专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20150205732A1 SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS 审中-公开
标题翻译：无缝加密存储区域防范基于硬件的攻击
公开(公告)号：US20150205732A1
公开(公告)日：2015-07-23
申请号：US14449467
申请日：2014-08-01
申请人： Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
发明人： Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
IPC分类号： G06F12/14
CPC分类号： G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要： Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译：公开了系统，装置和方法，并且用于无缝地保护存储器区域以防止基于硬件的攻击。在一个实施例中，一种装置包括解码器，控制逻辑和加密逻辑。解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。密码逻辑是对数据进行交易操作。

2. 发明授权

US08826035B2 Cumulative integrity check value (ICV) processor based memory content protection 有权
标题翻译：累积完整性检查值（ICV）处理器内存保护
公开(公告)号：US08826035B2
公开(公告)日：2014-09-02
申请号：US12646028
申请日：2009-12-23
申请人： David Durham , Men Long , Uday Savagaonkar
发明人： David Durham , Men Long , Uday Savagaonkar
IPC分类号： G06F21/00
CPC分类号： G06F21/79 , G06F21/72
摘要： In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.
摘要翻译：通常，在一个方面，本公开描述了包括密码引擎和第一和第二寄存器的过程。加密引擎是对要写入存储器的数据进行加密，解密从存储器读取的数据，生成读取完整性检查值（ICV），并为存储器访问写入ICV。密码引擎还通过分别用当前读取的MAC和当前的写入ICV异或生成的读取ICV和产生的写ICV来创建累积读取ICV和累积写入ICV，并通过比较累积读取ICV和累积写ICV。第一和第二寄存器分别在处理器处存储累积读和写ICV。描述和要求保护其他实施例。

3. 发明授权

US08327359B2 Method and apparatus for adaptive integrity measurement of computer software 有权
标题翻译：计算机软件自适应完整性测量的方法和装置
公开(公告)号：US08327359B2
公开(公告)日：2012-12-04
申请号：US13356918
申请日：2012-01-24
申请人： Ravi Sahita , Uday Savagaonkar
发明人： Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F9/455 , G06F7/04
CPC分类号： G06F9/45533 , G06F21/51 , G06F21/57
摘要： Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
摘要翻译：本文描述了系统和方法，其讨论了如何在一个示例中执行虚拟化环境的计算平台可以自适应地且按需地进行完整性验证。这可能会在初始运行时以及连续操作期间发生，并允许平台用户从各种供应商安装软件，而不会牺牲完整性测量，因此可以平台的可信赖性。

4. 发明授权

US08181025B2 Method and apparatus for registering agents onto a virtual machine monitor 有权
标题翻译：将代理登记到虚拟机监视器上的方法和装置
公开(公告)号：US08181025B2
公开(公告)日：2012-05-15
申请号：US11591258
申请日：2006-10-31
申请人： Uday Savagaonkar , Ravi Sahita , Prashant Dewan
发明人： Uday Savagaonkar , Ravi Sahita , Prashant Dewan
IPC分类号： H04L9/32 , G06F12/14 , G06F11/30 , G06F1/00 , G06F7/04 , G06G7/48 , G06F9/46 , G06F9/455 , G06F1/32 , G06F12/08
CPC分类号： G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587
摘要： A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.
摘要翻译：用于管理代理的方法包括响应于注册请求验证代理的完整性。在完整性验证期间为代理提供内存保护。当代理商的注册已经完成时生成指示。根据本发明的一个方面，提供存储器保护包括具有虚拟机监视器对代理的限制访问。描述和要求保护其他实施例。

