US20090113111A1 - Secure identification of execution contexts - Google Patents
Secure identification of execution contexts Download PDFInfo
- Publication number
- US20090113111A1 US20090113111A1 US12/261,159 US26115908A US2009113111A1 US 20090113111 A1 US20090113111 A1 US 20090113111A1 US 26115908 A US26115908 A US 26115908A US 2009113111 A1 US2009113111 A1 US 2009113111A1
- Authority
- US
- United States
- Prior art keywords
- vmm
- execution context
- data
- guest
- context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 claims abstract description 164
- 230000006870 function Effects 0.000 claims description 44
- 238000004590 computer program Methods 0.000 claims description 38
- 239000000872 buffer Substances 0.000 claims description 30
- 238000012546 transfer Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims 2
- 230000008569 process Effects 0.000 abstract description 66
- 238000013507 mapping Methods 0.000 description 62
- 230000004888 barrier function Effects 0.000 description 41
- 230000007246 mechanism Effects 0.000 description 37
- 230000007704 transition Effects 0.000 description 29
- 238000002955 isolation Methods 0.000 description 26
- 238000013519 translation Methods 0.000 description 18
- 230000014616 translation Effects 0.000 description 18
- 238000013459 approach Methods 0.000 description 17
- 238000007726 management method Methods 0.000 description 12
- 230000002085 persistent effect Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 7
- 238000012986 modification Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 5
- 238000012384 transportation and delivery Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 4
- 230000001010 compromised effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000010354 integration Effects 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 3
- 230000011218 segmentation Effects 0.000 description 3
- UPLPHRJJTCUQAY-WIRWPRASSA-N 2,3-thioepoxy madol Chemical compound C([C@@H]1CC2)[C@@H]3S[C@@H]3C[C@]1(C)[C@@H]1[C@@H]2[C@@H]2CC[C@](C)(O)[C@@]2(C)CC1 UPLPHRJJTCUQAY-WIRWPRASSA-N 0.000 description 2
- 101000941170 Homo sapiens U6 snRNA phosphodiesterase 1 Proteins 0.000 description 2
- 102100031314 U6 snRNA phosphodiesterase 1 Human genes 0.000 description 2
- 238000010367 cloning Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000001404 mediated effect Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000007935 neutral effect Effects 0.000 description 2
- 230000036961 partial effect Effects 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 238000009420 retrofitting Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 230000001131 transforming effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000011065 in-situ storage Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/461—Saving or restoring of program or task context
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1027—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB]
- G06F12/1036—Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] for multiple virtual address spaces, e.g. segmentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
- G06F11/1451—Management of the data involved in backup or backup restore by selection of backup contents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1479—Generic software techniques for error detection or fault masking
- G06F11/1482—Generic software techniques for error detection or fault masking by means of middleware or OS functionality
- G06F11/1484—Generic software techniques for error detection or fault masking by means of middleware or OS functionality involving virtual machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1009—Address translation using page tables, e.g. page table structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
- G06F9/4484—Executing subprograms
- G06F9/4486—Formation of subprogram jump address
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/815—Virtual
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/84—Using snapshots, i.e. a logical point-in-time copy of the data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/15—Use in a specific computing environment
- G06F2212/151—Emulated environment, e.g. virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/65—Details of virtual memory and virtual address translation
- G06F2212/651—Multi-level translation tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/65—Details of virtual memory and virtual address translation
- G06F2212/657—Virtual address space management
Definitions
- This application is related to:
- One or more embodiments of the present invention relate to identifying an application or process in a virtual machine in order to locate resources associated with the identified application.
- OS Commodity operating systems
- a virtual addressing mechanism in which different software modules within the system have different virtual address spaces, with each virtual address space generally being mapped to different portions of the physical address space of the computer system, so that the virtual addresses of a given software module are generally only mapped to physical addresses that contain the code or data of that particular software module.
