TW594493B - New processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor - Google Patents
New processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor Download PDFInfo
- Publication number
- TW594493B TW594493B TW090132037A TW90132037A TW594493B TW 594493 B TW594493 B TW 594493B TW 090132037 A TW090132037 A TW 090132037A TW 90132037 A TW90132037 A TW 90132037A TW 594493 B TW594493 B TW 594493B
- Authority
- TW
- Taiwan
- Prior art keywords
- processor
- guest software
- mode
- guest
- processor mode
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
Description
594493 五、發明説明( 概各而a本發明係關於虛擬由 控器的處理器支援。 特別獒供虛擬機器監 号务日月罗 習知虛擬機器監控器(vm 軟體呈現一或多严細執行而對其它 平mu 機益摘要。各虛擬機器可作為自容式 作.客屬作業系統」(亦即被職寄居之 w 纟屬作業系統預期彷彿係於專用電腦上執 ==機器執行般操作。換言之,客屬作業系統預期 =項電腦操作’且於此等操作期間存取硬體資源。硬 裝 d、包括駐在處理器的資源(例如控制暫存器)以及駐在 記憶體的資源(例如描述器表)。但於虚擬機器環境,她 須對此等硬體資源有最終控制權,俾供適當操作虛擬機器 且保護虛擬機器。為達此項目的,VMM典型截取且仲裁2 P由客屬作‘業系統對硬體資源所做的全部存取。 系 體 防 請 效 VMMs之目前實務係基於軟體技術用來控制客屬作業 統對硬體資源的存取。但此等軟體技術無法防止客屬軟 存取處理器控制暫存器及記憶體的某些襴位。例如無法 止客屬作業系統存取IA _ 32微處理器之碼節段暫存器的 求者特權階層(RPL)欄位。此外,現有軟體技術典型有 能問題。如此需要有替代機制來支援VMM的作業。 圖式之簡軍說明 本發明於附圖舉例說明而非限制性,各圖中類似的參考 編號表示類似的元件,附圖中: 本紙張尺度適用中S S家鮮(CNS) Α4規格(21G X 297公爱) 594493 A7 B7 五、發明説明(2 ) 圖1顯示虛擬機器環境之一具體實施例; 圖2顯示基於客屬解除特權之虛擬機器監控器的操作; 圖3為根據本發明之一具體實施例,對虛擬機器監控器 提供處理器支援之系統之方塊圖; 圖4為根據本發明之一具體實施例,對虛擬機器監控器 提供處理器支援之方法之流程圖; 圖5為根據本發明之一具體實施例,執行出離V32模式之 方法之流程圖; 圖6為根據本發明之一具體實施例產生虛擬陷阱之方法 之流程圖; 圖7為根據本發明之一具體實施例,維持重複指示映射 表之方法之流程圖; 圖8為根據本發明之一具體實施例,控制中斷罩蓋之方 法之流程圖;以及 圖9為處理系統之一具體實施例之方塊圖。 具體實施例之說明 說明對虛擬機器監控器提供處理器支援之方法及裝置。 後文說明中,為了解釋目的,陳述許多細節俾供徹底了解 本發明。但熟諳技藝人士顯然易知可未悖離此等特定細節 實施本發明。 後述若干詳細說明部分係以電腦記憶體内部資料位元運 算演算法以及象徵性表示呈現。此等演算法說明及象徵性 表示由熟諳資料處理技藝人士用來最有效地傳遞其工作實 體給業界人士。此處演算法係認為可獲得預定結果之各步 _______ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
裝 訂
驟自行符合一致序列。此等步驟為要求物理數量的實體操 2 通¥ (雖非必要)此等數量係呈可被儲存、傳輸、組 口〜比較或以其它方式操作的電性或磁性信號形式。已經 ,實有時為了方便將此等信號稱作為位元'數值、元件、 ’號文卞、項目、數目等,但主要係用於一般用途目 的〇 仁肩了解所有此等項目及類似項目將關聯適當物理數 ,,早純為應用於此等數量的方便標示。除非由後文討論 顯然易知有其它特別陳述,否則顯然於本發明全文中利用 例^處理」或「運算」或「計算」或「決定」或「顯 示」等,述於所做的討論係指電腦系統或類似的電子運算 农置之動作以及處理過程,該裝置操控於電腦系統暫存器 及記憶體内部呈物理(電子)數量呈現的資料,且將其轉變 成/、貝料,其它貧料同樣係以物理數量呈現於電腦系統 記憶體或暫存器或其它資訊儲存、傳輸、或顯示裝置。 本喬明亦係關於執行此處所述操作之裝置。此種裝置特 別建構供所需目的之用,或可包含通用用途電腦,該電腦 藉儲存於電腦之電腦程式所選擇性激勵以及重新組態。此 種电腦系統可儲存於電腦可讀取儲存媒體例如但非限於任 土碟片包括軟碟、光碟、CD-ROMs、及磁光碟,唯讀記 憶體(ROMs),隨機存取記憶體(RAMs),EpR〇Ms, EEPROMs,磁卡或光卡,或任何其它類型適合儲存電子指 令的媒體,各自耦合至電腦系統匯流排。指令可使用一或 多個處理裝置(例如處理器、中央處理單元等)執 594493 A7
此處呈現之演算法及顯示器並未特別關聯任何特殊電腦 或其它裝置。根據此處教示多種通用用途機器可用於該^ 程式,或證實可方便地建構更為特化裝置來執行所需 步驟。多種機器所需結構由後文說明將顯然自明。此外/, 本發明並未就任何特殊程式語言做說明。需了解可使用多 種程式語1來實施此處所示之發明教示。
裝 訂
線 後文具體實施例之說明中,將參照附圖舉例顯示說明可 實施本發明之特定具體實施例。附圖巾,數幅視圖間類似 的參考編號將表示實質類似組件。料具时施例係以充 分細節說明而讓熟諳技藝人士可實施本發明。可未悖離本 發明之範圍利用其它具體實施例以及做出結構、邏輯、及 電二改變。此外,需了解,雖然本發明之各個具體實施例 各異但無需為排它性。例如一個具體實施例描述的特殊特 色、結構或特性可含括於其它具體實施例之範圍。因此後 文詳細說明非為限制性。本發明之範圍僅由隨附之申請專 利範圍連同具體實施例之完整相當範圍所界定。
本發明方法及裝置提供虛擬機器監控器(VMM)之處理器 支援。圖1舉例說明可實施本發明之虛擬機器環境1⑻之一 具體實施例。該具體實施例中,裸平台硬體116包含運算平 口其例如可執行標準作業系統(0S)或虛擬機器監控器 (VMM)如VMM U2。VMM雖然典型係於軟體實施,但可輸 出裸機器介面如模擬至較高階軟體。此種較高階軟體包含 標準或即時作業系統,但本發明之範圍非僅限於此一^ 面,另外,例如VMM可於另一 VMM内部或頂上執行。VMM 594493 A7 B7 五、發明説明(5 ) 及其典型特色及功能為業界人士眾所周知,可於例如軟 體、韌體或多種技術的組合實施。 如前文說明,VMM將一或多部虛擬機器(VMs)之摘要呈 現給其它軟體(亦即「客屬軟體」)。圖1顯示二VMs、102及 104。各個VM之客屬軟體包括一個客屬作業系統,如客屬 作業系統104或106以及多種客屬軟體應用程式108- 110。各個 客屬作業系統104及106預期控制存取硬體平台内部之實體 資源(例如處理器暫存器、記憶體及記憶體映射I/O裝 置),客屬作業系統104或106於該等實體資源執行以及發揮 其它功能。但於虛擬機器環境下,VMM 112可被實體資源 有最終控制俾提供VMs 102及112的適當操作,以及保護VMs 102及114。VMM 112經由截取客屬作業系統104及106之全部 存取電腦實體資源而達成此項目的。可使用多種技術讓 VMM 112做前述截取。其中一項技術為客屬去除特權技 術,該技術強迫全部客屬軟體於某種硬體特權階層操作, 該特權階層不允許該軟體存取某些硬體資源。結果當客屬 作業系統104或106試圖存取任何此等硬體資源時,客屬作 業系統被「捕陷」至VMM 112,換言之客屬作業系統初始 化的操作若涉及存取此等硬體資源,則VMM 112對此等操 作取得控制權。 圖2顯示支援客屬去除特權之VMM操作之先前技藝具體 實施例。如前述,客屬去除特權強迫客屬作業系統以較不 具特權的執行模式執行。用於IA-32微處理器,以頁為基 礎的保護性質讓全部客屬軟體於最不具特權的階層(亦即 -9 - 本纸張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
裝 訂
線 594493 A7 B7 五、發明説明(6 ) 環3)操作。換言之,客屬作業系統206及客屬應用程式204係 於相同特權階層操作。結果,客屬作業系統206無法保護其 本身不接觸客屬應用程式204,因而可能損害客屬作業系統 206的完整性。此項問題稱作環狀壓縮。 客屬去除特權也可能造成位址-空間壓縮問題。如前 述,某些客屬軟體試圖存取硬體資源結果導致被捕陷而移 轉控制權給VMM 220。為了做控制權的移轉,部分VMM碼 及/或資料結構可能要求其架構係駐在客屬作業系統206的 相同虛擬位址空間。例如IA-32指令集架構(ISA)可能要求 中斷描述器表(IDT) 212、通用描述器表(GDT) 210及陷阱處理 常式駐在客屬作業系統206的相同虛擬空間。駐在虛擬空間 202的VMM碼及資料結構220必須被保護不被客屬軟體存取 (例如經由於環0操作)。如此客屬作業系統206並非如客屬 作業系統206預期般控制整個位址空間202。如此造成位址-空間壓縮問題。 使用客屬去除特權之VMMs之另一項限制係有關某些案 例,某些案例中處理器無法阻止客屬軟體讀取帶有特權的 硬體資源。例如IA-32微處理器讓客屬作業系統206執行 PUSH CS指令,該指令將碼節段暫存器儲存於記憶體。此等 暫存器欄位之一係儲存有關目前特權階層的資訊。如此, 客屬作業系統206經由從記憶體中讀取目前特權階層而知曉 其特權階層為3,並非如客屬作業系統206預期者為0。結 果,客屬作業系統206暴露於其係於虛擬機器操作的事實, 而客屬作業系統206之完整性可能受損。 _____· 10-_ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
裝 訂
594493 A7 B7 五、發明説明(7 ) 同理,某些案例中,處理器並未捕陷客屬軟體試圖修改 帶有特權之軟體資源。例如IA - 32處理器讓客屬作業系統 206發出POPF指令,POPF指令試圖載入EFLAGS而非產生陷 阱,單純忽略全部或部分此等客屬作業系統206試圖修改帶 有特權的軟體資源,原因在於客屬作業系統206執行此等指 令之特權不足之故。結果,客屬作業系統206認為對應 EFLAGS攔位已經被修改,但VMM 220完全未覺察該點而無 法適當模擬此項修改。如此客屬作業系統206暴露於下述事 實,客屬作業系統206係於虛擬機器上操作,而客屬作業系 統206之完整性不會受損。 使用客屬去除特權之VM監控器之又另一項限制係因過 度捕陷所引起的限制。由於必須被保護不會被客屬軟體所 存取的硬體資源元件數目相當大,而此種存取次數頻繁, 因而經常發生陷阱。例如IA-32微處理器支援CLI指令。發 出CLI指令修改中斷旗標,中斷旗標為帶有特權之硬體資源 之元件,如此無法由未帶特權的軟體所存取。客屬作業系 統206於其操作期間常見發出此等指令,因而經常對VMM 220造成陷阱。經常被陷阱捕陷對系統效能產生負面影響且 降低VMM 220之利用率。 本發明經由對VMM提供處理器支援而解決前述問題及多 項其它限制。圖3為根據本發明之一具體實施例,對虛擬 機器監控器提供處理器支援系統之方塊圖。 參照圖3,全部客屬軟體係於此處稱作為虛擬32-位元模 式(V32模式)的處理器模式操作。V32模式讓客屬軟體於其 _-11 -_ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐) 594493 A7 B7 五、發明説明(8 ) 預期的特權階層操作。例如對IA - 32 ISA而言,客屬0S 308 係於最高特權階層(亦即環0)操作,客屬應用程式306係於 最不具特權的階層(亦即環3)操作。V32模式藉由防止客屬 軟體執行操作,而該等操作可能導致其存取某些特權硬體 資源而限制客屬軟體的作業。當客屬軟體試圖執行此等操 作時,V32模式跳出。 VMM 320係於V32模式外側執行。當過渡出離V32模式 時,VMM 320獲得對客屬OS 308或客屬應用程式306初始化 的作業控制權。然後VMM 320執行此項操作,經由進入V32 模式可將控制移轉回客屬軟體,藉此模擬客屬軟體預期的 功能。 一具體實施例中,V32模式之實施方式係維持旗標於處理 器的控制暫存器之一(例如CR0)俾指示處理器是否於V32模 式。另一具體實施例中,此一旗標(於此處稱作EFLAGS.V32) 係維持於EFLAGS上半的保留位元之一。EFLAGS. V32旗標係 藉過渡出離V32模式或過渡進入V32模式而予修改。 一具體實施例中,處理器支援V32模式之能力係使用保留 特色位元之一報告,當CPUID指令以值1而於EAX執行時, 該保留特色位元被送返EDX。須注意可使用多項其它機轉 來執行V32模式,以及報告處理器支援V32模式之能力而未 喪失其一般性。 一具體實施例中,某些例外以及中斷造成過渡出離V32模 式。此等例外及中斷包括「虛擬陷阱」。當於V32模式操作 的客屬軟體試圖執行一項作業而該作業可能導致其存取某 ___J2j_____ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐) 594493 A7 B7 五、發明説明(9 ) 些帶有特權的硬體資源時,產生虛擬陷阱。一具體實施例 中,當發生過渡出離V32模式時,客屬位址空間304自動變 更成VMM位址空間302。此外,客屬軟體使用的處理器模態 被儲存於暫時性暫存器,VMM 320要求的處理器模態被載 入0 一具體實施例中,當發生過渡進入V32模式時,於過渡出 離V32模式時被儲存(換言之至VMM 320)之處理態自動被恢 復,VMM位址空間302改成客屬位址空間304,控制權返回 客屬OS 308。 一具體實施例中,軟體中斷(例如經由執行BOUND、INT 或INTO指令造成的中斷)係由客屬OS 308使用客屬IDT(亦即 駐在客屬位址空間304的IDT)處理。所有其它中斷及例外 (包括虛擬陷阱)皆造成過渡出離V32模式,結果導致客屬位 址空間304改成VMM位址空間302。然後IDT 316用來指向處 理對應例外或中斷的碼。 一具體實施例中,新中斷旗標(亦即虛擬機器中斷旗標) 由客屬軟體維持存取。當客屬軟體試圖存取中斷旗標(IF) 時,取而代之,客屬軟體將存取虛擬機器中斷旗標 (VMIF)。一具體實施例中,客屬軟體試圖存取VMIF(例 如使用CLI指令存取)不會造成過渡出離V32模式,但當客屬 〇S 308剛好設定VMIF為1 (例如經由STI指令設定)且VMM 320希望傳輸一個擱置的中斷給客屬OS 308時例外。此種搁 置的中斷於此處稱作「虛擬搁置中斷」,其產生虛擬陷 阱,而當客屬OS 308發訊通知其準備處理此種中斷時,讓 ___ 本纸張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
