BR112015022865B1 - Método e aparelho para ativar seletivamente as operações de um monitor de máquina virtual sob demanda - Google Patents

Método e aparelho para ativar seletivamente as operações de um monitor de máquina virtual sob demanda Download PDF

Info

Publication number
BR112015022865B1
BR112015022865B1 BR112015022865-8A BR112015022865A BR112015022865B1 BR 112015022865 B1 BR112015022865 B1 BR 112015022865B1 BR 112015022865 A BR112015022865 A BR 112015022865A BR 112015022865 B1 BR112015022865 B1 BR 112015022865B1
Authority
BR
Brazil
Prior art keywords
hypervisor
hlos
memory
stage
physical addresses
Prior art date
Application number
BR112015022865-8A
Other languages
English (en)
Portuguese (pt)
Other versions
BR112015022865A2 (pt
Inventor
Thomas Zeng
Azzedine Touzni
Philip Jr. Mueller
Piyush Patel
Original Assignee
Qualcomm Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Incorporated filed Critical Qualcomm Incorporated
Publication of BR112015022865A2 publication Critical patent/BR112015022865A2/pt
Publication of BR112015022865B1 publication Critical patent/BR112015022865B1/pt

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1027Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45545Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/151Emulated environment, e.g. virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/152Virtualized environment, e.g. logically partitioned system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/68Details of translation look-aside buffer [TLB]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
BR112015022865-8A 2013-03-12 2014-03-10 Método e aparelho para ativar seletivamente as operações de um monitor de máquina virtual sob demanda BR112015022865B1 (pt)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/796,442 2013-03-12
US13/796,442 US9396011B2 (en) 2013-03-12 2013-03-12 Algorithm and apparatus to deploy virtual machine monitor on demand
PCT/US2014/022731 WO2014164536A1 (en) 2013-03-12 2014-03-10 Method and apparatus to selectively enable operations of a virtual machine monitor on demand

Publications (2)

Publication Number Publication Date
BR112015022865A2 BR112015022865A2 (pt) 2017-07-18
BR112015022865B1 true BR112015022865B1 (pt) 2022-03-22

Family

ID=50473787

Family Applications (1)

Application Number Title Priority Date Filing Date
BR112015022865-8A BR112015022865B1 (pt) 2013-03-12 2014-03-10 Método e aparelho para ativar seletivamente as operações de um monitor de máquina virtual sob demanda

Country Status (7)

Country Link
US (2) US9396011B2 (enExample)
EP (1) EP2972832B1 (enExample)
JP (1) JP6062595B2 (enExample)
KR (1) KR101751627B1 (enExample)
CN (1) CN105074663B (enExample)
BR (1) BR112015022865B1 (enExample)
WO (1) WO2014164536A1 (enExample)

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9396011B2 (en) 2013-03-12 2016-07-19 Qualcomm Incorporated Algorithm and apparatus to deploy virtual machine monitor on demand
US9396012B2 (en) 2013-03-14 2016-07-19 Qualcomm Incorporated Systems and methods of using a hypervisor with guest operating systems and virtual processors
US9348634B2 (en) 2013-08-12 2016-05-24 Amazon Technologies, Inc. Fast-booting application image using variation points in application source code
US10346148B2 (en) * 2013-08-12 2019-07-09 Amazon Technologies, Inc. Per request computer system instances
US10114760B2 (en) * 2014-01-14 2018-10-30 Nvidia Corporation Method and system for implementing multi-stage translation of virtual addresses
US9646091B2 (en) * 2014-02-24 2017-05-09 Futurewei Technologies, Inc. File joining on back end device
US20150278512A1 (en) * 2014-03-28 2015-10-01 Intel Corporation Virtualization based intra-block workload isolation
JP6313242B2 (ja) * 2014-10-30 2018-04-18 東芝メモリ株式会社 メモリシステム及びプログラム
US11334478B2 (en) 2014-10-30 2022-05-17 Kioxia Corporation Memory system and nonvolatile memory medium in which program is stored to optimize operating life
US10157146B2 (en) * 2015-02-12 2018-12-18 Red Hat Israel, Ltd. Local access DMA with shared memory pool
KR102291719B1 (ko) 2015-03-18 2021-08-23 삼성전자주식회사 애플리케이션 보호 방법 및 장치
US9811345B2 (en) * 2015-04-16 2017-11-07 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Utilizing computing resources under a disabled processor node without fully enabling the disabled processor node
CN106295267B (zh) * 2015-06-09 2019-04-19 阿里巴巴集团控股有限公司 一种访问电子设备的物理内存中私密数据的方法和装置
CN115062291B (zh) * 2015-08-21 2025-06-06 密码研究公司 用于管理容器的方法、系统和计算机可读介质
GB2546742B (en) * 2016-01-26 2019-12-11 Advanced Risc Mach Ltd Memory address translation management
US20170277903A1 (en) * 2016-03-22 2017-09-28 Qualcomm Incorporated Data Protection Using Virtual Resource Views
US10116630B2 (en) * 2016-04-04 2018-10-30 Bitdefender IPR Management Ltd. Systems and methods for decrypting network traffic in a virtualized environment
US10505962B2 (en) * 2016-08-16 2019-12-10 Nec Corporation Blackbox program privilege flow analysis with inferred program behavior context
US10157277B2 (en) 2016-10-01 2018-12-18 Intel Corporation Technologies for object-oriented memory management with extended segmentation
WO2018152688A1 (en) * 2017-02-22 2018-08-30 Intel Corporation Virtualization of process address space identifiers for scalable virtualization of input/output devices
US11423140B1 (en) * 2017-03-27 2022-08-23 Melih Abdulhayoglu Auto-containment of guest user applications
US10951644B1 (en) 2017-04-07 2021-03-16 Comodo Security Solutions, Inc. Auto-containment of potentially vulnerable applications
US10646994B2 (en) 2017-04-25 2020-05-12 At&T Intellectual Property I, L.P. Robot virtualization leveraging Geo analytics and augmented reality
US10733004B2 (en) 2017-04-26 2020-08-04 At&T Intellectual Property I, L.P. Intelligent service on-demand robot virtualization
US10445009B2 (en) * 2017-06-30 2019-10-15 Intel Corporation Systems and methods of controlling memory footprint
US10628202B2 (en) * 2017-09-19 2020-04-21 Microsoft Technology Licensing, Llc Hypervisor direct memory access
CN110096457B (zh) * 2018-01-31 2023-05-23 联发科技股份有限公司 硬件控制系统及硬件控制方法
CN110119637B (zh) * 2018-02-07 2023-04-14 联发科技股份有限公司 硬件控制方法与硬件控制系统
US11157635B2 (en) * 2018-04-08 2021-10-26 Qualcomm Incorporated Secure interface disablement
US10740134B2 (en) 2018-08-20 2020-08-11 Interwise Ltd. Agentless personal network firewall in virtualized datacenters
CN109547450A (zh) * 2018-11-29 2019-03-29 北京元心科技有限公司 运行安全执行域的方法、装置、电子设备及计算机介质
US11010241B2 (en) * 2019-01-09 2021-05-18 Arm Limited Translation protection in a data processing apparatus
US20210065882A1 (en) * 2019-09-03 2021-03-04 GE Precision Healthcare LLC Method and system for prompting data donation for artificial intelligence tool development
CN110851823B (zh) * 2019-11-12 2023-03-10 腾讯科技(深圳)有限公司 数据访问方法、装置、终端及存储介质
US20220382577A1 (en) * 2020-12-09 2022-12-01 Mediatek Inc. Hardware Virtual Machine for Controlling Access to Physical Memory Space
JP6968318B1 (ja) 2020-12-24 2021-11-17 三菱電機株式会社 データ処理装置、データ処理方法及びデータ処理プログラム
CN112685050B (zh) * 2020-12-31 2024-12-20 北京配天技术有限公司 TensorFlow在Windows系统下的部署方法
CN115934243A (zh) * 2021-10-06 2023-04-07 联发科技股份有限公司 用于控制对物理地址空间的访问的系统及方法
CN115145843B (zh) * 2022-07-22 2025-11-14 地平线征程(杭州)科技有限公司 数据拷贝方法、装置、计算机可读存储介质及电子设备
CN117009108B (zh) * 2023-02-24 2024-08-27 荣耀终端有限公司 消息处理方法、设备及存储介质