- Virtual addressing mechanisms are well understood by one of ordinary skill in the art. A given software module may attempt to access every memory location in its own virtual address space, accessing every memory location to which it has access, and it will still only be able to access its own code and data (assuming that there is no shared memory).
- providing a virtual addressing mechanism provides some isolation between the code and data of multiple software modules in a computer system and, therefore, provides some security.
- the x86 architecture provides two primary memory protection mechanisms that may be used by an OS (or other system software) to try to isolate the code and data of multiple tasks or processes that execute on the processor, namely, a segmentation mechanism and a paging mechanism.
- OS or other system software
- Windows and Linux use the paging mechanism, but they generally do not take advantage of the segmentation mechanism. Instead, these OSs define segments that include the entire addressable range of the processor, so that the segmentation protection mechanism becomes ineffective in providing isolation between the code and data of multiple tasks.
- this discussion focuses on the paging mechanism of the x86 processor, which implements a virtual addressing mechanism.
- the invention is not limited to implementations using the x86 processor, or implementations using similar memory protection mechanisms.
- the OS creates a different set of page tables (and a page directory) for each virtual address space, which maps the respective virtual addresses to physical addresses.
- the page tables for a given user process map that process's virtual addresses to the physical addresses that contain the code and data for that process.
- the page tables for the user processes also contain mappings for code and data of the OS, but the user processes cannot use these mappings because the user processes are executed at a Current Privilege Level (CPL) of 3 and these mappings are set to require a supervisor, i.e., a higher, privilege level (a CPL of 0, 1 or 2).
- CPL Current Privilege Level
- the page tables for a given user process generally only contain mappings to physical memory pages that contain that process's code and data. Therefore, a user process can generally only access its own code and data. Executing the user processes at a CPL of 3 also prevents the processes from modifying their own page tables. Otherwise, a process could add entries to its page tables that map to any physical address in the system, so that the process could give itself access to the code and data of other software modules, including other user processes and the OS.
- Windows and Linux generally provide adequate protection for the software modules in a computer system, so long as all of the software modules are well designed and well behaved, i.e., they are not attempting to circumvent the protection mechanism. Thus, many processes may be running concurrently in such a computer system, with the OS giving each process a share of the system resources, including processor time, memory space and hard disk space, without any of the processes interfering with the code or data of the other processes.
- a simple computer system 2 A has multiple software modules.
- the computer system 2 A includes system hardware 100 A, an OS 20 A, a first application 40 A and a second application 40 B.
- the system hardware 100 A may be conventional hardware based on, for example, the x86 platform, and the OS 20 A may be, for example, Windows or Linux.
- the applications 40 A and 40 B may be any applications designed to run on the system hardware 100 A and the OS 20 A.
- the OS 20 A also includes a set of drivers 29 A, which may be conventional drivers for the OS 20 A, possibly including one or more drivers from a company that is different from the OS vendor (a third party vendor).
- the OS 20 A in conjunction with the system hardware 100 A, attempts to isolate the code and data of the applications 40 A and 40 B from one another.
- the OS 20 A and the system hardware 100 A may implement a virtual addressing mechanism, as described above.
- implementing such a protection mechanism may be characterized as establishing an isolation barrier 80 B between the applications 40 A and 40 B, preventing (or at least hindering) one application from accessing the code and data of the other application.
- the OS 20 A may mark physical memory pages that contain shared code or data as read only, such as when using a copy-on-write (COW) technique.
- COW copy-on-write
- the isolation barrier 80 B may be referred to as an “OS isolation barrier” because it is implemented by the OS 20 A, in conjunction with the system hardware 100 A.
- the OS 20 A again in conjunction with the system hardware 100 A, also establishes an OS isolation barrier 80 A between the OS 20 A and all applications in the system, including the applications 40 A and 40 B, so that the applications are prevented (or hindered) from directly accessing the code and data of the OS 20 A.
- the OS isolation barrier 80 A is established by executing the applications in the system at a CPL of 3 and requiring a supervisor privilege level to access memory pages containing the code and data of the OS 20 A.