裝
線 594493 發明説明(10 丽酬輸搁置中斷給客屬軟體。—具體實施例中 EFLAGS暫存器上半保留位元之—用來維持旗標,該旗標指 不客屬軟體是否有擱置的虛擬中斷。 執行V32模式可解決如前文說明造成客屬被去除特權的所 有問題。特別,由於客屬軟體係於其意圖的特權階層而於 V32模式操作’故可免除環狀壓縮問題。此外,由^擬陷 阱造成切換至VMM位址空間302,因而位址空間壓縮不再成 問題,故控制傳輸表或處理對應虛擬陷阱之碼皆無需駐在 客屬位址空間304。 而 此外,因V32模式上客屬軟體可於其預期的特權階層操 作’故需被保護的硬體資源不再包括控制特權階層的硬^ 資源元件。例如前述PUSHCS指令不再告知客屬沉3〇8其^ ^虛擬機器上操作,原因在於碼節段暫存器之儲存有關目 前特權階層資訊的欄位現在變成儲存客屬〇s 3〇8預期的特 榷階層。同理,試圖載入EFLAGSi p〇pF指令於藉客屬〇s 308執行時不再被忽略,原因在於客屬呢2〇6係以足夠特權 來執行此等指令之故。 如此,需要被保護的硬體資源元件數目減少,若任何需 要被保護硬f豆貝源元件允终藉客屬軟體做無陷畔的讀或寫 存取,則此等元件具特殊架構可於V32模式執行時引發陷 胖。如此消除經由無陷阱讀寫存取引發的問題。此外,因 V32模式的執行可減少需要被保護的硬體資源元件數目,故 當客屬軟體嘗試存取此等元件時出現的陷阱數目也減少。 經由提供消除最常用的指令造成的陷阱機制,可更進一步 _ ...... ~ 14 - 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐) 裝 訂 線 594493 A7 B7 五、發明説明(11 ) 減少陷阱出現的頻次。例如,STI指令除非係於客屬軟體帶 有搁置虛擬中斷,否則不再造成陷阱。 圖4為根據本發明之一具體實施例,對虛擬機器監控器 提供處理器支援之方法400之流程圖。於處理方塊404,客 屬軟體係於處理器模式(亦即V32模式)執行,該模式讓客屬 軟體可於客屬軟體所預期的特權階層操作。換言之,客屬 0 S可於監督者特權階層操作,而客屬應用程式可於使用 者特權階層操作。 於處理方塊406,識別客屬軟體意圖執行V32模式所限制 的操作。回應於此項意圖,V32模式跳出,將對客屬軟體初 始化的操作之控制權移轉給於V32模式外側執行的VMM(處 理器方塊408)。一具體實施例中,VMM配置決定何種操作 需引發過渡出離V32模式,如後文參照圖7進一步說明其細 節。一具體實施例中,此種操作產生虛擬陷阱,造成過渡 出離V32模式。另外,業界已知之任何其它機制皆可用來造 成過渡出離V32模式。執行過渡出離V32模式之具體實施例 將於後文關聯圖5進一步說明其細節。 又,VMM回應於客屬軟體預期的操作(處理方塊410)。隨 後,再度進入V32模式而將此操作的控制移轉回客屬軟體 (處理方塊412),方法400返回處理方塊404。一具體實施例 中,當發生過渡進入V32模式時,客屬軟體預期的處理器模 態被自動恢復,VMM位址空間改成客屬位址空間。 圖5為根據本發明之一具體實施例,執行過渡出離V32模 式之方法500之流程圖。方法500始於儲存客屬軟體使用的 _-15-_ 本紙張尺度適用中國國家標準(CNS) A4規格(210X 297公釐) 裝 訂
線 594493 A7 B7 五、發明説明(12 ) 處理器模態(處理方塊504)。一具體實施例中,儲存的處理 器模態係儲存於處理器暫時暫存器。於處理方塊506,VMM 要求的處理器模態載入處理器暫存器。一具體實施例中, 載入處理器模態影響客屬位址空間改成VMM位址空間(例 如處理器模態係經由載入控制暫存器CR3而載入)·。另一具 體實施例中,載入處理器模態不會改變處理器空間。此種 具體實施例中,於處理方塊508,執行位址空間切換而將客 屬位址空間移轉給VMM位址空間。如此當中斷或例外而引 發發生變遷過渡時,駐在VMM位址空間的IDT自動用來指向 駐在VMM碼處理此項中斷或例外。圖6為根據本發明之一 具體實施例,產生虛擬陷阱方法600之流程圖。方法600始 於識別客屬軟體試圖執行受V32模式限制的操作(處理方塊 604)。於決策框606,決定客屬軟體的意圖是否可能成功。 若決定為肯定,則產生虛擬陷阱(處理方塊608)。另外,未 產生虛擬陷阱,客屬軟體繼續操作(處理方塊610)。例如根 據IA - 32 ISA,RDMSR指令只可由軟體以監督者特權操作執 行。結果具監督者特權的客屬軟體Ο S執行此項指令時, 其意圖可能成功。若帶有使用者特權之客屬應用程式執行 此項指令,則其意圖將不會成功,而將出現一般性保護錯 誤。如此客屬OS意圖執行RDMSR指令將引發虛擬陷阱,但 客屬應用程式意圖執行則係由客屬Ο S處理。 一具體實施例中,虛擬陷阱將由客屬Ο S可能成功地意 圖存取處理器控制暫存器(例如CR0-CR4)而引發。例如對 IA - 32處理器而言,虛擬陷阱將回應於客屬軟體意圖執行 ___-16-__ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
裝 訂
線 594493 A7 一 _ B7 五、發明説明(13 ) MOV CR(但意圖儲存CR2除外,CR2無需引發虛擬陷胖)、 CLTS、LMSW或SMSW指令或任務開關。若客屬軟體具有擱 置的虛擬中斷,則虛擬陷阱也可經由客屬軟體可能成功地 意圖設定中斷旗標IF (例如透過STI、POPF或IRET指令)所引 發。至於IA-32 ISA,成功地意圖執行HLT、IN、 INS/INSB/INSW/INSD、INVD、OUT、OUTS/OUTSB/OUTSW/OUTSD 、RDMSR以及WRMSR等也將引發虚擬陷阱。此等虚擬陷阱 可防止客屬軟體中止處理器,以及防止客屬軟體直接存取 I / 0埠、快取記憶體或特定模式暫存器。此外,虛擬陷阱 可能由下列意圖引發:意圖執行CPUID指令來讓VMM呈現該 VMM所選的處理器特色摘要而引發;意圖執行INVLPG指令 讓VMM可適當虛擬位址平移而引發;以及意圖執行客屬軟 體用來實施VMM而允許遞歸巢套VMMs的IRET指令(若IRET 用來過渡進入V32模式)所引發。 圖7為根據本發明之一具體實施例,用以維持重複指示 映射表方法700之流程圖。根據此一具體實施例,VMM維持 重複指示映射表而組態配置何種中斷及例外將導致虛擬陷 阱(處理方塊704)。於處理方塊706,辨識出現中斷或例外。 然後參考重複指示映射表,找出於重複指示映射表中關聯 此項中斷或例外的位元(處理方塊708)。 於決策框710,決定此項中斷是否允許由客屬0 S處理。 若決定為肯定,則中斷或例外傳輸給V32模式,則由客屬 〇 s處理(處理方塊714)。另外,產,生虛擬陷阱,引發過渡 出離V32模式(處理方塊712)。 ______-17-___ 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐〉 594493 A7
體存取中斷旗標:提供幻影中斷旗標(例如eflagsvmif)藉 客屬軟體修改而阻止;經由回應於客屬軟體的此項意圖而 產生虛擬陷阱予以阻止;或經由使用業界已知之任何其它 技術予以阻止。 圖8為根據本發明之-具體實施例,控制中斷罩蓋方法 800之,程·圖。多個具體實施例可用來控制中斷的罩蓋。一 /、to貝施例中,當執行客屬軟體時全部中斷皆未經罩蓋。 八心· 〃施例中客屬軟體被允許操控中斷旗標(例如用 ^ΙΑ=32微處理器,此旗標被識別為eflagsif),但就中 斷罩蓋而言此項操控將被忽略。另一具體實施例中,中斷 的罩盖係依據中斷旗標決定。本具體實施例中,不容許客 屬軟體掭縱中斷旗標。特別,經由下列方式可阻止客屬軟 方法800始於識別客屬軟體意圖修改中斷旗標,而該意圖 可能控制中斷的罩蓋(處理方塊8〇4)。於決策框8〇6,判定中 斷旗標是否控制中斷的罩蓋。若判定為否定,換言之全部 中斷皆未經罩蓋,則允許客屬軟體修改中斷旗標(處理方 塊808)。如前述,此項修改將不會對中斷的罩蓋造成任何 影響。 否則,若中斷的罩蓋係依據中斷旗標決定,則判定是否 存在有幻影中斷旗標,亦即客屬軟體意圖影響中斷的罩蓋 是否影響幻影旗標(決策框810)。若判定為否定,亦即客屬 軟體意圖修改真正中斷旗標,則出現虛擬陷阱(處理方塊 812),引發過渡出離V32模式(處理方塊816)。另外,若實際 中斷旗標為客屬軟體所無法存取,則允許該客屬軟體修改 -18- 本紙張尺度適用中國國家標準(CNS) A4規格(210X 297公釐)
裝 訂
594493 A7 B7 五、發明説明(15 ) 幻影中斷旗標(處理方塊814)。 圖9為處理系統之具體實施例之方塊圖。處理系統900包 括處理器920及記憶體930。處理器920可為任一型可執行軟 體的處理器,例如微處理器、數位信號處理器、微控制器 等。處理系統900可為個人電腦(PC)、主機電腦、手持裝 置、可攜式電腦、機上盒或任何其它含括軟體的系統。 記憶體930可為硬碟、軟碟、隨機存取記憶體(RAM)、唯 讀記憶體(ROM)、快閃記憶體或任何其它類型可由處理器 920讀取的機器媒體。記憶體930可儲存指令用以執行本發 明之多種方法具體實施例,例如方法400、500、600、700及 800(圖 4- 8)。 須了解前文說明僅供舉例說明之用而非限制性。多種其 它具體實施例對業界人士研讀並了解前文說明時將顯然自 明。因此,本發明之範圍將參照隨附之申請專利範圍連同 該申請專利範圍相當之完整範圍決定。 __ 19- 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
Claims (1)
- 594493第090132037號專利申請案 g8 中文申請專利範圍替換本(93年3月)C8 六、申請專利範圍 ~~ 1· 一種用以提供處理器支援至一虛擬機器監控器之方法, 其包含: 於處理器模式執行客屬軟體,該處理器模式讓客屬軟 體可於客屬軟體所意圖的特權階層操作;以及 回應於客屬軟體意圖執行該處理器模式所限制的操 作,跳出茲處理器模式,而將操作的控制移轉給於該處 理器模式以外執行的虛擬機器監控器(VMM)。 2·如申請專利範圍第丨項之方法,其進一步包含: 回應於該操作;以及 經由進入該處理器模式而移轉該操作之控制給客屬軟 3.如申印專利範圍第2項之方法,其中進入該處理器模式包 括載入客屬軟體所預期的處理器模態。 4·如申請專利範圍第丨項之方法,其中跳出處理器模式進一 步包含: 儲存客屬軟體使用的處理器模態;以及 載入VMM要求的處理器模態。 5·如申請專利範圍第1項之方法,其中跳出該處理器模態進 一步包含由關聯客屬軟體之位址空間自動移轉至關聯 VMM之位址空間。 6·如申請專利範圍第1項之方法,其進一步包含維持旗標於 處理器控制暫存器’俾指示處理器是否於該處理器模 式。 ^ 7.如申請專利範圍第丨項之方法,其進一步包含報告處理器 本紙張尺度適用中國國家標準(CNS) Α4規格(210X 297公釐) 594493使用多個送返處理器暫存器之保留特色位元之—, 該處理器模式之能力。 ’後 8·如申請專利範圍第!項之方法,其中跳出該處理琴模式包 含回應於客屬軟體意圖執行處理器模式限制的操作\= 產生多數中斷之例外之一。 9·如申請專利範圍第8項之方法,其中產生多數中斷之例外 之一進一步包括: 識別客屬軟體意圖執行處理器模式所限制的操作;以 及 , 判定客屬軟體的該項意圖可能成功。 10·如申請專利範圍第8項之方法,其進一步包含· 對該多數中斷之例外維持重複指示位元映射表,該重 複指π位元映射表指示多數中斷及例外各別是否允許由 客屬軟體處理;以及 參照重複指示位元映射表俾決定是否跳出該處理器模 式。 11.如申請專利範圍第8項之方法,其進一步包含: 辨識客屬軟體意圖修改中斷旗標;以及 若孩中斷旗標不會控制中斷的罩蓋,則修改該中斷旗 標。 12·如申請專利範圍第8項之方法,其進一步包含: 識別客屬軟體意圖修改中斷旗標;以及 阻止客屬軟體修改中斷旗標的意圖。 13.如申請專利範圍第丨2項之方法,其中阻止客屬軟體修改 -2 - 本紙張尺度賴中S S家標準(CNS) Α4規格⑽Χ297公复)裝594493中斷旗標的意圖包括提供一個幻影中斷旗標供客屬軟體 做修改。 κ如=請專利範圍第12項之方法,其中阻止客屬軟體修改 中斷旗標的意圖包括回應於客屬軟體修改中斷旗標的意 圖,而產生多數中斷及例外之一。 15· —種用以提供處理器支援至一虛擬機器監控器之系統, 其包含: 一記憶體;以及 一處理器’該處理器係耦合至記憶體俾於處理器模式 執行客屬軟體,該處理器模式讓客屬軟體可於客屬軟體 意圖的特權階層操作;俾辨識客屬軟體意圖執行該處理 器模式限制的操作;以及俾回應於該項意圖跳出該處理 器模式’俾移轉對該操作的控制給於處理器模式外洳執 行的虛擬機器監控器(VMM)。 16·如申請專利範圍第1 5項之系統,其中該處理器於VMM回 應於該項操作後將再度進入該處理器模式。 17·如申請專利範圍第1 6項之系統,其中該處理器當再度進 入該處理器模式時將載入客屬軟體所預期的處理器模 態。 18·如申請專利範圍第1 5項之系統,其中該處理器於跳出該 處理器模式時,將儲存客屬軟體使用的處理器模態、以 及將載入VMM要求的處理器模態。 