KR102166755B1 - 가상 머신 관리자에 의해 촉진되는 선택적 코드 무결성 강화 기법 - Google Patents

가상 머신 관리자에 의해 촉진되는 선택적 코드 무결성 강화 기법 Download PDF

Info

Publication number
KR102166755B1
KR102166755B1 KR1020167006969A KR20167006969A KR102166755B1 KR 102166755 B1 KR102166755 B1 KR 102166755B1 KR 1020167006969 A KR1020167006969 A KR 1020167006969A KR 20167006969 A KR20167006969 A KR 20167006969A KR 102166755 B1 KR102166755 B1 KR 102166755B1
Authority
KR
South Korea
Prior art keywords
code
execution
virtual machine
memory page
computing device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020167006969A
Other languages
English (en)
Korean (ko)
Other versions
KR20160075499A (ko
Inventor
데이비드 에이 헤프킨
케네스 디 존슨
Original Assignee
마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 filed Critical 마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Publication of KR20160075499A publication Critical patent/KR20160075499A/ko
Application granted granted Critical
Publication of KR102166755B1 publication Critical patent/KR102166755B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Debugging And Monitoring (AREA)
KR1020167006969A 2013-09-17 2014-09-12 가상 머신 관리자에 의해 촉진되는 선택적 코드 무결성 강화 기법 Active KR102166755B1 (ko)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201361879068P 2013-09-17 2013-09-17
US61/879,068 2013-09-17
US14/179,378 2014-02-12
US14/179,378 US10198572B2 (en) 2013-09-17 2014-02-12 Virtual machine manager facilitated selective code integrity enforcement
PCT/US2014/055290 WO2015041930A1 (en) 2013-09-17 2014-09-12 Virtual machine manager facilitated selective code integrity enforcement

Publications (2)

Publication Number Publication Date
KR20160075499A KR20160075499A (ko) 2016-06-29
KR102166755B1 true KR102166755B1 (ko) 2020-10-16

Family

ID=52669226

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020167006969A Active KR102166755B1 (ko) 2013-09-17 2014-09-12 가상 머신 관리자에 의해 촉진되는 선택적 코드 무결성 강화 기법

Country Status (11)