- hackers exploit the vulnerabilities of today's systems for a variety of reasons and with a variety of goals, some being relatively benign and others being quite destructive or disruptive.
- a malicious software module may be written and deployed that searches for sensitive data on a computer's hard drive or in its memory and transmits any such sensitive data back to the hacker that launched the malicious code.
- a general computer system 2 B referring now to FIG. 2 , is described in co-pending application Ser. No. 11/584,178, filed 20 Oct. 2006, titled “Isolating Data within a Computer System Using Private Shadow Mappings,” herein incorporated by reference in its entirety for all purposes, in which multiple VMs are implemented to isolate multiple software modules from one another.
- the computer system 2 B includes system hardware 100 B, which may be conventional hardware, such as hardware based on the x86 platform.
- the system hardware 100 B may be substantially the same as the system hardware 100 A of FIG. 1 , or it may be substantially different.
- Virtualization software 200 A executes on the system hardware 100 B and supports a plurality of VMs, such as a first VM 300 A and a second VM 300 B, in a known manner.
- Virtualization software 200 A may comprise a virtual machine monitor (VMM,) for example, such as a VMM as implemented in a virtualization product of VMware, Inc. of Palo Alto, Calif. Such a VMM and other possible units of the virtualization software 200 A are described in greater detail below.
- VMM virtual machine monitor
- the virtualization software 200 A virtualizes a virtual system hardware 310 A, which may be based on an existing hardware platform, such as the x86 platform.
- An OS 20 B along with a set of drivers 29 B, runs on the virtual system hardware 310 A.
- the OS 20 B may be any OS designed to run on the hardware platform virtualized in the virtual hardware 310 A.
- the OS 20 B may be, for example, a Windows OS, Solaris OS, Mac OS X, Novell Netware, or a Linux OS.
- the set of drivers 29 B may be conventional drivers for the OS 20 B.
- a first application 40 H and a second application 40 D run on the OS 20 B.
- the applications 40 H and 40 D may be any applications designed to run on the platform of the virtual hardware 310 A and the OS 20 B.
- the OS 20 B in conjunction with the virtual system hardware 310 A, attempts to isolate the code and data of the applications 40 H and 40 D from one another, establishing an OS isolation barrier 80 B between the applications 40 H and 40 D. Also similar to the OS 20 A of FIG. 1 , the OS 20 B, again in conjunction with the virtual system hardware 310 A, also establishes an OS isolation barrier 80 A between the OS 20 B and all applications in the VM 300 A, including the applications 40 H and 40 D.
- the VM 300 A may be substantially the same as the computer system 2 A, except that the virtual system hardware 310 A is virtual hardware, virtualized by the virtualization software 200 A, instead of physical hardware.
- the virtualization software 200 A virtualizes a virtual system hardware 310 B in a like manner as done for the VM 300 A.
- the virtualization software 200 A isolates the VMs in the computer system 2 B from one another.
- the virtualization software 200 A allows software within the VM 300 A to access portions of physical memory in the system hardware 100 B and it allows software within the VM 300 B to access other portions of the physical memory.
- the virtualization software 200 A maps attempted memory accesses from the respective VMs 300 A and 300 B to different portions of the physical memory, ensuring that no memory address generated by software in one VM can access code or data of another VM.
- the virtualization software 200 A maps attempted hard disk accesses from the respective VMs 300 A and 300 B to different portions of one or more hard disks in the system hardware 100 B, ensuring that one VM cannot access the hard disk space of another VM.
- the virtualization software 200 A also takes other precautions to isolate the VMs in the computer system 2 B from one another, and from the virtualization software 200 A, itself.
- U.S. Pat. No. 7,281,102 to Agesen et al., “Restricting Memory Access to Protect Data when Sharing a Common Address Space”, (“the '102 patent”) describes methods that may be used to enable a VMM to occupy a portion of a linear address space of a VM, while preventing the VM from accessing the memory of the VMM.