19·如申請專利範圍第1 5項之系統,其中跳出該處理器模式 進一步包含自動移轉關聯客屬軟體之位址空間至關聯 -3- 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐) 594493VMM之位址空間。 其中該處理器將維持一 示處理器是否於該處理 20·如申請專利範圍第1 5項之系統, 個旗標於處理器控制暫存器俾指 器模式。 其中該處理器將報告支 技这處理&模式使料返處理器暫存器之多數保留特色 位元之一來支援該處理器模式之能力。 22·如申請專利範圍第15項m其中該處理器回應於客 屬軟體意圖執行該處理器模式限制的操作, 中斷及例外之一。 23·如申請專利第22項m其中該處理器於判定客 屬軟體意圖執行處理器模式所限制的操作可能成功時, 產生多數中斷及例外之一。 24·如申明專利範圍第2 2項之系统,其中該處理器將參考重 複私示位元映射表,俾決定是否跳出該處理器模式,重 複指示位元映射表指示多數中斷及例外各別是否允許由 客屬軟體處理。 25·如申印專利範圍第2 2項之系統,其中該處理器將辨識客 屬軟體修改中斷旗標的意圖,以及若該中斷旗標不會控 制中斷的罩蓋,則修改中斷旗標。 26·如申凊專利範圍第2 2項之系統,其中該處理器將辨識客 屬軟體修改中斷旗標的意圖,以及阻止客屬軟體修改中 斷旗標的意圖。 27·如申請專利範圍第2 6項之系統,其中該處理器係經由提 -4- 本紙張尺度通用中國國家標準(CNS) A4規格(210X 297公釐) 5944932個幻影中斷旗標由客屬軟體所修改,俾阻 體修改中斷旗標的意圖。 各屬叙 讀取媒體,其當^處理器上執行時提供指令 文使處理器執行操作,該媒體包含: " 於處理器模式執行客屬軟體,該處理器模式允許 軟體於客屬軟體意欲的特權階層操作;以及 β 回應於客屬軟體意圖執行處理器模式限制的操作,跳 出域理器模式俾移轉該操作的控制給於處理器模式外 側執行的VMM。 攻如申請專利㈣第28項之電腦可讀取㈣,其提供額外 指令致使處理器執行下列操作包含: 回應於該操作;以及 經由進入該處理器模式而移轉該操作的控制給客屬軟 體。 30·如申請專利範圍第28項之電腦可讀取媒體,其進一步包 含額外指令致使處理器執行下列操作包含: 對多數中及例外維持重複指示位元映射表,該重複 指示位元映射表指示多數中斷及例外各自是否被允許由 客屬軟體處理;以及 參考該重複指示位元映射表俾決定是否跳出該處理器 模式。 -5- 本紙張尺度適用中國國家標準(CNS) A4規格(210 X 297公釐)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/752,134 US7818808B1 (en) | 2000-12-27 | 2000-12-27 | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
Publications (1)
Publication Number | Publication Date |
---|---|
TW594493B true TW594493B (en) | 2004-06-21 |
Family
ID=25025025
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW090132037A TW594493B (en) | 2000-12-27 | 2001-12-24 | New processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
Country Status (11)
Country | Link |
---|---|
US (1) | US7818808B1 (zh) |
KR (1) | KR100602157B1 (zh) |
CN (1) | CN1295604C (zh) |
AU (1) | AU2002217992A1 (zh) |
BR (1) | BR0116599A (zh) |
DE (1) | DE10197121B4 (zh) |
GB (1) | GB2386230B (zh) |
HK (1) | HK1058255A1 (zh) |
RU (1) | RU2265880C2 (zh) |
TW (1) | TW594493B (zh) |
WO (1) | WO2002052404A2 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI457784B (zh) * | 2011-12-31 | 2014-10-21 | Intel Corp | 虛擬機器監視器運行時間完整性觀察器之硬體保護 |
TWI509518B (zh) * | 2009-09-22 | 2015-11-21 | Ibm | 用於改良巢式虛擬化之性能的方法、中央處理單元裝置及系統 |
TWI511049B (zh) * | 2008-07-28 | 2015-12-01 | Advanced Risc Mach Ltd | 用於虛擬處理設備之中斷控制的方法及設備 |
US10303503B2 (en) | 2011-12-31 | 2019-05-28 | Intel Corporation | Hardware protection of virtual machine monitor runtime integrity watcher |
Families Citing this family (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7260820B1 (en) * | 2001-04-26 | 2007-08-21 | Vm Ware, Inc. | Undefeatable transformation for virtual machine I/O operations |
US7103529B2 (en) | 2001-09-27 | 2006-09-05 | Intel Corporation | Method for providing system integrity and legacy environment emulation |
US7793286B2 (en) * | 2002-12-19 | 2010-09-07 | Intel Corporation | Methods and systems to manage machine state in virtual machine operations |
US7424709B2 (en) * | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US7802250B2 (en) * | 2004-06-28 | 2010-09-21 | Intel Corporation | Support for transitioning to a virtual machine monitor based upon the privilege level of guest software |
US7484247B2 (en) * | 2004-08-07 | 2009-01-27 | Allen F Rozman | System and method for protecting a computer system from malicious software |
EP1669864B1 (en) | 2004-12-03 | 2010-06-02 | STMicroelectronics Srl | A process for managing virtual machines in a physical processing machine, corresponding processor system and computer program product therefor |
US7685635B2 (en) * | 2005-03-11 | 2010-03-23 | Microsoft Corporation | Systems and methods for multi-level intercept processing in a virtual machine environment |
EP1736875A1 (en) * | 2005-06-21 | 2006-12-27 | Alcatel | Method of operating a computer system |
CN100399274C (zh) * | 2005-09-19 | 2008-07-02 | 联想(北京)有限公司 | 一种虚拟机系统输入/输出设备动态分配的方法及其设备 |
US8572604B2 (en) | 2005-11-12 | 2013-10-29 | Intel Corporation | Method and apparatus to support virtualization with code patches |
CN100464276C (zh) * | 2005-12-30 | 2009-02-25 | 联想(北京)有限公司 | 配置和保护用户软硬件配置信息的方法和系统 |
US8286162B2 (en) * | 2005-12-30 | 2012-10-09 | Intel Corporation | Delivering interrupts directly to a virtual processor |
US7506121B2 (en) * | 2005-12-30 | 2009-03-17 | Intel Corporation | Method and apparatus for a guest to access a memory mapped device |
JP4233585B2 (ja) * | 2006-07-25 | 2009-03-04 | 株式会社エヌ・ティ・ティ・ドコモ | ペリフェラル切替装置及びペリフェラル切替制御装置 |
US7882336B2 (en) * | 2007-02-01 | 2011-02-01 | International Business Machines Corporation | Employing a buffer to facilitate instruction execution |
CN103751194B (zh) | 2007-06-22 | 2018-01-05 | 海德拉生物科学公司 | 用于治疗病症的方法和组合物 |
US8763115B2 (en) * | 2007-08-08 | 2014-06-24 | Vmware, Inc. | Impeding progress of malicious guest software |
US7996648B2 (en) | 2007-12-19 | 2011-08-09 | Microsoft Corporation | Coupled symbiotic operating systems |
US8522236B2 (en) | 2007-12-28 | 2013-08-27 | Intel Corporation | Method and system for establishing a robust virtualized environment |
KR101425621B1 (ko) | 2008-01-15 | 2014-07-31 | 삼성전자주식회사 | 컨텐츠를 안전하게 공유하는 방법 및 시스템 |
CN101493781B (zh) * | 2008-01-24 | 2012-02-15 | 中国长城计算机深圳股份有限公司 | 一种虚拟机系统及其启动方法 |
US8578483B2 (en) * | 2008-07-31 | 2013-11-05 | Carnegie Mellon University | Systems and methods for preventing unauthorized modification of an operating system |
US9424211B2 (en) | 2008-12-31 | 2016-08-23 | Intel Corporation | Providing multiple virtual device controllers by redirecting an interrupt from a physical device controller |
US8510735B2 (en) * | 2009-02-11 | 2013-08-13 | International Business Machines Corporation | Runtime environment for virtualizing information technology appliances |
US9396000B2 (en) * | 2010-06-25 | 2016-07-19 | Intel Corporation | Methods and systems to permit multiple virtual machines to separately configure and access a physical device |
US9032525B2 (en) | 2011-03-29 | 2015-05-12 | Mcafee, Inc. | System and method for below-operating system trapping of driver filter attachment |
US8959638B2 (en) | 2011-03-29 | 2015-02-17 | Mcafee, Inc. | System and method for below-operating system trapping and securing of interdriver communication |
US8966629B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for below-operating system trapping of driver loading and unloading |
