专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08380987B2 Protection agents and privilege modes 有权
标题翻译：保护代理和特权模式
公开(公告)号：US08380987B2
公开(公告)日：2013-02-19
申请号：US11627320
申请日：2007-01-25
申请人： Eric Traut , Forrest Foltz , Andrew Thornton , Suyash Sinha
发明人： Eric Traut , Forrest Foltz , Andrew Thornton , Suyash Sinha
IPC分类号： G06F21/00
CPC分类号： G06F12/1491 , G06F9/45533 , G06F21/554
摘要： This document describes tools capable of making a portion of operating-system memory associated with a protection agent unalterable or inaccessible from an operating-system privilege mode. In some embodiments, these tools are capable of creating a protection-agent privilege mode by requesting that a virtual machine monitor protect this portion of operating-system memory. In other embodiments, these tools are capable of creating the protection-agent privilege mode by virtualizing a physical processor into multiple virtual processors, at least one of which is a protection-agent virtual processor designed to run the protection agent. By making this portion of operating-system memory unalterable or inaccessible from the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
摘要翻译：本文档描述了能够使与操作系统特权模式不可更改或不可访问的保护代理相关联的操作系统内存的一部分的工具。在一些实施例中，这些工具能够通过请求虚拟机监视器保护操作系统存储器的这一部分来创建保护代理特权模式。在其他实施例中，这些工具能够通过将物理处理器虚拟化为多个虚拟处理器来创建保护代理特权模式，其中至少一个虚拟处理器是被设计为运行保护代理的保护代理虚拟处理器。通过使操作系统内存的这一部分从操作系统特权模式变得不可改变或不可访问，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

2. 发明授权

US07765374B2 Protecting operating-system resources 有权
标题翻译：保护操作系统资源
公开(公告)号：US07765374B2
公开(公告)日：2010-07-27
申请号：US11627314
申请日：2007-01-25
申请人： Scott A. Field , Brandon Baker , Eric Traut , Suyash Sinha , Joy Ganguly , Forrest Foltz , David Cutler
发明人： Scott A. Field , Brandon Baker , Eric Traut , Suyash Sinha , Joy Ganguly , Forrest Foltz , David Cutler
IPC分类号： G06F21/22
CPC分类号： G06F21/552 , G06F9/468 , G06F21/51 , G06F21/53 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149
摘要： This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
摘要翻译：本文档描述了能够使保护代理能够从不能从操作系统特权模式访问的存储器确定操作系统的一个或多个资源是否已被修改的工具。在某些情况下，这些工具可能使保护代理能够驻留在虚拟机监视器中。在其他情况下，这些工具可以使保护代理能够驻留在由虚拟机监视器提供的不同虚拟分区中。通过在操作系统特权模式之外操作，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

3. 发明申请

US20080183996A1 Protecting Operating-System Resources 有权
标题翻译：保护操作系统资源
公开(公告)号：US20080183996A1
公开(公告)日：2008-07-31
申请号：US11627314
申请日：2007-01-25
申请人： Scott A. Field , Brandon Baker , Eric Traut , Suyash Sinha , Joy Ganguly , Forrest Foltz , David Cutler
发明人： Scott A. Field , Brandon Baker , Eric Traut , Suyash Sinha , Joy Ganguly , Forrest Foltz , David Cutler
IPC分类号： G06F12/00
CPC分类号： G06F21/552 , G06F9/468 , G06F21/51 , G06F21/53 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149
摘要： This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
摘要翻译：本文档描述了能够使保护代理能够从不能从操作系统特权模式访问的存储器确定操作系统的一个或多个资源是否已被修改的工具。在某些情况下，这些工具可能使保护代理能够驻留在虚拟机监视器中。在其他情况下，这些工具可以使保护代理能够驻留在由虚拟机监视器提供的不同虚拟分区中。通过在操作系统特权模式之外操作，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

4. 发明申请

US20080184373A1 Protection Agents and Privilege Modes 有权
标题翻译：保护代理和特权模式
公开(公告)号：US20080184373A1
公开(公告)日：2008-07-31
申请号：US11627320
申请日：2007-01-25
申请人： Eric Traut , Forrest C. Foltz , Andrew Thornton , Suyash Sinha
发明人： Eric Traut , Forrest C. Foltz , Andrew Thornton , Suyash Sinha
IPC分类号： H04L9/00 , G06F12/00
CPC分类号： G06F12/1491 , G06F9/45533 , G06F21/554
摘要： This document describes tools capable of making a portion of operating-system memory associated with a protection agent unalterable or inaccessible from an operating-system privilege mode. In some embodiments, these tools are capable of creating a protection-agent privilege mode by requesting that a virtual machine monitor protect this portion of operating-system memory. In other embodiments, these tools are capable of creating the protection-agent privilege mode by virtualizing a physical processor into multiple virtual processors, at least one of which is a protection-agent virtual processor designed to run the protection agent. By making this portion of operating-system memory unalterable or inaccessible from the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.
摘要翻译：本文档描述了能够使与操作系统特权模式不可更改或不可访问的保护代理相关联的操作系统内存的一部分的工具。在一些实施例中，这些工具能够通过请求虚拟机监视器保护操作系统存储器的这一部分来创建保护代理特权模式。在其他实施例中，这些工具能够通过将物理处理器虚拟化为多个虚拟处理器来创建保护代理特权模式，其中至少一个虚拟处理器是被设计为运行保护代理的保护代理虚拟处理器。通过使操作系统内存的这一部分从操作系统特权模式变得不可改变或不可访问，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