- the virtualization software 200 A may prevent software within the VMs 300 A and 300 B from directly accessing a Direct Memory Access (DMA) device to prevent the possibility that the DMA device could be used to access either the hard disk space or the memory of other VMs or of the virtualization software itself.
- DMA Direct Memory Access
- the virtualization software 200 A in conjunction with the system hardware 100 B, may be said to establish a first isolation barrier 280 B between the VMs 300 A and 300 B and a second isolation barrier 280 A between the virtualization software 200 A and all VMs in the computer system 2 B, including the VMs 300 A and 300 B.
- the isolation barriers 280 A and 280 B may be referred to as “virtualization barriers” because they are implemented by the virtualization software 200 A, in conjunction with the system hardware 100 B.
- the isolation barriers 280 A and 280 B may also be referred to as virtualization barriers because they are established through the virtualization of hardware resources, such as the virtualization of system memory.
- Virtualization techniques may provide better security and more effective isolation between multiple software modules than a general OS may provide.
- the virtualization barriers 280 A and 280 B of FIG. 2 can generally provide much better isolation between the multiple VMs 300 A and 300 B and the virtualization software 200 A than the OS isolation barriers 80 A and 80 B of FIG. 1 provide between the multiple applications 40 A and 40 B and the OS 20 A.
- computer systems that establish multiple VMs and that run different software modules within the different VMs generally provide better isolation for the software modules than do general OSs, such virtual computer systems have other limitations.
- a virtual-machine-based system in accordance with an embodiment of the present invention may protect the privacy and integrity of application data, even in the event of a total operating system compromise.
- Embodiments of the present invention present an application with a normal view of its resources, but the OS sees an encrypted view of these resources. This functionality allows the operating system to carry out the complex tasks of managing an application's resources, without allowing it to read or modify them. Thus, embodiments of the present invention offer defenses against application data being compromised.
- Embodiments of the present invention build on multi-shadowing, a mechanism that presents different views of “physical” memory, depending on the context performing the access. This approach offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors.
- Embodiments of the present invention do not replace the role of an existing operating system (OS) for managing resources. Instead, the isolation capabilities of the virtualization layer are extended to allow for protection of entities inside a virtual machine.
- OS operating system
- a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) implements a method of establishing an identity of a first execution context running in the VM where the method comprises: providing a shim program in a virtual address space of the first execution context; the shim program, upon initialization, associating a first page, having a first page address, with the first execution context and passing the first page address to the VMM; the VMM, upon receipt of the first page address from the shim program, assigning a unique identifier (ASID) for the first execution context, generating a second identifier value and writing the second identifier value and the ASID at the first page address; and the VMM returning the ASID to the shim program.
- VMM virtual machine monitor
- VM virtual machine
- a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) implements a method of confirming an identity of a first execution context running in the VM, the method comprising: the VMM receiving first identifying data corresponding to the first execution context; the VMM retrieving second data as a function of the received first identifying data; the VMM retrieving third data as a function of the received first identifying data; and the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
- VMM virtual machine monitor
- VM virtual machine
- a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein implements a method of facilitating a guest operating system (OS) running in the VM to perform at least one function for the first execution context, the method comprising: the VMM intercepting a first event from the first execution context to the guest OS; the VMM confirming an identity of the first execution context.
- VMM virtual machine monitor
- OS guest operating system
- the VMM saving a state of the first execution context in a memory space provided for the identified first execution context and passing a second event to the guest OS, the second event being a function of the first event and comprising control return location information; the guest OS processing the second event and returning control as a function of the control return location information; the VMM receiving a request to resume the first execution context; the VMM determining if the request to resume the first execution context is valid; and if the request to resume is valid, the VMM restoring the saved state of the first execution context; and the first execution context resuming operation.