US8925089B2 (en) | 2011-03-29 | 2014-12-30 | Mcafee, Inc. | System and method for below-operating system modification of malicious code on an electronic device |
US8863283B2 (en) * | 2011-03-31 | 2014-10-14 | Mcafee, Inc. | System and method for securing access to system calls |
US9262246B2 (en) | 2011-03-31 | 2016-02-16 | Mcafee, Inc. | System and method for securing memory and storage of an electronic device with a below-operating system security agent |
US9317690B2 (en) | 2011-03-28 | 2016-04-19 | Mcafee, Inc. | System and method for firmware based anti-malware security |
US8966624B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for securing an input/output path of an application against malware with a below-operating system security agent |
US9038176B2 (en) | 2011-03-31 | 2015-05-19 | Mcafee, Inc. | System and method for below-operating system trapping and securing loading of code into memory |
US9087199B2 (en) | 2011-03-31 | 2015-07-21 | Mcafee, Inc. | System and method for providing a secured operating system execution environment |
US8813227B2 (en) | 2011-03-29 | 2014-08-19 | Mcafee, Inc. | System and method for below-operating system regulation and control of self-modifying code |
WO2013169249A1 (en) * | 2012-05-09 | 2013-11-14 | Intel Corporation | Scheduling tasks among processor cores |
US9304874B2 (en) | 2014-02-03 | 2016-04-05 | Red Hat Israel, Ltd. | Virtual machine-guest driven state restoring by hypervisor |
US10963280B2 (en) * | 2016-02-03 | 2021-03-30 | Advanced Micro Devices, Inc. | Hypervisor post-write notification of control and debug register updates |
US20210026950A1 (en) * | 2016-03-07 | 2021-01-28 | Crowdstrike, Inc. | Hypervisor-based redirection of system calls and interrupt-based task offloading |
CN107977252A (zh) * | 2016-10-21 | 2018-05-01 | 中兴通讯股份有限公司 | 一种云平台业务的缩容方法、装置及云平台 |
US10360353B2 (en) * | 2017-02-08 | 2019-07-23 | International Business Machines Corporation | Execution control of computer software instructions |
US11423140B1 (en) | 2017-03-27 | 2022-08-23 | Melih Abdulhayoglu | Auto-containment of guest user applications |
US10951644B1 (en) | 2017-04-07 | 2021-03-16 | Comodo Security Solutions, Inc. | Auto-containment of potentially vulnerable applications |
Family Cites Families (229)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3699532A (en) | 1970-04-21 | 1972-10-17 | Singer Co | Multiprogramming control for a data handling system |
US3996449A (en) | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
US4162536A (en) | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
US4037214A (en) | 1976-04-30 | 1977-07-19 | International Business Machines Corporation | Key register controlled accessing system |
US4247905A (en) | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
US4278837A (en) | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4276594A (en) | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
US4207609A (en) | 1978-05-08 | 1980-06-10 | International Business Machines Corporation | Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system |
JPS5823570B2 (ja) | 1978-11-30 | 1983-05-16 | 国産電機株式会社 | 液面検出装置 |
JPS5576447A (en) | 1978-12-01 | 1980-06-09 | Fujitsu Ltd | Address control system for software simulation |
US4307447A (en) | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
US4319323A (en) | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
US4419724A (en) | 1980-04-14 | 1983-12-06 | Sperry Corporation | Main bus interface package |
US4366537A (en) | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
US4403283A (en) | 1980-07-28 | 1983-09-06 | Ncr Corporation | Extended memory system and method |
DE3034581A1 (de) | 1980-09-13 | 1982-04-22 | Robert Bosch Gmbh, 7000 Stuttgart | Auslesesicherung bei einchip-mikroprozessoren |
JPS58140862A (ja) | 1982-02-16 | 1983-08-20 | Toshiba Corp | 相互排他方式 |
US4521852A (en) | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
JPS59111561A (ja) | 1982-12-17 | 1984-06-27 | Hitachi Ltd | 複合プロセツサ・システムのアクセス制御方式 |
US4759064A (en) | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US4975836A (en) | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
US4787031A (en) * | 1985-01-04 | 1988-11-22 | Digital Equipment Corporation | Computer with virtual machine mode and multiple protection rings |
JPS61206057A (ja) | 1985-03-11 | 1986-09-12 | Hitachi Ltd | アドレス変換装置 |
FR2592510B1 (fr) | 1985-12-31 | 1988-02-12 | Bull Cp8 | Procede et appareil pour certifier des services obtenus a l'aide d'un support portatif tel qu'une carte a memoire |
FR2601476B1 (fr) | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour authentifier une donnee d'habilitation externe par un objet portatif tel qu'une carte a memoire |
FR2601525B1 (fr) | 1986-07-11 | 1988-10-21 | Bull Cp8 | Dispositif de securite interdisant le fonctionnement d'un ensemble electronique apres une premiere coupure de son alimentation electrique |
FR2601535B1 (fr) | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour certifier l'authenticite d'une donnee echangee entre deux dispositifs connectes en local ou a distance par une ligne de transmission |
FR2618002B1 (fr) | 1987-07-10 | 1991-07-05 | Schlumberger Ind Sa | Procede et systeme d'authentification de cartes a memoire electronique |
US5007082A (en) | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
US5079737A (en) | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
US5434999A (en) | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
FR2640798B1 (fr) | 1988-12-20 | 1993-01-08 | Bull Cp8 | Dispositif de traitement de donnees comportant une memoire non volatile electriquement effacable et reprogrammable |
JPH02171934A (ja) | 1988-12-26 | 1990-07-03 | Hitachi Ltd | 仮想計算機システム |
JPH02208740A (ja) | 1989-02-09 | 1990-08-20 | Fujitsu Ltd | 仮想計算機制御方式 |
US5781753A (en) | 1989-02-24 | 1998-07-14 | Advanced Micro Devices, Inc. | Semi-autonomous RISC pipelines for overlapped execution of RISC-like instructions within the multiple superscalar execution units of a processor having distributed pipeline control for speculative and out-of-order execution of complex instructions |
US5442645A (en) | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
