JP7386882B2 - セキュア仮想マシン環境におけるゲスト命令の透過的解釈 - Google Patents

セキュア仮想マシン環境におけるゲスト命令の透過的解釈 Download PDF

Info

Publication number
JP7386882B2
JP7386882B2 JP2021549560A JP2021549560A JP7386882B2 JP 7386882 B2 JP7386882 B2 JP 7386882B2 JP 2021549560 A JP2021549560 A JP 2021549560A JP 2021549560 A JP2021549560 A JP 2021549560A JP 7386882 B2 JP7386882 B2 JP 7386882B2
Authority
JP
Japan
Prior art keywords
secure
hypervisor
interface control
instruction
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2021549560A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022522663A (ja
JP2022522663A5 (enExample
Inventor
ブサバ、ファディ
ヘラー、リサ
ブラッドベリー、ジョナサン
ボルントレガー、クリスチャン
インブレンダ、クラウディオ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022522663A publication Critical patent/JP2022522663A/ja
Publication of JP2022522663A5 publication Critical patent/JP2022522663A5/ja
Application granted granted Critical
Publication of JP7386882B2 publication Critical patent/JP7386882B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45545Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
JP2021549560A 2019-03-08 2020-02-27 セキュア仮想マシン環境におけるゲスト命令の透過的解釈 Active JP7386882B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,316 2019-03-08
US16/296,316 US10956188B2 (en) 2019-03-08 2019-03-08 Transparent interpretation of guest instructions in secure virtual machine environment
PCT/IB2020/051667 WO2020183278A1 (en) 2019-03-08 2020-02-27 Transparent interpretation of guest instructions in secure virtual machine environment

Publications (3)

Publication Number Publication Date
JP2022522663A JP2022522663A (ja) 2022-04-20
JP2022522663A5 JP2022522663A5 (enExample) 2022-06-07
JP7386882B2 true JP7386882B2 (ja) 2023-11-27

Family

ID=72335225

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021549560A Active JP7386882B2 (ja) 2019-03-08 2020-02-27 セキュア仮想マシン環境におけるゲスト命令の透過的解釈

Country Status (6)

Country Link
US (1) US10956188B2 (enExample)
JP (1) JP7386882B2 (enExample)
CN (1) CN113544678B (enExample)
DE (1) DE112020000280B4 (enExample)
GB (1) GB2595428B (enExample)
WO (1) WO2020183278A1 (enExample)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11176054B2 (en) 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
US11068310B2 (en) * 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11550941B2 (en) * 2020-04-30 2023-01-10 Red Hat, Inc. Secure modular devices
CN112631661B (zh) * 2020-12-16 2024-04-02 中国电子信息产业集团有限公司 程序安全管控方法、装置、设备及存储介质
US12020059B2 (en) 2021-08-30 2024-06-25 International Business Machines Corporation Inaccessible prefix pages during virtual machine execution
CN114615035B (zh) * 2022-02-28 2023-12-08 亚信科技(成都)有限公司 安全检测方法、服务器及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130097392A1 (en) 2011-10-13 2013-04-18 International Business Machines Corporation Protecting memory of a virtual guest
US20160148001A1 (en) 2013-06-27 2016-05-26 International Business Machines Corporation Processing a guest event in a hypervisor-controlled system
US20160378522A1 (en) 2014-02-28 2016-12-29 Advanced Micro Devices, Inc. Protecting state information for virtual machines
JP2017111812A (ja) 2015-12-17 2017-06-22 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation 透明で安全なインターセプション処理のための方法、コンピュータ・システム、ファームウェア、ハイパーバイザおよびコンピュータ・プログラム
JP2018526720A (ja) 2015-06-24 2018-09-13 アドバンスト・マイクロ・ディバイシズ・インコーポレイテッドAdvanced Micro Devices Incorporated 仮想マシンの状態情報の保護