- FIG. 1 illustrates a computer system running multiple software modules on a general operating system
- FIG. 2 illustrates a virtual computer system with multiple virtual machines (VMs) for running multiple software modules
- FIG. 3 illustrates a virtual computer system installed on a host platform, with a virtual machine monitor (VMM) at the same system level as the host operating system;
- VMM virtual machine monitor
- FIG. 4 illustrates an alternative configuration of a virtual computer system, which includes a kernel on which is run the VMM of FIG. 3 ;
- FIG. 5 is a representation of components used for known address mapping function
- FIG. 6 is a block diagram of the architecture of one embodiment of the present invention.
- FIG. 7 is a representation of multiple physical address mapping modules in accordance with one embodiment of the present invention.
- FIGS. 8A and 8B represent a flowchart of a process in accordance with one embodiment of the present invention.
- FIG. 9 is a state transition diagram for managing cloaked pages in accordance with one embodiment of the present invention.
- FIG. 10 is a representation of the components involved in metadata protection in accordance with an embodiment of the present invention.
- FIG. 11 is a representation of the control flow for handling faults and interrupts in accordance with an embodiment of the present invention.
- FIG. 12 is a state transition diagram for the control flow for handling system calls in accordance with an embodiment of the present invention.
- FIG. 13 is a flowchart of the steps for accessing memory in accordance with one embodiment of the present invention.
- a virtual-machine-based system in accordance with an embodiment of the present invention may protect the privacy and integrity of application data, even in the event of a total OS compromise.
- Embodiments of the present invention present an application with a normal view of its resources, but the OS with an encrypted view of those resources. This allows the operating system to carry out the complex tasks of managing an application's resources, without allowing it to read or modify them. Thus, embodiments of the present invention offer defenses against application data being compromised.
- Embodiments of the present invention build on “multi-shadowing,” a mechanism that presents different views of “physical” memory, depending on the context performing the access. This approach offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors.
- multi-shadowing leverages the extra level of indirection offered by memory virtualization in a virtual machine monitor (VMM) to provide a protection layer.
- VMM virtual machine monitor
- a typical VMM maintains a one-to-one mapping from guest “physical” addresses to actual machine addresses.
- Multi-shadowing replaces this with a one-to-many, context-dependent mapping, providing multiple views of guest memory.
- Embodiments of the present invention extend multi-shadowing to present an application with a cleartext view of its pages, and the OS with an encrypted view, a technique referred to as “cloaking.” Encryption-based protection allows resources to remain accessible to the OS, yet secure, permitting the OS to manage resources without compromising application privacy or integrity.
- a virtual machine is a software abstraction, i.e., a “virtualization” of an actual or an abstract physical computer system.
- the VM runs as a “guest” on an underlying “host” hardware platform.
- Guest software such as a guest OS and guest applications, may be loaded onto the virtual computer for execution.
- the guest OS may, but need not be, the same as the OS or other system software running at the system level in the host.
- a Windows OS may run in the VM even though the OS used to handle actual I/O (input/output), memory management, etc., on the host might be a Linux OS.
- a user of a VM need not even be aware that she is not using a “real” computer, that is, a system with hardware dedicated exclusively to her use.
- the existence of the underlying host can be made transparent to a user of the VM and to the guest software itself.
- FIG. 3 illustrates the main components of a computer system 2 X that supports a VM 300 X, as generally implemented in the Workstation virtualization product of VMware, Inc.
- the system hardware 100 X includes CPU(s) 112 X, which may be a single processor, or two or more cooperating processors in a known multiprocessor arrangement.
- the system hardware also includes system memory 118 X, one or more disks 120 X, and some form of Memory Management Unit (MMU) 116 X.
- MMU Memory Management Unit
- the system may instead use network-attached storage (NAS), such as a remote file server, i.e., one using NFS (Network File System) or CIFS (Common Internet File System) protocols, or a remote storage array via a storage-area network (SAN), or via a standard network, e.g., using the iSCSI (Internet Small Computer System Interface) protocol.
- NAS network-attached storage
- NFS Network File System
- CIFS Common Internet File System
- SAN storage-area network
- flash memory could be used to replace the disks.
- the system hardware also includes, or is connected to, conventional registers, interrupt handling circuitry, a clock, etc., which, for the sake of simplicity, are not shown in the figure.
- the system software 19 W either is or at least includes an operating system 20 W, which has drivers 29 W as needed for controlling and communicating with various devices 123 X, and usually with the disk 120 X as well.
- Conventional applications 40 W may be installed to run on the hardware 100 X via the system software 19 W and any drivers needed to enable communication with those devices.
- the virtual machine (VM) 300 X also known as a “virtual computer”—is a software implementation of a complete computer system.
- the physical system components of a “real” computer are emulated in software, that is, they are virtualized.
- the VM 300 X will typically include virtualized (“guest”) system hardware 310 X, which in turn includes one or more virtual CPUs 312 X (VCPU), virtual system memory 318 X (VMEM), one or more virtual disks 320 X (VDISK), and one or more virtual devices 323 X (VDEVICE), all of which are implemented in software using known techniques to emulate the corresponding components of an actual computer.
- guest virtualized
- VDISK virtual disks 320 X
- VDEVICE virtual devices 323 X
- the VM 300 X also includes system software 19 X, which may include a guest operating system 20 X, which may, but need not, simply be a copy of a conventional, commodity OS, as well as drivers 29 X as needed, for example, to control the virtual device(s) 323 X.
- system software 19 X may include a guest operating system 20 X, which may, but need not, simply be a copy of a conventional, commodity OS, as well as drivers 29 X as needed, for example, to control the virtual device(s) 323 X.
- FIG. 3 illustrates one or more applications 40 X installed to run on the guest OS 20 X; any number of applications, including none at all, may be loaded for running on the guest OS, limited only by the requirements of the VM.
- Software running in the VM 300 X, including the guest OS 20 X and the guest applications 40 X is generally referred to as “
- the virtual hardware “layer” 310 X will be a software abstraction of physical components, the VM's system software 19 X may be the same as would be loaded into a hardware computer.
- the modifier “guest” is used here to indicate that the VM, although it acts as a “real” computer from the perspective of a user and guest software, is actually just computer code that is executed on the underlying “host” hardware and software platform 100 X, 19 W.
- I/O to a virtual device 323 X will actually be carried out by I/O to a corresponding hardware device 123 X, but in a manner transparent to the VM.
- VMM Virtual Machine Monitor
- VMM should be interpreted broadly as virtualization software that supports the operation of a virtual machine, whether such virtualization software is referred to as a VMM, a hypervisor, or if some other terminology is used; or, in the event that some virtualization functionality is implemented or supported in hardware, the term VMM may be interpreted broadly as virtualization logic that supports the operation of a virtual machine.
- a VMM is usually a relatively thin layer of software that runs directly on top of a host, such as the system software 19 W, or directly on the hardware, and virtualizes the resources of the hardware platform.
- FIG. 3 shows virtualization software 200 X, which may be implemented as a VMM, running directly on the system hardware 100 X.
- the virtualization software 200 X is also referred to as a VMM 200 X herein, although it may alternatively comprise other virtualization software that may not be considered or called a VMM.
- the VMM 200 X will typically include at least one device emulator 254 X, which may also form the implementation of the virtual device(s) 323 X.
- the interface exported to the respective VM is usually such that the guest OS 20 X cannot determine the presence of the VMM.
- the VMM also usually tracks and either forwards (to the host OS 20 W) or itself schedules and handles all requests by its VM for machine resources, as well as various faults and interrupts.
- FIG. 3 therefore illustrates an interrupt (including fault) handler 252 X within the VMM.
- the VMM also includes a memory manager 256 X. The general features of VMMs are well known and are therefore not discussed in further detail here.
- a single VM 300 X is illustrated in FIG. 3 merely for the sake of simplicity; in many installations, there will be more than one VM installed to run on the common hardware platform; all may have essentially the same general structure, although the individual components need not be identical.
- a single VMM 200 X is the interface for the single VM 300 X. It would also be possible to include the VMM as part of its respective VM. Although the VMM is usually completely transparent to the VM, the VM and VMM may be viewed as a single module that virtualizes a computer system. The VM and VMM are shown as separate software entities in the figures merely for the sake of clarity. Moreover, it would also be possible to use a single VMM to act as the interface for more than one VM.
- both the host OS and the VMM are installed at system level, meaning that they each run at the greatest privilege level and can therefore independently modify the state of the hardware processor(s).
- the VMM may issue requests via the host OS 20 W.
- a special driver VMDRV 290 is installed just as any other driver within the host OS 20 W is installed and exposes a standard API to a user-level application VMAPP 292 .
- the VMM calls the driver VMDRV 290 , which then issues calls to the application VMAPP 292 , which then carries out the I/O request by calling the appropriate routine in the host OS.
- a line 280 X symbolizes the boundary between the virtualized (VM/VMM) and non-virtualized (host software) “worlds” or “contexts.”
- the driver VMDRV 290 and application VMAPP 292 thus enable communication between the worlds.
- the boundary 280 X may also be characterized as a “virtualization barrier”, as that term is used above.
- the virtualization barrier 280 X does not provide as complete a barrier, or as secure a barrier, between the host OS 20 W and the VM 300 X as the virtualization barrier 280 B provides between the VM 300 A and the VM 300 B shown in FIG. 2 .
- the virtualization barrier 280 X may be referred to more specifically as a “limited virtualization barrier,” while the virtualization barrier 280 B may be referred to more specifically as a “complete virtualization barrier” or as a “bidirectional virtualization barrier.”
- Another virtualization barrier would be established between the VM 300 X and any other VM in the computer system 2 X, although no such other virtualization barrier is illustrated in FIG. 3 because only one VM is illustrated.
- a virtualization barrier 280 W between the VM 300 X and the VMM 200 X operates substantially the same as the virtualization barrier 280 A shown in FIG. 2 .
- the VMM is co-resident at system level with a host operating system. Both the VMM and the host OS can independently modify the state of the host processor, but the VMM calls into the host OS via a driver and a dedicated user-level application to have the host OS perform certain I/O operations on behalf of the VM.
- the virtual computer in this configuration is thus fully hosted in that it runs on an existing host hardware platform and together with an existing host OS.
- a dedicated kernel takes the place, and performs the conventional functions, of the host OS, and virtual computers run on the kernel.
- a “kernel-based” virtual computer system in which a kernel serves as the system software for one or more VMM/VM pairs, is illustrated in FIG. 4 .
- use of a kernel offers greater modularity and facilitates provision of services that extend across multiple VMs (for example, for resource management).
- a kernel may offer greater performance because it can be co-developed with the VMM and be optimized for the characteristics of a workload consisting of VMMs.
- the ESX Server virtualization product of VMware, Inc. has such a configuration.
- a kernel-based virtualization system of the type illustrated in FIG. 4 is described in U.S. Pat. No. 6,961,941 to Nelson et al., “Computer Configuration for Resource Management in Systems Including a Virtual Machine”, (“the '941 patent”).
- the general configuration of a kernel-based virtual computer system 2 Y includes one or more virtual machines (VMs), such as a first VM 300 Y and a second VM 300 Z, each of which is installed as a “guest” on a “host” hardware platform 100 Y.
- the hardware platform 100 Y includes one or more processors (CPUs) 112 Y, system memory 118 Y, and one or more disks 120 Y.
- the hardware 100 Y may also include other conventional mechanisms such as a Memory Management Unit (MMU) 116 Y and various devices 123 Y.
- MMU Memory Management Unit
- the VM 300 Y includes virtual system hardware 310 Y, which typically includes at least one virtual CPU 312 Y, at least one virtual disk 320 Y, a virtual system memory 318 Y, and various virtual devices 323 Y.