JP2590267B2 (ja) | 1989-06-30 | 1997-03-12 | 株式会社日立製作所 | 仮想計算機における表示制御方式 |
US5022077A (en) | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
JP2825550B2 (ja) | 1989-09-21 | 1998-11-18 | 株式会社日立製作所 | 多重仮想空間アドレス制御方法および計算機システム |
CA2010591C (en) | 1989-10-20 | 1999-01-26 | Phillip M. Adams | Kernels, description tables and device drivers |
CA2027799A1 (en) | 1989-11-03 | 1991-05-04 | David A. Miller | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
US5075842A (en) | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
EP0473913A3 (en) | 1990-09-04 | 1992-12-16 | International Business Machines Corporation | Method and apparatus for providing a service pool of virtual machines for a plurality of vm users |
US5108590A (en) | 1990-09-12 | 1992-04-28 | Disanto Dennis | Water dispenser |
US5230069A (en) | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
US5317705A (en) | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
US5287363A (en) | 1991-07-01 | 1994-02-15 | Disk Technician Corporation | System for locating and anticipating data storage media failures |
US5437033A (en) | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
US5255379A (en) | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
US5453003A (en) | 1991-01-09 | 1995-09-26 | Pfefferle; William C. | Catalytic method |
US5551033A (en) | 1991-05-17 | 1996-08-27 | Zenith Data Systems Corporation | Apparatus for maintaining one interrupt mask register in conformity with another in a manner invisible to an executing program |
US5319760A (en) | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
US5522075A (en) * | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
US5455909A (en) | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
US5237669A (en) * | 1991-07-15 | 1993-08-17 | Quarterdeck Office Systems, Inc. | Memory management method |
JPH06236284A (ja) * | 1991-10-21 | 1994-08-23 | Intel Corp | コンピュータシステム処理状態を保存及び復元する方法及びコンピュータシステム |
US5627987A (en) | 1991-11-29 | 1997-05-06 | Kabushiki Kaisha Toshiba | Memory management and protection system for virtual memory in computer system |
US5574936A (en) | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
US5486529A (en) | 1992-04-16 | 1996-01-23 | Zeneca Limited | Certain pyridyl ketones for treating diseases involving leukocyte elastase |
US5421006A (en) | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5237616A (en) | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
US5293424A (en) | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5796835A (en) | 1992-10-27 | 1998-08-18 | Bull Cp8 | Method and system for writing information in a data carrier making it possible to later certify the originality of this information |
JP2765411B2 (ja) * | 1992-11-30 | 1998-06-18 | 株式会社日立製作所 | 仮想計算機方式 |
EP0600112A1 (de) | 1992-11-30 | 1994-06-08 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Datenverarbeitungsanlage mit virtueller Speicheradressierung und schlüsselgesteuertem Speicherzugriff |
US5668971A (en) | 1992-12-01 | 1997-09-16 | Compaq Computer Corporation | Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer |
EP0602867A1 (en) | 1992-12-17 | 1994-06-22 | NCR International, Inc. | An apparatus for securing a system platform |
JPH06187178A (ja) | 1992-12-18 | 1994-07-08 | Hitachi Ltd | 仮想計算機システムの入出力割込み制御方法 |
US5483656A (en) | 1993-01-14 | 1996-01-09 | Apple Computer, Inc. | System for managing power consumption of devices coupled to a common bus |
US5469557A (en) | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
FR2703800B1 (fr) | 1993-04-06 | 1995-05-24 | Bull Cp8 | Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre. |
FR2704341B1 (fr) | 1993-04-22 | 1995-06-02 | Bull Cp8 | Dispositif de protection des clés d'une carte à puce. |
JPH06348867A (ja) | 1993-06-04 | 1994-12-22 | Hitachi Ltd | マイクロコンピュータ |
FR2706210B1 (fr) | 1993-06-08 | 1995-07-21 | Bull Cp8 | Procédé d'authentification d'un objet portatif par un terminal hors ligne, objet portatif et terminal correspondants. |
US5555385A (en) | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
US5825880A (en) | 1994-01-13 | 1998-10-20 | Sudia; Frank W. | Multi-step digital signature method and system |
US5459869A (en) | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
US5604805A (en) | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
FR2717286B1 (fr) | 1994-03-09 | 1996-04-05 | Bull Cp8 | Procédé et dispositif pour authentifier un support de données destiné à permettre une transaction ou l'accès à un service ou à un lieu, et support correspondant. |
US5684881A (en) | 1994-05-23 | 1997-11-04 | Matsushita Electric Industrial Co., Ltd. | Sound field and sound image control apparatus and method |
US5539828A (en) | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5473692A (en) | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5533123A (en) | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
US5978481A (en) | 1994-08-16 | 1999-11-02 | Intel Corporation | Modem compatible method and apparatus for encrypting data that is transparent to software applications |
JPH0883211A (ja) | 1994-09-12 | 1996-03-26 | Mitsubishi Electric Corp | データ処理装置 |
EP0706275B1 (en) | 1994-09-15 | 2006-01-25 | International Business Machines Corporation | System and method for secure storage and distribution of data using digital signatures |
US6058478A (en) | 1994-09-30 | 2000-05-02 | Intel Corporation | Apparatus and method for a vetted field upgrade |
FR2725537B1 (fr) | 1994-10-11 | 1996-11-22 | Bull Cp8 | Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe |
US5903752A (en) | 1994-10-13 | 1999-05-11 | Intel Corporation | Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system |
US5606617A (en) | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5564040A (en) | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
US6269392B1 (en) | 1994-11-15 | 2001-07-31 | Christian Cotichini | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent |
US5560013A (en) | 1994-12-06 | 1996-09-24 | International Business Machines Corporation | Method of using a target processor to execute programs of a source architecture that uses multiple address spaces |