5. 发明授权

US07757035B2 Method for optimizing virtualization technology and memory protections using processor-extensions for page table and page directory striping 有权
标题翻译：使用处理器扩展优化虚拟化技术和内存保护的方法，用于页表和页目录条带化
公开(公告)号：US07757035B2
公开(公告)日：2010-07-13
申请号：US11768344
申请日：2007-06-26
申请人： David Durham , Hormuzd Khosravi , Gayathri Nagabhushan , Uday Savagaonkar
发明人： David Durham , Hormuzd Khosravi , Gayathri Nagabhushan , Uday Savagaonkar
IPC分类号： G06F21/00 , G06F13/00 , G06F13/28 , G06F9/46
CPC分类号： G06F12/145 , G06F12/1036 , G06F12/109
摘要： In a virtualized processor based system causing a transition to a virtual machine monitor executing on the processor based system in response to a modification of a page table of a guest executing in a virtual machine of the processor based system, and the virtual machine monitor responding to the transition by performing a verification action, and for each bit modified in the page table of the guest, reading a status indicator for the bit to determine if the bit is significant; and causing the transition only if the status indicator for any bit modified in the page table indicates that the bit is significant.
摘要翻译：在基于虚拟化处理器的系统中，响应于在基于处理器的系统的虚拟机中执行的访客的页表的修改，导致在基于处理器的系统上执行的虚拟机监视器的转换，并且虚拟机监视器响应于通过执行验证动作的转换，以及对访客的页表中修改的每个位，读取该位的状态指示符，以确定该位是否有效; 并且仅当在页表中修改的任何位的状态指示符指示该位是有效时才引起转换。

6. 发明申请

US20090006714A1 METHOD FOR OPTIMIZING VIRTUALIZATION TECHNOLOGY AND MEMORY PROTECTIONS USING PROCESSOR-EXTENSIONS FOR PAGE TABLE AND PAGE DIRECTORY STRIPING 有权
标题翻译：使用处理器扩展优化虚拟化技术和存储器保护的方法，用于页表和页面目录条带
公开(公告)号：US20090006714A1
公开(公告)日：2009-01-01
申请号：US11768344
申请日：2007-06-26
申请人： David Durham , Hormuzd Khosravi , Gayathri Nagabhushan , Uday Savagaonkar
发明人： David Durham , Hormuzd Khosravi , Gayathri Nagabhushan , Uday Savagaonkar
IPC分类号： G06F12/02
CPC分类号： G06F12/145 , G06F12/1036 , G06F12/109
摘要： In a virtualized processor based system causing a transition to a virtual machine monitor executing on the processor based system in response to a modification of a page table of a guest executing in a virtual machine of the processor based system, and the virtual machine monitor responding to the transition by performing a verification action, and for each bit modified in the page table of the guest, reading a status indicator for the bit to determine if the bit is significant; and causing the transition only if the status indicator for any bit modified in the page table indicates that the bit is significant.
摘要翻译：在基于虚拟化处理器的系统中，响应于在基于处理器的系统的虚拟机中执行的访客的页表的修改，导致在基于处理器的系统上执行的虚拟机监视器的转换，并且虚拟机监视器响应于通过执行验证动作的转换，以及对访客的页表中修改的每个位，读取该位的状态指示符，以确定该位是否有效; 并且仅当在页表中修改的任何位的状态指示符指示该位是有效时才引起转换。

7. 发明申请

US20080280593A1 Protecting Caller Function from Undesired Access by Callee Function 有权
标题翻译：保护来电者功能不受管道功能的不理想访问
公开(公告)号：US20080280593A1
公开(公告)日：2008-11-13
申请号：US11770067
申请日：2007-06-28
申请人： Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
发明人： Uday Savagaonkar , David Durham , Ravi Sahita , Subhash Gutti
IPC分类号： H04M1/66
CPC分类号： G06F21/52 , G06F9/4486
摘要： Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
摘要翻译：公开了一种用于从第二功能限制多个代码的第一代码和第一函数的数据的访问的方法。该方法包括通过第一功能调用第二功能，多个数据的地址可以被存储在堆栈页面中并以第一颜色（102）着色。该方法包括在转换页面中执行访问控制检查，以验证第一功能是否具有调用第二功能的权限（104）。此外，该方法包括通过使第二颜色（106）中的数据和/或地址着色来保护第一代码免受第二功能。此外，该方法包括通过在堆栈页面上推动第二函数的地址来执行第二函数，第二函数的地址以第三颜色（108）着色，并且通过着色第一代码中的第一代码的地址来对第一代码进行保护第一颜色（110）。