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896499A (en) 1997-02-21 1999-04-20 International Business Machines Corporation Embedded security processor
EP1678617A4 (en) 2003-10-08 2008-03-26 Unisys Corp COMPUTER SYSTEM PARAVIRTUALIZATION BY USING A HYPERVISOR IMPLEMENTED IN A PARTITION OF THE HOST SYSTEM
US20080059556A1 (en) 2006-08-31 2008-03-06 Egenera, Inc. Providing virtual machine technology as an embedded layer within a processing platform
US8522354B2 (en) 2008-05-24 2013-08-27 Via Technologies, Inc. Microprocessor apparatus for secure on-die real-time clock
EP2172862A1 (en) 2008-10-02 2010-04-07 Broadcom Corporation Secure virtual machine manager
US8555377B2 (en) 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
CN102811239B (zh) 2011-06-03 2017-09-12 中兴通讯股份有限公司 一种虚拟机系统及其安全控制方法
KR101323858B1 (ko) 2011-06-22 2013-11-21 한국과학기술원 가상화 시스템에서 메모리 접근을 제어하는 장치 및 방법
WO2014000253A1 (en) 2012-06-29 2014-01-03 Intel Corporation Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US8656482B1 (en) 2012-08-20 2014-02-18 Bitdefender IPR Management Ltd. Secure communication using a trusted virtual machine
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
EP3028210B1 (en) 2013-08-02 2020-01-08 OLogN Technologies AG Secure server in a system with virtual machines
US9355050B2 (en) 2013-11-05 2016-05-31 Qualcomm Incorporated Secure, fast and normal virtual interrupt direct assignment in a virtualized interrupt controller in a mobile system-on-chip
US9672058B2 (en) 2014-03-13 2017-06-06 Unisys Corporation Reduced service partition virtualization system and method
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9213569B2 (en) 2014-03-27 2015-12-15 International Business Machines Corporation Exiting multiple threads in a computer
KR20160033517A (ko) 2014-09-18 2016-03-28 한국전자통신연구원 인터럽트 컨트롤러를 위한 하이브리드 가상화 방법
GB2532415A (en) * 2014-11-11 2016-05-25 Ibm Processing a guest event in a hypervisor-controlled system
US10235282B2 (en) 2015-06-01 2019-03-19 Hitachi, Ltd. Computer system, computer, and method to manage allocation of virtual and physical memory areas
GB2539436B (en) * 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
CN105184147B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 云计算平台中的用户安全管理方法
CN105184164B (zh) 2015-09-08 2017-11-24 成都博元科技有限公司 一种数据处理方法
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
CN107038128B (zh) 2016-02-03 2020-07-28 华为技术有限公司 一种执行环境的虚拟化、虚拟执行环境的访问方法及装置
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US20180165224A1 (en) 2016-12-12 2018-06-14 Ati Technologies Ulc Secure encrypted virtualization
US11200183B2 (en) 2017-03-31 2021-12-14 Intel Corporation Scalable interrupt virtualization for input/output devices
US11693952B2 (en) 2018-10-31 2023-07-04 Vmware, Inc. System and method for providing secure execution environments using virtualization technology
US11347529B2 (en) 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130097392A1 (en) 2011-10-13 2013-04-18 International Business Machines Corporation Protecting memory of a virtual guest
JP2014532201A (ja) 2011-10-13 2014-12-04 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation 仮想ゲストのメモリ保護の方法、システムおよびコンピュータプログラム
US20160148001A1 (en) 2013-06-27 2016-05-26 International Business Machines Corporation Processing a guest event in a hypervisor-controlled system
JP2016523421A (ja) 2013-06-27 2016-08-08 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation ハイパーバイザに制御されるシステムにおいてゲスト・イベントを処理するための方法、データ処理プログラム、コンピュータ・プログラム製品、およびデータ処理システム
US20160378522A1 (en) 2014-02-28 2016-12-29 Advanced Micro Devices, Inc. Protecting state information for virtual machines
JP2018526720A (ja) 2015-06-24 2018-09-13 アドバンスト・マイクロ・ディバイシズ・インコーポレイテッドAdvanced Micro Devices Incorporated 仮想マシンの状態情報の保護
JP2017111812A (ja) 2015-12-17 2017-06-22 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation 透明で安全なインターセプション処理のための方法、コンピュータ・システム、ファームウェア、ハイパーバイザおよびコンピュータ・プログラム
US20170177392A1 (en) 2015-12-17 2017-06-22 International Business Machines Corporation Transparent secure interception handling

Also Published As

Publication number Publication date
GB2595428B (en) 2022-04-13
US20200285494A1 (en) 2020-09-10
US10956188B2 (en) 2021-03-23
CN113544678A (zh) 2021-10-22
GB202113915D0 (en) 2021-11-10
WO2020183278A1 (en) 2020-09-17
CN113544678B (zh) 2025-06-20
DE112020000280T5 (de) 2021-09-16
JP2022522663A (ja) 2022-04-20
DE112020000280B4 (de) 2023-02-16
GB2595428A (en) 2021-11-24

Similar Documents

Publication Publication Date Title
JP7386882B2 (ja) セキュア仮想マシン環境におけるゲスト命令の透過的解釈
EP3935531B1 (en) Dispatch of a secure virtual machine
JP7373578B2 (ja) セキュア仮想マシン環境におけるストレージ保護ハードウェアのテスト方法、システム、プログラム
JP7465046B2 (ja) 割り込み及び例外をセキュア仮想マシンにインジェクトする
JP7398472B2 (ja) 割り込みイネーブルのためのセキュア・インターフェース制御ハイレベル命令インターセプト
CA3132760C (en) Inject interrupts and exceptions into secure virtual machine
HK40057239B (zh) 安全虚拟机的分派
HK40057239A (en) Dispatch of a secure virtual machine
HK40057235A (en) Inject interrupts and exceptions into secure virtual machine
HK40057235B (zh) 安全虚拟机中的注入中断和异常
HK40057240A (en) Secure interface control high-level instruction interception for interruption enablement

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220512

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220527

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20220725

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20230719

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20230725

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20231017

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20231031

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20231114

R150 Certificate of patent or registration of utility model

Ref document number: 7386882

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150