Country Link
US (2) US10198572B2 (enExample)
EP (1) EP3047375B1 (enExample)
JP (1) JP6397500B2 (enExample)
KR (1) KR102166755B1 (enExample)
CN (1) CN105659211B (enExample)
AU (1) AU2014321545B2 (enExample)
BR (1) BR112016004493B1 (enExample)
CA (1) CA2922490C (enExample)
MX (1) MX362067B (enExample)
RU (1) RU2667713C2 (enExample)
WO (1) WO2015041930A1 (enExample)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102183852B1 (ko) * 2013-11-22 2020-11-30 삼성전자주식회사 전자 장치의 무결성 검증을 위한 방법, 저장 매체 및 전자 장치
JP6245700B2 (ja) * 2014-04-11 2017-12-13 国立大学法人 東京大学 計算機システム、データの検査方法及び計算機
US9628279B2 (en) * 2014-09-30 2017-04-18 Microsoft Technology Licensing, Llc Protecting application secrets from operating system attacks
US10341384B2 (en) * 2015-07-12 2019-07-02 Avago Technologies International Sales Pte. Limited Network function virtualization security and trust system
US10230529B2 (en) * 2015-07-31 2019-03-12 Microsft Technology Licensing, LLC Techniques to secure computation data in a computing environment
JP6769999B2 (ja) * 2015-08-21 2020-10-14 クリプトグラフィ リサーチ, インコーポレイテッド セキュア計算環境
US10616197B2 (en) * 2016-04-18 2020-04-07 Atmel Corporation Message authentication with secure code verification
US10713177B2 (en) * 2016-09-09 2020-07-14 Intel Corporation Defining virtualized page attributes based on guest page attributes
US10768962B2 (en) * 2016-12-19 2020-09-08 Vmware, Inc. Emulating mode-based execute control for memory pages in virtualized computing systems
FR3065553B1 (fr) * 2017-04-20 2019-04-26 Idemia Identity And Security Procede d'execution d'un programme destine a etre interprete par une machine virtuelle protege contre des attaques par injection de faute
CN108959916B (zh) * 2017-05-22 2022-01-14 华为技术有限公司 用于访问安全世界的方法、装置和系统
US10771439B2 (en) * 2017-06-28 2020-09-08 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US10216598B2 (en) * 2017-07-11 2019-02-26 Stratus Technologies Bermuda Ltd. Method for dirty-page tracking and full memory mirroring redundancy in a fault-tolerant server
US10872043B2 (en) * 2017-08-17 2020-12-22 Microchip Technology Incorporated Systems and methods for integrity checking of code or data in a mixed security system while preserving confidentiality
CN110581833B (zh) * 2018-06-11 2022-08-23 中移(杭州)信息技术有限公司 一种业务安全保护方法及装置
US11221957B2 (en) * 2018-08-31 2022-01-11 International Business Machines Corporation Promotion of ERAT cache entries
RU2710860C1 (ru) * 2019-02-07 2020-01-14 Акционерное общество "Лаборатория Касперского" Способ ограничения области автоматического выбора виртуальной машины защиты
US11487906B2 (en) * 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
US11640361B2 (en) 2019-03-08 2023-05-02 International Business Machines Corporation Sharing secure memory across multiple security domains
US11531627B2 (en) 2019-03-08 2022-12-20 International Business Machines Corporation Secure storage isolation
US11354402B2 (en) 2019-11-01 2022-06-07 Microsoft Technology Licensing, Llc Virtual environment type validation for policy enforcement
JP7380251B2 (ja) * 2020-01-27 2023-11-15 株式会社Ihi 仮想マシンにおけるデータ改ざんの監視方法及び装置
US11537732B2 (en) * 2020-04-27 2022-12-27 Hewlett Packard Enterprise Development Lp Unlocking access of information responsive to validation of program codes of virtual entities
US11586513B2 (en) * 2020-11-17 2023-02-21 Google Llc Live migrating virtual machines to a target host upon fatal memory errors
CN112527329B (zh) * 2020-12-15 2024-05-17 深圳市硅格半导体有限公司 固态存储设备的量产方法、系统、终端设备及存储介质
US12277446B2 (en) 2021-03-16 2025-04-15 Cisco Technology, Inc. Runtime container protection
GB2602680B (en) 2021-03-19 2023-01-11 The Blockhouse Tech Limited Code deployment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080244572A1 (en) 2007-03-30 2008-10-02 Ravi Sahita Method and apparatus for adaptive integrity measurement of computer software
WO2009111405A1 (en) 2008-03-04 2009-09-11 Apple Inc. System and method of authorizing execution of software code based on a trusted cache
US20120254999A1 (en) 2011-03-28 2012-10-04 Mcafee, Inc. Systems and method for regulating software access to security-sensitive processor resources

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7530103B2 (en) 2003-08-07 2009-05-05 Microsoft Corporation Projection of trustworthiness from a trusted environment to an untrusted environment
CN100489728C (zh) 2004-12-02 2009-05-20 联想(北京)有限公司 一种建立计算机中可信任运行环境的方法
US7624373B2 (en) * 2005-03-31 2009-11-24 Microsoft Corporation Security mechanism for interpreting scripts in an interpretive environment
US8276201B2 (en) * 2007-03-22 2012-09-25 International Business Machines Corporation Integrity protection in data processing systems
KR101396831B1 (ko) * 2007-03-30 2014-05-21 삼성전자주식회사 메모리 접근 제어 방법
US8220029B2 (en) 2007-11-13 2012-07-10 Samsung Electronics Co., Ltd. Method and system for enforcing trusted computing policies in a hypervisor security module architecture
JP5260081B2 (ja) 2008-02-25 2013-08-14 パナソニック株式会社 情報処理装置及びその制御方法
US8578483B2 (en) 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
US8356285B2 (en) 2009-03-31 2013-01-15 Oracle America, Inc. Facilitated introspection of virtualized environments
US8285987B1 (en) 2009-12-04 2012-10-09 The United States Of America As Represented By The Secretary Of The Air Force Emulation-based software protection
KR101663013B1 (ko) * 2010-01-15 2016-10-06 삼성전자주식회사 코드 주입 공격을 감지하는 장치 및 방법
CN101866408B (zh) 2010-06-30 2011-11-30 华中科技大学 一种基于虚拟机架构的透明信任链构建系统
US9038176B2 (en) 2011-03-31 2015-05-19 Mcafee, Inc. System and method for below-operating system trapping and securing loading of code into memory
RU2530691C1 (ru) 2013-03-26 2014-10-10 Государственное казенное образовательное учреждение высшего профессионального образования Академия Федеральной службы охраны Российской Федерации (Академия ФСО России) Способ защищенного удаленного доступа к информационным ресурсам

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080244572A1 (en) 2007-03-30 2008-10-02 Ravi Sahita Method and apparatus for adaptive integrity measurement of computer software
WO2009111405A1 (en) 2008-03-04 2009-09-11 Apple Inc. System and method of authorizing execution of software code based on a trusted cache
US20120254999A1 (en) 2011-03-28 2012-10-04 Mcafee, Inc. Systems and method for regulating software access to security-sensitive processor resources

Also Published As

Publication number Publication date
AU2014321545B2 (en) 2019-07-18
RU2016109436A3 (enExample) 2018-07-18
KR20160075499A (ko) 2016-06-29
US20190147160A1 (en) 2019-05-16
BR112016004493A8 (pt) 2020-02-11
CN105659211B (zh) 2019-03-22
WO2015041930A1 (en) 2015-03-26
JP6397500B2 (ja) 2018-09-26
AU2014321545A1 (en) 2016-02-25
US20150082304A1 (en) 2015-03-19
RU2667713C2 (ru) 2018-09-24
CN105659211A (zh) 2016-06-08
US10198572B2 (en) 2019-02-05
BR112016004493B1 (pt) 2022-12-13
US10831886B2 (en) 2020-11-10
MX2016003190A (es) 2016-06-24
EP3047375A1 (en) 2016-07-27
JP2016535373A (ja) 2016-11-10
EP3047375B1 (en) 2021-04-07
CA2922490A1 (en) 2015-03-26
RU2016109436A (ru) 2017-09-21
CA2922490C (en) 2023-01-24
MX362067B (es) 2019-01-07

Similar Documents

Publication Publication Date Title
KR102166755B1 (ko) 가상 머신 관리자에 의해 촉진되는 선택적 코드 무결성 강화 기법
CN110178136B (zh) 现场可编程门阵列程序的签名验证的方法和设备
US9576147B1 (en) Security policy application through data tagging
JP6286034B2 (ja) プロセス認証とリソースパーミッション
US9836601B2 (en) Protecting anti-malware processes
KR102863710B1 (ko) 컴퓨터 시스템에서 선택된 디스크를 보호하는 기법
JP6073320B2 (ja) デジタル署名するオーソリティ依存のプラットフォームシークレット
EP4020156B1 (en) Reducing latency of hardware trusted execution environments
US10395028B2 (en) Virtualization based intra-block workload isolation
KR20170059447A (ko) 신뢰가능 플랫폼 모듈에서의 운영 체제 컨텍스트 표현 기법
KR102028670B1 (ko) 클락 윌슨 모델을 적용한 모바일 장치 및 그것의 동작 방법

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20160316

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20190814

Comment text: Request for Examination of Application

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20200915

GRNT Written decision to grant
PR0701 Registration of establishment

Comment text: Registration of Establishment

Patent event date: 20201012

Patent event code: PR07011E01D

PR1002 Payment of registration fee

Payment date: 20201012

End annual number: 3

Start annual number: 1

PG1601 Publication of registration
PR1001 Payment of annual fee

Payment date: 20230921

Start annual number: 4

End annual number: 4

PR1001 Payment of annual fee