8. 发明申请

US20080244725A1 METHOD AND APPARATUS FOR MANAGING PACKET BUFFERS 审中-公开
标题翻译：管理分组缓冲区的方法和设备
公开(公告)号：US20080244725A1
公开(公告)日：2008-10-02
申请号：US11695016
申请日：2007-03-31
申请人： Prashant Dewan , Uday Savagaonkar , Hormuzd M. Khosravi
发明人： Prashant Dewan , Uday Savagaonkar , Hormuzd M. Khosravi
IPC分类号： G06F21/00
CPC分类号： G06F9/545 , G06F9/544 , G06F21/606 , G06F2209/542
摘要： According to one example embodiment of the inventive subject matter, there is described herein a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers. According to one embodiment described in more detail below, there is provided a method and apparatus for optimally transferring packet data across contexts (protected and unprotected) in a commodity operating system.
摘要翻译：根据本发明主题的一个示例实施例，这里描述了一种使用分组队列和触发器在内部分区系统上安全有效地管理分组缓冲区之间的分组缓冲器的方法和装置。根据下面更详细描述的一个实施例，提供了一种用于在商品操作系统中跨越上下文（受保护和未受保护）最佳地传送分组数据的方法和装置。

9. 发明申请

US20070056039A1 Memory filters to aid system remediation 审中-公开
标题翻译：内存过滤器，以帮助系统修复
公开(公告)号：US20070056039A1
公开(公告)日：2007-03-08
申请号：US11220462
申请日：2005-09-07
申请人： Hormuzd Khosravi , Priya Rajagopal , Ravi Sahita , Uday Savagaonkar
发明人： Hormuzd Khosravi , Priya Rajagopal , Ravi Sahita , Uday Savagaonkar
IPC分类号： G06F12/14
CPC分类号： G06F21/53 , G06F21/564
摘要： The present disclosure relates to providing a remediation scheme for a compromised system and, more specifically, to providing a memory filtration scheme using an isolated partition within a system.
摘要翻译：本公开涉及为受损系统提供修复方案，更具体地，提供使用系统内的隔离分区的存储器过滤方案。

10. 发明申请

US20070006137A1 Generating and communicating information on locations of program sections in memory 失效
标题翻译：生成并传递有关内存中程序段位置的信息
公开(公告)号：US20070006137A1
公开(公告)日：2007-01-04
申请号：US11173587
申请日：2005-06-30
申请人： Uday Savagaonkar , Travis Schluessler
发明人： Uday Savagaonkar , Travis Schluessler
IPC分类号： G06F9/44
CPC分类号： G06F9/445
摘要： Provided is a method, system, and program for generating and communicating information on locations of program sections in memory. Source code is generated for an agent program. The source code includes start and end variables for selected sections of the program, wherein the start and end variables for each selected section are used to indicate the start and end address in a memory at which the section is loaded. The selected sections are capable of including less than all the sections in the program. The source code is compiled and linked to generate an object file including the sections. The object file causes, in response to being loaded into the memory of a computer, a relocation of at least one of the start and end memory addresses of the selected sections into at least one of the start and end variables for the selected sections when memory addresses are assigned to sections as part of relocation operations. Other embodiments are disclosed and claimed.
摘要翻译：提供了一种用于生成和传送关于存储器中节目部分的位置的信息的方法，系统和程序。为代理程序生成源代码。源代码包括程序的选定部分的开始和结束变量，其中每个选定部分的开始和结束变量用于指示加载该部分的存储器中的开始和结束地址。选定的部分能够包含少于程序中的所有部分。源代码被编译和链接以生成包含这些部分的目标文件。对象文件响应于加载到计算机的存储器中，导致所选部分的开始和结束存储器地址中的至少一个存储器地址重新定位到当存储器时所选择的部分的起始和终止变量中的至少一个地址被分配给部分作为重定位操作的一部分。公开和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式