜色（108）着色，并且通过着色第一代码中的第一代码的地址来对第一代码进行保护第一颜色（110）。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式