5. 发明申请

US20070113227A1 Efficient operating system operation on a hypervisor 有权
标题翻译：管理程序上的高效操作系统操作
公开(公告)号：US20070113227A1
公开(公告)日：2007-05-17
申请号：US11274907
申请日：2005-11-15
申请人： Adrian Oney , Bryan Willman , Eric Traut , Forrest Foltz , John Sheu , Matthew Hendel , Rene Vega
发明人： Adrian Oney , Bryan Willman , Eric Traut , Forrest Foltz , John Sheu , Matthew Hendel , Rene Vega
IPC分类号： G06F9/455 , G06F12/00
CPC分类号： G06F21/575 , G06F21/53 , G06F21/6245
摘要： An operating system is described that is capable of ascertaining whether it is executing in a virtual machine environment and is further capable of modifying its behavior to operate more efficiently and provide optimal behavior in a virtual machine environment. An operating system is enlightened so that it is aware of VMMs or hypervisors, taking on behavior that is optimal to that environment. The VMM or hypervisor informs the operating system of the optimal behavior, and vice versa.
摘要翻译：描述了能够确定其是否在虚拟机环境中执行并且还能够修改其行为以更有效地操作并在虚拟机环境中提供最佳行为的操作系统。操作系统被启发，以便它知道VMM或虚拟机管理程序，采取对该环境最佳的行为。 VMM或管理程序通知操作系统最佳行为，反之亦然。

6. 发明申请

US20070112999A1 Efficient power management of a system with virtual machines 有权
标题翻译：具有虚拟机的系统的高效电源管理
公开(公告)号：US20070112999A1
公开(公告)日：2007-05-17
申请号：US11437109
申请日：2006-05-18
申请人： Adrian Oney , Bryan Willman , Eric Traut , Forrest Foltz , Matthew Hendel , Rene Vega
发明人： Adrian Oney , Bryan Willman , Eric Traut , Forrest Foltz , Matthew Hendel , Rene Vega
IPC分类号： G06F21/00
CPC分类号： G06F9/442 , G06F1/28 , G06F1/30 , G06F1/3246 , G06F1/3268 , G06F1/3287 , G06F1/329 , G06F9/455 , G06F9/45545 , G06F9/45554 , G06F9/45558 , G06F9/50 , G06F17/00 , G06F17/30144 , G06F17/3015 , G06F21/53 , G06F21/575 , G06F21/6245 , G06F2009/45562 , G06F2009/45579 , G06F2009/45583
摘要： Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.
摘要翻译：公开了具有虚拟机的系统的有效功率管理。特别地，这种有效的功率管理可以实现与虚拟机协调系统范围的功率变化。此外，这种有效的功率管理可以使得具有虚拟机监视器的系统中的一致的功率改变。此外，这种有效的功率管理可以实现功率状态变化的动态控制和通信。

7. 发明申请

US20060248528A1 Systems and methods for hypervisor discovery and utilization 有权
标题翻译：管理程序发现和利用的系统和方法
公开(公告)号：US20060248528A1
公开(公告)日：2006-11-02
申请号：US11119200
申请日：2005-04-29
申请人： Adrian Oney , Andrew Thornton , Eric Traut , Nathan Lewis
发明人： Adrian Oney , Andrew Thornton , Eric Traut , Nathan Lewis
IPC分类号： G06F9/455
CPC分类号： G06F9/45533
摘要： Systems and methods are provided, whereby partitions may become enlightened and discover the presence of a hypervisor. Several techniques of hypervisor discovery are discussed, such as detecting the presence of virtual processor registers (e.g. model specific registers or special-purpose registers) or the presence of virtual hardware devices. Upon discovery, information (code and/or data) may be injected in a partition by the hypervisor, whereby such injection allows the partition to call the hypervisor. Moreover, the hypervisor may present a versioning mechanism that allows the partition to match up the version of the hypervisor to its virtual devices. Next, once code and/or data is injected, calling conventions are established that allow the partition and the hypervisor to communicate, so that the hypervisor may perform some operations on behalf of the partition. Four exemplary calling conventions are considered: restartable instructions, a looping mechanism, shared memory transport, and synchronous or asynchronous processed packets. Last, cancellation mechanisms are considered, whereby partition requests may be cancelled.
摘要翻译：提供了系统和方法，由此分区可能变得开明并发现管理程序的存在。讨论了管理程序发现的几种技术，例如检测虚拟处理器寄存器（例如模型特定寄存器或专用寄存器）的存在或虚拟硬件设备的存在。一旦发现，信息（代码和/或数据）可以由管理程序注入到分区中，由此这种注入允许分区调用管理程序。此外，管理程序可以呈现允许分区将虚拟机管理程序的版本与其虚拟设备相匹配的版本控制机制。接下来，一旦注入了代码和/或数据，就建立了允许分区和管理程序进行通信的调用约定，以便管理程序可以代表分区执行一些操作。考虑四个示例性的呼叫约定：可重新启动的指令，循环机制，共享存储器传输和同步或异步处理的分组。最后，考虑取消机制，从而可能会取消分区请求。

