会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Protection agents and privilege modes
    • 保护代理和特权模式
    • US08380987B2
    • 2013-02-19
    • US11627320
    • 2007-01-25
    • Eric TrautForrest FoltzAndrew ThorntonSuyash Sinha
    • Eric TrautForrest FoltzAndrew ThorntonSuyash Sinha
    • G06F21/00
    • G06F12/1491G06F9/45533G06F21/554
    • This document describes tools capable of making a portion of operating-system memory associated with a protection agent unalterable or inaccessible from an operating-system privilege mode. In some embodiments, these tools are capable of creating a protection-agent privilege mode by requesting that a virtual machine monitor protect this portion of operating-system memory. In other embodiments, these tools are capable of creating the protection-agent privilege mode by virtualizing a physical processor into multiple virtual processors, at least one of which is a protection-agent virtual processor designed to run the protection agent. By making this portion of operating-system memory unalterable or inaccessible from the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
    • 本文档描述了能够使与操作系统特权模式不可更改或不可访问的保护代理相关联的操作系统内存的一部分的工具。 在一些实施例中,这些工具能够通过请求虚拟机监视器保护操作系统存储器的这一部分来创建保护代理特权模式。 在其他实施例中,这些工具能够通过将物理处理器虚拟化为多个虚拟处理器来创建保护代理特权模式,其中至少一个虚拟处理器是被设计为运行保护代理的保护代理虚拟处理器。 通过使操作系统内存的这一部分从操作系统特权模式变得不可改变或不可访问,保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。
    • 4. 发明申请
    • Protection Agents and Privilege Modes
    • 保护代理和特权模式
    • US20080184373A1
    • 2008-07-31
    • US11627320
    • 2007-01-25
    • Eric TrautForrest C. FoltzAndrew ThorntonSuyash Sinha
    • Eric TrautForrest C. FoltzAndrew ThorntonSuyash Sinha
    • H04L9/00G06F12/00
    • G06F12/1491G06F9/45533G06F21/554
    • This document describes tools capable of making a portion of operating-system memory associated with a protection agent unalterable or inaccessible from an operating-system privilege mode. In some embodiments, these tools are capable of creating a protection-agent privilege mode by requesting that a virtual machine monitor protect this portion of operating-system memory. In other embodiments, these tools are capable of creating the protection-agent privilege mode by virtualizing a physical processor into multiple virtual processors, at least one of which is a protection-agent virtual processor designed to run the protection agent. By making this portion of operating-system memory unalterable or inaccessible from the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
    • 本文档描述了能够使与操作系统特权模式不可更改或不可访问的保护代理相关联的操作系统内存的一部分的工具。 在一些实施例中,这些工具能够通过请求虚拟机监视器保护操作系统存储器的这一部分来创建保护代理特权模式。 在其他实施例中,这些工具能够通过将物理处理器虚拟化为多个虚拟处理器来创建保护代理特权模式,其中至少一个虚拟处理器是被设计为运行保护代理的保护代理虚拟处理器。 通过使操作系统内存的这一部分从操作系统特权模式变得不可改变或不可访问,保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。
    • 7. 发明申请
    • Systems and methods for hypervisor discovery and utilization
    • 管理程序发现和利用的系统和方法
    • US20060248528A1
    • 2006-11-02
    • US11119200
    • 2005-04-29
    • Adrian OneyAndrew ThorntonEric TrautNathan Lewis
    • Adrian OneyAndrew ThorntonEric TrautNathan Lewis
    • G06F9/455
    • G06F9/45533
    • Systems and methods are provided, whereby partitions may become enlightened and discover the presence of a hypervisor. Several techniques of hypervisor discovery are discussed, such as detecting the presence of virtual processor registers (e.g. model specific registers or special-purpose registers) or the presence of virtual hardware devices. Upon discovery, information (code and/or data) may be injected in a partition by the hypervisor, whereby such injection allows the partition to call the hypervisor. Moreover, the hypervisor may present a versioning mechanism that allows the partition to match up the version of the hypervisor to its virtual devices. Next, once code and/or data is injected, calling conventions are established that allow the partition and the hypervisor to communicate, so that the hypervisor may perform some operations on behalf of the partition. Four exemplary calling conventions are considered: restartable instructions, a looping mechanism, shared memory transport, and synchronous or asynchronous processed packets. Last, cancellation mechanisms are considered, whereby partition requests may be cancelled.
    • 提供了系统和方法,由此分区可能变得开明并发现管理程序的存在。 讨论了管理程序发现的几种技术,例如检测虚拟处理器寄存器(例如模型特定寄存器或专用寄存器)的存在或虚拟硬件设备的存在。 一旦发现,信息(代码和/或数据)可以由管理程序注入到分区中,由此这种注入允许分区调用管理程序。 此外,管理程序可以呈现允许分区将虚拟机管理程序的版本与其虚拟设备相匹配的版本控制机制。 接下来,一旦注入了代码和/或数据,就建立了允许分区和管理程序进行通信的调用约定,以便管理程序可以代表分区执行一些操作。 考虑四个示例性的呼叫约定:可重新启动的指令,循环机制,共享存储器传输和同步或异步处理的分组。 最后,考虑取消机制,从而可能会取消分区请求。
    • 10. 发明申请
    • Method and system for caching address translations from multiple address spaces in virtual machines
    • 用于从虚拟机中的多个地址空间缓存地址转换的方法和系统
    • US20060259734A1
    • 2006-11-16
    • US11128982
    • 2005-05-13
    • John SheuDavid BaileyEric TrautRene Vega
    • John SheuDavid BaileyEric TrautRene Vega
    • G06F12/00
    • G06F12/1036G06F2212/151G06F2212/683
    • A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.
    • 通过影像页表虚拟化存储器的方法,其缓存来自虚拟机中的多个访客地址空间的转换,包括硬件标记的翻译后备缓冲器的软件版本。 通过拦截向客户页面表创建客户机可写映射,并通过缓存在阴影页表中的翻译来检测访客页面表的编辑。 受影响的缓存翻译被标记为陈旧,并被清除在地址空间开关或客人不加区别地翻译翻译。 因此,非陈旧的翻译仍保持高速缓存,但是陈旧的翻译将被丢弃。 该方法包括跟踪访客页面表的访客可写映射,将此类映射的发现推迟到访客页面表,直到当未跟踪的访客页面表的数量超过阈值时清除所有缓存的翻译,并共享阴影 阴影地址空间和虚拟处理器之间的页表。