US5901312A (en) * | 1994-12-13 | 1999-05-04 | Microsoft Corporation | Providing application programs with unmediated access to a contested hardware resource |
US5555414A (en) | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
US5615263A (en) | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5764969A (en) | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
FR2731536B1 (fr) | 1995-03-10 | 1997-04-18 | Schlumberger Ind Sa | Procede d'inscription securisee d'informations dans un support portable |
US5717903A (en) | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
JP3451595B2 (ja) | 1995-06-07 | 2003-09-29 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 二つの別個の命令セット・アーキテクチャへの拡張をサポートすることができるアーキテクチャ・モード制御を備えたマイクロプロセッサ |
US5684948A (en) | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
US5633929A (en) | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
US5737760A (en) | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
US6093213A (en) | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
JP3693721B2 (ja) | 1995-11-10 | 2005-09-07 | Necエレクトロニクス株式会社 | フラッシュメモリ内蔵マイクロコンピュータ及びそのテスト方法 |
IL116708A (en) | 1996-01-08 | 2000-12-06 | Smart Link Ltd | Real-time task manager for a personal computer |
WO1997025798A1 (en) | 1996-01-11 | 1997-07-17 | Mrj, Inc. | System for controlling access and distribution of digital property |
US5657445A (en) | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
IL117085A (en) | 1996-02-08 | 2005-07-25 | Milsys Ltd | Secure computer system |
US5835594A (en) | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5978892A (en) | 1996-05-03 | 1999-11-02 | Digital Equipment Corporation | Virtual memory allocation in a virtual address space having an inaccessible gap |
US5809546A (en) | 1996-05-23 | 1998-09-15 | International Business Machines Corporation | Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers |
US6178509B1 (en) | 1996-06-13 | 2001-01-23 | Intel Corporation | Tamper resistant methods and apparatus |
US6205550B1 (en) | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
US6175925B1 (en) | 1996-06-13 | 2001-01-16 | Intel Corporation | Tamper resistant player for scrambled contents |
US5729760A (en) | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US5757604A (en) | 1996-06-27 | 1998-05-26 | Raychem Corporation | Surge arrester having grooved and ridged terminals |
US5944821A (en) | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US6199152B1 (en) | 1996-08-22 | 2001-03-06 | Transmeta Corporation | Translated memory protection apparatus for an advanced microprocessor |
US5740178A (en) | 1996-08-29 | 1998-04-14 | Lucent Technologies Inc. | Software for controlling a reliable backup memory |
US6055637A (en) | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US5844986A (en) | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5937063A (en) | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5935242A (en) | 1996-10-28 | 1999-08-10 | Sun Microsystems, Inc. | Method and apparatus for initializing a device |
JPH10134008A (ja) | 1996-11-05 | 1998-05-22 | Mitsubishi Electric Corp | 半導体装置およびコンピュータシステム |
US5852717A (en) | 1996-11-20 | 1998-12-22 | Shiva Corporation | Performance optimizations for computer networks utilizing HTTP |
DE19649292A1 (de) | 1996-11-28 | 1998-06-04 | Deutsche Telekom Ag | Verfahren zum Sichern eines durch eine Schlüsselhierarchie geschützten Systems |
US5901225A (en) | 1996-12-05 | 1999-05-04 | Advanced Micro Devices, Inc. | System and method for performing software patches in embedded systems |
US5757919A (en) | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
US5818939A (en) | 1996-12-18 | 1998-10-06 | Intel Corporation | Optimized security functionality in an electronic system |
US6412035B1 (en) | 1997-02-03 | 2002-06-25 | Real Time, Inc. | Apparatus and method for decreasing the response times of interrupt service routines |
US5953502A (en) | 1997-02-13 | 1999-09-14 | Helbig, Sr.; Walter A | Method and apparatus for enhancing computer system security |
JP4000654B2 (ja) | 1997-02-27 | 2007-10-31 | セイコーエプソン株式会社 | 半導体装置及び電子機器 |
US6272637B1 (en) | 1997-04-14 | 2001-08-07 | Dallas Semiconductor Corporation | Systems and methods for protecting access to encrypted information |
US6557104B2 (en) | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
US6044478A (en) | 1997-05-30 | 2000-03-28 | National Semiconductor Corporation | Cache with finely granular locked-down regions |
US6075938A (en) | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US5987557A (en) | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
US6175924B1 (en) | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6035374A (en) | 1997-06-25 | 2000-03-07 | Sun Microsystems, Inc. | Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency |
US6584565B1 (en) | 1997-07-15 | 2003-06-24 | Hewlett-Packard Development Company, L.P. | Method and apparatus for long term verification of digital signatures |
US6014745A (en) | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US6212635B1 (en) | 1997-07-18 | 2001-04-03 | David C. Reardon | Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place |
US5978475A (en) | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
DE19735948C1 (de) | 1997-08-19 | 1998-10-01 | Siemens Nixdorf Inf Syst | Verfahren zur Verbesserung der Steuerungsmöglichkeit in Datenverarbeitungsanlagen mit Adreßübersetzung |
US6996828B1 (en) * | 1997-09-12 | 2006-02-07 | Hitachi, Ltd. | Multi-OS configuration method |
US6282657B1 (en) | 1997-09-16 | 2001-08-28 | Safenet, Inc. | Kernel mode protection |
US5935247A (en) | 1997-09-18 | 1999-08-10 | Geneticware Co., Ltd. | Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same |
US6148379A (en) | 1997-09-19 | 2000-11-14 | Silicon Graphics, Inc. | System, method and computer program product for page sharing between fault-isolated cells in a distributed shared memory system |
US6182089B1 (en) | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
US6061794A (en) | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US6357004B1 (en) | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US5970147A (en) | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