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7103529B2 (en) * 2001-09-27 2006-09-05 Intel Corporation Method for providing system integrity and legacy environment emulation
US7805723B2 (en) 2003-10-01 2010-09-28 Hewlett-Packard Development Company, L.P. Runtime virtualization and devirtualization of memory by a virtual machine monitor
US7913226B2 (en) * 2003-10-01 2011-03-22 Hewlett-Packard Development Company, L.P. Interposing a virtual machine monitor and devirtualizing computer hardware at runtime
US7222062B2 (en) * 2003-12-23 2007-05-22 Intel Corporation Method and system to support a trusted set of operational environments using emulated trusted hardware
US7401230B2 (en) 2004-03-31 2008-07-15 Intel Corporation Secure virtual machine monitor to tear down a secure execution environment
US7802250B2 (en) * 2004-06-28 2010-09-21 Intel Corporation Support for transitioning to a virtual machine monitor based upon the privilege level of guest software
EP1736887A3 (fr) 2005-05-31 2009-04-22 Stmicroelectronics Sa Repertoire de pages memoire
US8001543B2 (en) * 2005-10-08 2011-08-16 International Business Machines Corporation Direct-memory access between input/output device and physical memory within virtual machine environment
US20070226795A1 (en) * 2006-02-09 2007-09-27 Texas Instruments Incorporated Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture
US8250254B2 (en) * 2007-07-31 2012-08-21 Intel Corporation Offloading input/output (I/O) virtualization operations to a processor
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8140820B2 (en) 2008-05-21 2012-03-20 Arm Limited Data processing apparatus and method for handling address translation for access requests issued by processing circuitry
US9535849B2 (en) * 2009-07-24 2017-01-03 Advanced Micro Devices, Inc. IOMMU using two-level address translation for I/O and computation offload devices on a peripheral interconnect
GB2474666B (en) * 2009-10-21 2015-07-15 Advanced Risc Mach Ltd Hardware resource management within a data processing system
US20110179255A1 (en) 2010-01-21 2011-07-21 Arm Limited Data processing reset operations
US8589650B2 (en) 2010-05-17 2013-11-19 Texas Instruments Incorporated Dynamically configurable memory system
US8181176B2 (en) * 2010-06-21 2012-05-15 Intel Corporation Uniform storage device access using partial virtual machine executing within a secure enclave session
US8789042B2 (en) * 2010-09-27 2014-07-22 Mips Technologies, Inc. Microprocessor system for virtual machine execution
JP5655677B2 (ja) 2011-04-04 2015-01-21 富士通株式会社 ハイパーバイザ置き換え方法および情報処理装置
US9396011B2 (en) 2013-03-12 2016-07-19 Qualcomm Incorporated Algorithm and apparatus to deploy virtual machine monitor on demand
GB2525003B (en) * 2014-04-09 2021-06-09 Advanced Risc Mach Ltd Data Processing Systems
US10019288B2 (en) * 2016-09-12 2018-07-10 Mediatek, Inc. Fast and stable mechanism for allocating contiguous memory

Also Published As

Publication number Publication date
US10310882B2 (en) 2019-06-04
US9396011B2 (en) 2016-07-19
US20140282501A1 (en) 2014-09-18
WO2014164536A1 (en) 2014-10-09
CN105074663B (zh) 2018-08-28
JP6062595B2 (ja) 2017-01-18
EP2972832A1 (en) 2016-01-20
JP2016517572A (ja) 2016-06-16
US20160283262A1 (en) 2016-09-29
CN105074663A (zh) 2015-11-18
KR20150128797A (ko) 2015-11-18
EP2972832B1 (en) 2021-11-03
BR112015022865A2 (pt) 2017-07-18
KR101751627B1 (ko) 2017-06-27

Similar Documents

Publication Publication Date Title
BR112015022865B1 (pt) Método e aparelho para ativar seletivamente as operações de um monitor de máquina virtual sob demanda
JP5042848B2 (ja) 仮想マシン・モニタの構成部分を特権化解除するためのシステム及び方法
US9983894B2 (en) Method and system for providing secure system execution on hardware supporting secure application execution
US10241819B2 (en) Isolating data within a computer system using private shadow mappings
US9529650B2 (en) Method and apparatus for accessing hardware resource
US11641272B2 (en) Seamless one-way access to protected memory using accessor key identifier
US9507727B2 (en) Page fault injection in virtual machines
US11392405B2 (en) Method and apparatus for securely entering trusted execution environment in hyper- threading scenario
CN104956342A (zh) 使用存储器保护单元来支持客户操作系统的虚拟化
US12267423B2 (en) Seamless access to trusted domain protected memory by virtual machine manager using transformer key identifier
US20160188354A1 (en) Efficient enabling of extended page tables
US10963280B2 (en) Hypervisor post-write notification of control and debug register updates
US20200241906A1 (en) Efficient userspace driver isolation by shallow virtual machines
TW202147116A (zh) 監視處理器之操作之系統
CN113449292B (zh) 一种可信应用的运行方法、装置及设备
Li et al. Iso-UniK: lightweight multi-process unikernel through memory protection keys
Vahidi et al. VETE: Virtualizing the Trusted Execution Environment
US10127064B2 (en) Read-only VM function chaining for secure hypervisor access
Lackorzynski Secure Virtualization of Latency-Constrained Systems

Legal Events

Date Code Title Description
B06F Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]
B06U Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]
B09A Decision: intention to grant [chapter 9.1 patent gazette]
B16A Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]

Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 10/03/2014, OBSERVADAS AS CONDICOES LEGAIS.