8. 发明授权

US09740517B2 Dynamic virtual machine memory management 有权
公开(公告)号：US09740517B2
公开(公告)日：2017-08-22
申请号：US12345469
申请日：2008-12-29
申请人： Andrey Shedel , Mohamed Bouchet , Eric Traut , Osama M. Salem , Kevin Broas
发明人： Andrey Shedel , Mohamed Bouchet , Eric Traut , Osama M. Salem , Kevin Broas
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F2009/45583
摘要： Techniques for adjusting memory in virtual machines are disclosed. According to aspects, memory status is obtained for a guest operating system. Based on the obtained memory status, an amount of guest physical addresses is reported to a memory manager of the guest operating system. Moreover, the amount memory assigned to the guest operating system may be adjusted during the runtime operation of the guest operating system.

9. 发明授权

US09519496B2 Detecting and preventing virtual disk storage linkage faults 有权
标题翻译：检测和防止虚拟磁盘存储链接故障
公开(公告)号：US09519496B2
公开(公告)日：2016-12-13
申请号：US13094620
申请日：2011-04-26
申请人： John A. Starks , Dustin L. Green , Todd William Harris , Mathew John , Senthil Rajaram , Eric Traut
发明人： John A. Starks , Dustin L. Green , Todd William Harris , Mathew John , Senthil Rajaram , Eric Traut
IPC分类号： G06F9/455 , G06F3/12 , G06F3/06
CPC分类号： G06F9/45558 , G06F3/061 , G06F3/0619 , G06F3/0643 , G06F3/0644 , G06F3/0659 , G06F3/0664 , G06F3/0673 , G06F3/0683 , G06F3/0689 , G06F3/121 , G06F9/455 , G06F9/45545 , G06F2009/45583
摘要： In an exemplary embodiment, a virtual disk file can be assigned an identifier and a virtual disk files that is dependent on the virtual disk file can include a copy of the identifier. In the instance that the virtual disk file is opened and data is modified that causes the contents of a virtual disk extent to change the identifier can be changed. If the virtual disk file and the dependent virtual disk file are used to instantiate a virtual disk the difference between identifiers can be detected, which is indicative of the fact that the virtual disk may be corrupted. Other techniques are described in the detailed description, claims, and figures that form a part of this document.
摘要翻译：在示例性实施例中，可以为虚拟磁盘文件分配标识符，并且依赖于虚拟磁盘文件的虚拟磁盘文件可以包括标识符的副本。在虚拟磁盘文件被打开并且数据被修改的情况下，可以改变导致虚拟磁盘盘区的内容改变标识符的情况。如果虚拟磁盘文件和从属虚拟磁盘文件用于实例化虚拟磁盘，则可以检测到标识符之间的差异，这表示虚拟磁盘可能已损坏。在作为本文档的一部分的详细描述，权利要求和附图中描述了其它技术。

10. 发明申请

US20060259734A1 Method and system for caching address translations from multiple address spaces in virtual machines 有权
标题翻译：用于从虚拟机中的多个地址空间缓存地址转换的方法和系统
公开(公告)号：US20060259734A1
公开(公告)日：2006-11-16
申请号：US11128982
申请日：2005-05-13
申请人： John Sheu , David Bailey , Eric Traut , Rene Vega
发明人： John Sheu , David Bailey , Eric Traut , Rene Vega
IPC分类号： G06F12/00
CPC分类号： G06F12/1036 , G06F2212/151 , G06F2212/683
摘要： A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.
摘要翻译：通过影像页表虚拟化存储器的方法，其缓存来自虚拟机中的多个访客地址空间的转换，包括硬件标记的翻译后备缓冲器的软件版本。通过拦截向客户页面表创建客户机可写映射，并通过缓存在阴影页表中的翻译来检测访客页面表的编辑。受影响的缓存翻译被标记为陈旧，并被清除在地址空间开关或客人不加区别地翻译翻译。因此，非陈旧的翻译仍保持高速缓存，但是陈旧的翻译将被丢弃。该方法包括跟踪访客页面表的访客可写映射，将此类映射的发现推迟到访客页面表，直到当未跟踪的访客页面表的数量超过阈值时清除所有缓存的翻译，并共享阴影阴影地址空间和虚拟处理器之间的页表。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式