US6085296A (en) | 1997-11-12 | 2000-07-04 | Digital Equipment Corporation | Sharing memory pages and page tables among computer processes |
US6219787B1 (en) | 1997-12-22 | 2001-04-17 | Texas Instruments Incorporated | Method and apparatus for extending security model to native code |
US6378072B1 (en) | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6308270B1 (en) | 1998-02-13 | 2001-10-23 | Schlumberger Technologies, Inc. | Validating and certifying execution of a software program with a smart card |
US6108644A (en) | 1998-02-19 | 2000-08-22 | At&T Corp. | System and method for electronic transactions |
US6131166A (en) | 1998-03-13 | 2000-10-10 | Sun Microsystems, Inc. | System and method for cross-platform application level power management |
US6192455B1 (en) | 1998-03-30 | 2001-02-20 | Intel Corporation | Apparatus and method for preventing access to SMRAM space through AGP addressing |
US6374286B1 (en) | 1998-04-06 | 2002-04-16 | Rockwell Collins, Inc. | Real time processor capable of concurrently running multiple independent JAVA machines |
US6173417B1 (en) | 1998-04-30 | 2001-01-09 | Intel Corporation | Initializing and restarting operating systems |
US6795966B1 (en) * | 1998-05-15 | 2004-09-21 | Vmware, Inc. | Mechanism for restoring, porting, replicating and checkpointing computer systems using state extraction |
US6496847B1 (en) * | 1998-05-15 | 2002-12-17 | Vmware, Inc. | System and method for virtualizing computer systems |
US6397242B1 (en) * | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
FR2778998B1 (fr) | 1998-05-20 | 2000-06-30 | Schlumberger Ind Sa | Procede d'authentification d'un code personnel d'un utilisateur d'une carte a circuit integre |
EP0961193B1 (en) | 1998-05-29 | 2010-09-01 | Texas Instruments Incorporated | Secure computing device |
US6421702B1 (en) | 1998-06-09 | 2002-07-16 | Advanced Micro Devices, Inc. | Interrupt driven isochronous task scheduler system |
US6339815B1 (en) | 1998-08-14 | 2002-01-15 | Silicon Storage Technology, Inc. | Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space |
US6505279B1 (en) | 1998-08-14 | 2003-01-07 | Silicon Storage Technology, Inc. | Microcontroller system having security circuitry to selectively lock portions of a program memory address space |
US6363485B1 (en) | 1998-09-09 | 2002-03-26 | Entrust Technologies Limited | Multi-factor biometric authenticating device and method |
US6463535B1 (en) | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
US6230248B1 (en) | 1998-10-12 | 2001-05-08 | Institute For The Development Of Emerging Architectures, L.L.C. | Method and apparatus for pre-validating regions in a virtual addressing scheme |
US6609199B1 (en) | 1998-10-26 | 2003-08-19 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US6327652B1 (en) | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US6330670B1 (en) | 1998-10-26 | 2001-12-11 | Microsoft Corporation | Digital rights management operating system |
US7194092B1 (en) | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US6453392B1 (en) * | 1998-11-10 | 2002-09-17 | International Business Machines Corporation | Method of and apparatus for sharing dedicated devices between virtual machine guests |
US6445797B1 (en) | 1998-12-16 | 2002-09-03 | Secure Choice Llc | Method and system for performing secure electronic digital streaming |
US6463537B1 (en) | 1999-01-04 | 2002-10-08 | Codex Technologies, Inc. | Modified computer motherboard security and identification system |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6560627B1 (en) | 1999-01-28 | 2003-05-06 | Cisco Technology, Inc. | Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore |
US7111290B1 (en) | 1999-01-28 | 2006-09-19 | Ati International Srl | Profiling program execution to identify frequently-executed portions and to assist binary translation |
US6188257B1 (en) | 1999-02-01 | 2001-02-13 | Vlsi Technology, Inc. | Power-on-reset logic with secure power down capability |
EP1030237A1 (en) | 1999-02-15 | 2000-08-23 | Hewlett-Packard Company | Trusted hardware device in a computer |
US6272533B1 (en) | 1999-02-16 | 2001-08-07 | Hendrik A. Browne | Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device |
US7225333B2 (en) | 1999-03-27 | 2007-05-29 | Microsoft Corporation | Secure processor architecture for use with a digital rights management (DRM) system on a computing device |
US6615278B1 (en) | 1999-03-29 | 2003-09-02 | International Business Machines Corporation | Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment |
US6684326B1 (en) | 1999-03-31 | 2004-01-27 | International Business Machines Corporation | Method and system for authenticated boot operations in a computer system of a networked computing environment |
US6651171B1 (en) | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
US6389537B1 (en) | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US6275933B1 (en) | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
EP1055989A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for digitally signing a document |
EP1056014A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for providing a trustworthy user interface |
US6321314B1 (en) | 1999-06-09 | 2001-11-20 | Ati International S.R.L. | Method and apparatus for restricting memory access |
US6633981B1 (en) | 1999-06-18 | 2003-10-14 | Intel Corporation | Electronic system and method for controlling access through user authentication |
US6158546A (en) | 1999-06-25 | 2000-12-12 | Tenneco Automotive Inc. | Straight through muffler with conically-ended output passage |
US6301646B1 (en) | 1999-07-30 | 2001-10-09 | Curl Corporation | Pointer verification system and method |
US6529909B1 (en) | 1999-08-31 | 2003-03-04 | Accenture Llp | Method for translating an object attribute converter in an information services patterns environment |
JP2001148344A (ja) | 1999-09-09 | 2001-05-29 | Nikon Corp | 露光装置、エネルギ源の出力制御方法、該方法を用いるレーザ装置、及びデバイス製造方法 |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
US6535988B1 (en) | 1999-09-29 | 2003-03-18 | Intel Corporation | System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate |
US6374317B1 (en) | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
GB9923804D0 (en) | 1999-10-08 | 1999-12-08 | Hewlett Packard Co | Electronic commerce system |
US6292874B1 (en) | 1999-10-19 | 2001-09-18 | Advanced Technology Materials, Inc. | Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges |
US20010027527A1 (en) | 2000-02-25 | 2001-10-04 | Yuri Khidekel | Secure transaction system |
WO2001065366A1 (en) | 2000-03-02 | 2001-09-07 | Alarity Corporation | System and method for process protection |
JP3710671B2 (ja) | 2000-03-14 | 2005-10-26 | シャープ株式会社 | 1チップマイクロコンピュータ及びそれを用いたicカード、並びに1チップマイクロコンピュータのアクセス制御方法 |
CA2341931C (en) | 2000-03-24 | 2006-05-30 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6651132B1 (en) * | 2000-07-17 | 2003-11-18 | Microsoft Corporation | System and method for emulating the operation of a translation look-aside buffer |
GB0020416D0 (en) | 2000-08-18 | 2000-10-04 | Hewlett Packard Co | Trusted system |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
US7631160B2 (en) | 2001-04-04 | 2009-12-08 | Advanced Micro Devices, Inc. | Method and apparatus for securing portions of memory |
US6976136B2 (en) | 2001-05-07 | 2005-12-13 | National Semiconductor Corporation | Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller |
US7676430B2 (en) | 2001-05-09 | 2010-03-09 | Lenovo (Singapore) Ptd. Ltd. | System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset |
EP1271277A3 (en) | 2001-06-26 | 2003-02-05 | Redstrike B.V. | Security system and software to prevent unauthorized use of a computing device |
US20030018892A1 (en) | 2001-07-19 | 2003-01-23 | Jose Tello | Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer |
US7191464B2 (en) | 2001-10-16 | 2007-03-13 | Lenovo Pte. Ltd. | Method and system for tracking a secure boot in a trusted computing environment |
US7103771B2 (en) | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US20030126453A1 (en) | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
US7107460B2 (en) | 2002-02-15 | 2006-09-12 | International Business Machines Corporation | Method and system for securing enablement access to a data security device |
US7343493B2 (en) | 2002-03-28 | 2008-03-11 | Lenovo (Singapore) Pte. Ltd. | Encrypted file system using TCPA |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
-
2000
- 2000-12-27 US US09/752,134 patent/US7818808B1/en not_active Expired - Fee Related
-
2001
- 2001-11-27 KR KR1020037008692A patent/KR100602157B1/ko not_active IP Right Cessation
- 2001-11-27 BR BR0116599-2A patent/BR0116599A/pt not_active Application Discontinuation
- 2001-11-27 CN CNB018215750A patent/CN1295604C/zh not_active Expired - Fee Related
- 2001-11-27 WO PCT/US2001/045061 patent/WO2002052404A2/en not_active Application Discontinuation
- 2001-11-27 DE DE10197121T patent/DE10197121B4/de not_active Expired - Fee Related
- 2001-11-27 RU RU2003123118/09A patent/RU2265880C2/ru not_active IP Right Cessation
- 2001-11-27 GB GB0314030A patent/GB2386230B/en not_active Expired - Fee Related
- 2001-11-27 AU AU2002217992A patent/AU2002217992A1/en not_active Abandoned
- 2001-12-24 TW TW090132037A patent/TW594493B/zh not_active IP Right Cessation
-
2004
- 2004-02-11 HK HK04100915A patent/HK1058255A1/xx not_active IP Right Cessation
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI511049B (zh) * | 2008-07-28 | 2015-12-01 | Advanced Risc Mach Ltd | 用於虛擬處理設備之中斷控制的方法及設備 |
TWI509518B (zh) * | 2009-09-22 | 2015-11-21 | Ibm | 用於改良巢式虛擬化之性能的方法、中央處理單元裝置及系統 |
TWI457784B (zh) * | 2011-12-31 | 2014-10-21 | Intel Corp | 虛擬機器監視器運行時間完整性觀察器之硬體保護 |
US10303503B2 (en) | 2011-12-31 | 2019-05-28 | Intel Corporation | Hardware protection of virtual machine monitor runtime integrity watcher |
Also Published As
Publication number | Publication date |
---|---|
WO2002052404A3 (en) | 2003-09-12 |
KR20040028704A (ko) | 2004-04-03 |
CN1295604C (zh) | 2007-01-17 |
AU2002217992A1 (en) | 2002-07-08 |
GB0314030D0 (en) | 2003-07-23 |
DE10197121B4 (de) | 2009-10-01 |
WO2002052404A2 (en) | 2002-07-04 |
DE10197121T1 (de) | 2003-11-13 |
GB2386230B (en) | 2005-03-02 |
HK1058255A1 (en) | 2004-05-07 |
RU2265880C2 (ru) | 2005-12-10 |
GB2386230A (en) | 2003-09-10 |
US7818808B1 (en) | 2010-10-19 |
RU2003123118A (ru) | 2005-01-10 |
KR100602157B1 (ko) | 2006-07-19 |
BR0116599A (pt) | 2004-06-15 |
CN1561485A (zh) | 2005-01-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW594493B (en) | New processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor | |
US10191761B2 (en) | Adaptive dynamic selection and application of multiple virtualization techniques | |
US7552426B2 (en) | Systems and methods for using synthetic instructions in a virtual machine | |
US8479195B2 (en) | Dynamic selection and application of multiple virtualization techniques | |
EP1939754B1 (en) | Providing protected access to critical memory regions | |
US7886293B2 (en) | Optimizing system behavior in a virtual machine environment | |
JP4688862B2 (ja) | 仮想マシン環境における仮想マシンのシングルステップ機能のサポートを提供すること | |
US7209994B1 (en) | Processor that maintains virtual interrupt state and injects virtual interrupts into virtual machine guests | |
US7418584B1 (en) | Executing system management mode code as virtual machine guest | |
US20050076186A1 (en) | Systems and methods for improving the x86 architecture for processor virtualization, and software systems and methods for utilizing the improvements | |
JP2004526229A (ja) | 仮想マシン・モニタとゲスト・オペレーティング・システムの間のアドレス空間の競合を解決するための方法 | |
JP6530723B2 (ja) | コンピュータシステム内における複数のハイパーバイザーの共同運用を容易にするためのシステムおよび方法 | |
KR20130036189A (ko) | 하드웨어 모드와 보안 플래그에 의존하여 판독된 명령어에 대한 메모리 영역의 제한 | |
US10120738B2 (en) | Hypervisor techniques for performing non-faulting reads in virtual machines | |
JP2004258840A (ja) | 仮想化されたi/oデバイスをもつ計算機システム | |
US10963280B2 (en) | Hypervisor post-write notification of control and debug register updates | |
KR20110019750A (ko) | 호스트 데이터 처리장치내의 디바이스 에뮬레이션 지원 | |
JP6920286B2 (ja) | 例外処理 | |
JP2018531462A6 (ja) | 例外処理 | |
US11216280B2 (en) | Exception interception | |
Suzuki et al. | Analysis of the ARM architecture’s ability to support a virtual machine monitor through a simple implementation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |