专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08819676B2 Transparent memory-mapped emulation of I/O calls 有权
标题翻译： I / O调用的透明内存映射仿真
公开(公告)号：US08819676B2
公开(公告)日：2014-08-26
申请号：US12261722
申请日：2008-10-30
申请人： Daniel R. K. Ports , Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel
发明人： Daniel R. K. Ports , Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel
IPC分类号： G06F9/455
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.
摘要翻译：基于虚拟机的系统提供了通过在具有存储器映射区域的垫片层中实现I / O操作语义来实现受保护数据的应用文件I / O操作的机制。这些I / O操作的语义通过使用进程的地址空间和文件或共享内存对象之间的映射在具有内存映射区域的填充层中进行仿真。受虚拟机运行的客户机操作系统保护的数据可能会被进程访问。

2. 发明授权

US08261265B2 Transparent VMM-assisted user-mode execution control transfer 有权
标题翻译：透明VMM辅助用户模式执行控制传输
公开(公告)号：US08261265B2
公开(公告)日：2012-09-04
申请号：US12261623
申请日：2008-10-30
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Daniel R. K. Ports
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Daniel R. K. Ports
IPC分类号： G06F9/455
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system.
摘要翻译：基于虚拟机的系统提供了一种控制传递机制，可以直接从现有的虚拟硬件调用用户模式应用程序处理程序，而无需通过在虚拟机中运行的操作系统内核。虚拟机监视器直接调用访客用户模式处理程序，处理程序将控制器传送回虚拟机监视器，而不涉及客户机操作系统。

3. 发明授权

US08555081B2 Cryptographic multi-shadowing with integrity verification 有权
标题翻译：加密多重阴影与完整性验证
公开(公告)号：US08555081B2
公开(公告)日：2013-10-08
申请号：US12261194
申请日：2008-10-30
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Dan Boneh
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Dan Boneh
IPC分类号： G06F12/14
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
摘要翻译：一种基于虚拟机的系统，可以保护应用程序数据的隐私和完整性，即使在整个操作系统受损的情况下也是如此。应用程序呈现其资源的正常视图，但操作系统呈现加密视图。这允许操作系统执行管理应用程序资源的复杂任务，而不允许它读取或修改它们。呈现“物理”存储器的不同视图，这取决于执行访问的上下文。提供了超越由传统操作系统和处理器实现的分级保护域的附加维度。

4. 发明授权

US08719823B2 Managing latency introduced by virtualization 有权
标题翻译：管理由虚拟化引入的延迟
公开(公告)号：US08719823B2
公开(公告)日：2014-05-06
申请号：US12397914
申请日：2009-03-04
申请人： Pratap Subrahmanyam , Carl A. Waldspurger , Vyacheslav Malyugin , Tal Garfinkel
发明人： Pratap Subrahmanyam , Carl A. Waldspurger , Vyacheslav Malyugin , Tal Garfinkel
IPC分类号： G06F9/455 , G06F9/46
CPC分类号： G06F9/4881 , G06F9/45533 , G06F9/4887
摘要： A component manages and minimizes latency introduced by virtualization. The virtualization component determines that a currently scheduled guest process has executed functionality responsive to which the virtualization component is to execute a virtualization based operation, wherein the virtualization based operation is one that is not visible to the guest operating system. The virtualization component causes the guest operating system to de-schedule the currently scheduled guest process and schedule at least one separate guest process. The virtualization component then executes the virtualization based operation concurrently with the execution of the at least one separate guest process. Responsive to completing the execution of the virtualization based operation, the virtualization component causes the guest operating system to re-schedule the de-scheduled guest process.
摘要翻译：组件管理并最小化由虚拟化引入的延迟。虚拟化组件确定当前调度的访客进程已经执行响应于虚拟化组件将执行基于虚拟化的操作的功能，其中基于虚拟化的操作是客户操作系统不可见的。虚拟化组件使客户机操作系统取消调度当前调度的客户机进程并调度至少一个单独的客户机进程。然后，虚拟化组件与至少一个独立的客户进程的执行同时执行基于虚拟化的操作。响应于完成基于虚拟化的操作的执行，虚拟化组件使得客户机操作系统重新安排未排程的访客进程。

5. 发明授权

US08607013B2 Providing VMM access to guest virtual memory 有权
标题翻译：提供访问虚拟内存的VMM访问
公开(公告)号：US08607013B2
公开(公告)日：2013-12-10
申请号：US12261147
申请日：2008-10-30
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
IPC分类号： G06F12/00 , G06F13/00 , G06F13/28
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system provides a mechanism for a virtual machine monitor (VMM) to process a hypercall received from an application running in the virtual machine (VM). A hypercall interface causes the virtual memory pages, needed by the VMM to process the hypercall, to be available to the VMM. In one embodiment, when virtual memory pages needed by the VMM to process the hypercall are not available to the VMM, the application is caused to access the needed pages, in response to which the required virtual memory becomes available to the VMM.
摘要翻译：基于虚拟机的系统为虚拟机监视器（VMM）提供了一种机制，用于处理从虚拟机（VM）中运行的应用程序接收到的超级呼叫。一个超级呼叫界面使VMM所需的虚拟内存页面可以处理该超级调用，以供VMM使用。在一个实施例中，当VMM处理该超级呼叫所需的虚拟存储器页面对VMM不可用时，使应用程序访问所需的页面，响应于所需的虚拟存储器对VMM可用。

6. 发明申请

US20090113111A1 SECURE IDENTIFICATION OF EXECUTION CONTEXTS 审中-公开
标题翻译：安全执行执行标识
公开(公告)号：US20090113111A1
公开(公告)日：2009-04-30
申请号：US12261159
申请日：2008-10-30
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
IPC分类号： G06F12/08
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
摘要翻译：基于虚拟机的系统，其识别虚拟机中的应用或进程，以便定位与所识别的应用相关联的资源。然后基于所识别的应用的上下文来控制对所定位的资源的访问。那些没有必要上下文的应用程序将具有不同的资源视图。

7. 发明申请

US20090113110A1 Providing VMM Access to Guest Virtual Memory 有权
标题翻译：提供访问虚拟内存的VMM访问
公开(公告)号：US20090113110A1
公开(公告)日：2009-04-30
申请号：US12261147
申请日：2008-10-30
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
IPC分类号： G06F12/08 , G06F9/455 , G06F12/00
CPC分类号： G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
摘要： A virtual-machine-based system provides a mechanism for a virtual machine monitor (VMM) to process a hypercall received from an application running in the virtual machine (VM). A hypercall interface causes the virtual memory pages, needed by the VMM to process the hypercall, to be available to the VMM. In one embodiment, when virtual memory pages needed by the VMM to process the hypercall are not available to the VMM, the application is caused to access the needed pages, in response to which the required virtual memory becomes available to the VMM.
摘要翻译：基于虚拟机的系统为虚拟机监视器（VMM）提供了一种机制，用于处理从虚拟机（VM）中运行的应用程序接收到的超级呼叫。一个超级呼叫界面使VMM所需的虚拟内存页面可以处理该超级调用，以供VMM使用。在一个实施例中，当VMM处理该超级呼叫所需的虚拟存储器页面对VMM不可用时，使应用程序访问所需的页面，响应于所需的虚拟存储器对VMM可用。

8. 发明授权

US09274974B1 Isolating data within a computer system using private shadow mappings 有权
标题翻译：使用私有阴影映射隔离计算机系统内的数据
公开(公告)号：US09274974B1
公开(公告)日：2016-03-01
申请号：US11584178
申请日：2006-10-20
申请人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
发明人： Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
IPC分类号： G06F12/10
CPC分类号： G06F9/45558 , G06F12/109 , G06F12/1491 , G06F2009/45583 , G06F2212/1052 , G06F2212/151 , G06F2212/657
摘要： Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.
摘要翻译：虚拟化软件在虚拟机内建立多个执行环境，其中在一个环境中执行的软件模块不能访问另一环境的专用内存。为每个执行环境维护一组单独的影子内存地址映射。例如，可以为每个执行环境维护单独的影子页表。虚拟化软件确保一个执行环境的影子地址映射不映射到包含其他执行环境的私有代码或数据的物理内存页面。当执行从一个执行环境切换到另一个执行环境时，虚拟化软件会激活新执行环境的影子地址映射。使用单独映射的类似方法也可用于防止一个执行环境中的软件模块访问另一个执行环境的专用磁盘空间或其他辅助存储。

9. 发明授权

US07984304B1 Dynamic verification of validity of executable code 有权
标题翻译：动态验证可执行代码的有效性
公开(公告)号：US07984304B1
公开(公告)日：2011-07-19
申请号：US10791602
申请日：2004-03-02
申请人： Carl A. Waldspurger , Ole Agesen , Xiaoxin Chen , John R. Zedlewski , Tal Garfinkel
发明人： Carl A. Waldspurger , Ole Agesen , Xiaoxin Chen , John R. Zedlewski , Tal Garfinkel
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： G06F21/565
摘要： Computer-executable instructions in a computer are verified dynamically, after they have been identified for submission for execution, but before they are actually executed. In particular, for at least one current instruction that has been identified for submission to the processor for execution, an identifying value, for example, a hash value, is determined for a current memory block that contains the current instruction. The identifying value of the current memory block is then compared with a set of reference values. If the identifying value satisfies a validation condition, then execution of the current instruction by the processor is allowed. If the validation condition is not satisfied, then a response is generated: In the common case, execution of the current instruction is not allowed, or some other predetermined measure is taken.
摘要翻译：计算机中的计算机可执行指令在被识别为提交执行之后但在实际执行之前被动态地验证。特别地，对于已被识别用于提交给处理器以执行的至少一个当前指令，为包含当前指令的当前存储块确定标识值，例如哈希值。然后将当前存储器块的识别值与一组参考值进行比较。如果识别值满足验证条件，则允许由处理器执行当前指令。如果验证条件不满足，则产生响应：在常见情况下，不允许执行当前指令，或者采取其他一些预定措施。

10. 发明授权

US08266404B2 Generating and using checkpoints in a virtual computer system 有权
标题翻译：在虚拟计算机系统中生成和使用检查点
公开(公告)号：US08266404B2
公开(公告)日：2012-09-11
申请号：US13171268
申请日：2011-06-28
申请人： Carl A. Waldspurger , Michael Nelson , Daniel J. Scales , Pratap Subrahmanyam
发明人： Carl A. Waldspurger , Michael Nelson , Daniel J. Scales , Pratap Subrahmanyam
IPC分类号： G06F12/02
CPC分类号： G06F11/1407 , G06F11/1435 , G06F11/1438 , G06F11/1458 , G06F11/1471 , G06F11/1482 , G06F11/1484 , G06F12/16 , G06F2201/815 , G06F2201/84
摘要： To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.
摘要翻译：要为虚拟机（VM）生成检查点，首先，当VM仍在运行时，会创建指向VM所使用的父磁盘文件的写时复制（COW）磁盘文件。接下来，VM停止，VM的内存被标记为COW，VM的设备状态被保存到内存，VM被切换为使用COW磁盘文件，并且VM再次开始运行，大部分剩下的检查点生成。接下来，将存储在存储器中的设备状态和未修改的VM内存页保存到检查点文件。另外，作为检查点的一部分，可以将父磁盘文件作为副本作为保留，也可以将原始的父磁盘文件作为检查点的一部分进行保留。如果生成了父磁盘文件的副本，则COW磁盘文件可能会提交到原始的父磁盘文件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式