- the VM 300 Y also includes a guest operating system 20 Y (which may simply be a copy of a conventional operating system) running on the virtual system hardware 310 Y, along with a set of drivers 29 Y for accessing the virtual devices 323 Y and the virtual disk 320 Y.
- One or more applications 40 Y may execute in the VM 300 Y on the guest OS 20 Y and the virtual system hardware 310 Y. All of the components of the VM may be implemented in software using known techniques to emulate the corresponding components of an actual computer.
- This implementation of the VM 300 Y may generally be substantially the same as the implementation of the VM 300 X shown in FIG. 3 .
- the VMs 300 Y and 300 Z are supported by a virtualization software 200 Y comprising a kernel 202 Y and a set of VMMs, including a first VMM 250 Y and a second VMM 250 Z.
- each VMM supports one VM.
- the VMM 250 Y supports the VM 300 Y
- the VMM 250 Z supports the VM 300 Z.
- the VMM 250 Y includes, among other components, device emulators 254 Y, which may constitute the virtual devices 323 Y that the VM 300 Y accesses.
- the VMM 250 Y may also include a memory manager 256 Y.
- the VMM also usually tracks and either forwards (to some form of system software,) or itself schedules and handles, all requests by its VM for machine resources, as well as various faults and interrupts.
- a mechanism known in the art as an exception or interrupt handler 252 Y may therefore be included in the VMM.
- the computer system 2 Y may, initially, have an existing operating system 20 Z that may be at system level, and the kernel 202 Y may not yet even be operational within the system.
- the initial system level interface between the OS 20 Z and the system hardware 100 Y is represented by a dashed line in FIG. 4 .
- one of the functions of the OS 20 Z may be to make it possible to load the kernel 202 Y, after which the kernel runs on the native hardware 100 Y and manages system resources.
- the kernel once loaded, displaces the OS 20 Z.
- the kernel 202 Y may be viewed either as displacing the OS 20 Z from the system level and taking this place itself, or as residing at a “sub-system level.”
- the kernel 202 Y When interposed between the OS 20 Z and the hardware 100 Y, the kernel 202 Y essentially turns the OS 20 Z into an “application,” which has access to system resources only when allowed by the kernel 202 Y. The kernel then schedules the OS 20 Z as if it were any other component that needs to use system resources.
- another interface is shown between the OS 20 Z and the kernel 202 Y for enabling the OS 20 Z to access the system hardware 100 Y. This second interface is shown with a solid line in FIG. 4 .
- the OS 20 Z may also be included to allow applications unrelated to virtualization to run; for example, a system administrator may need such applications to monitor the hardware 100 Y or to perform other administrative routines.
- the OS 20 Z may thus be viewed as a “console” OS (COS).
- the kernel 202 Y may also include a remote procedure call (RPC) mechanism to enable communication between, for example, the VMM 250 Y and any applications 40 Z installed to run on the COS 20 Z.
- RPC remote procedure call
- the kernel 202 Y handles the various VMM/VMs and the COS 20 Z as entities that can be separately scheduled, which are referred to as “worlds.”
- the worlds are controlled by a world manager, represented in FIG. 4 within the kernel 202 Y as module 212 Y.
- the kernel 202 Y may also include an interrupt/exception handler 214 Y that is able to intercept and handle interrupts and exceptions for all devices on the machine.
- the kernel 202 Y includes a system memory manager 210 Y that manages all machine memory that is not allocated exclusively to the COS 20 Z.
- the information about the maximum amount of memory available on the machine is available to the kernel, as well as information about how much of it is being used by the COS.
- Part of the machine memory is used for the kernel 202 Y itself and the rest is used for the virtual machine worlds.
- Virtual machine worlds use machine memory for two purposes. First, memory is used to back portions of each world's memory region, that is, to store code, data, stacks, etc. For example, the code and data for the VMM 250 Y is backed by machine memory allocated by the kernel 202 Y. Second, memory is used for the guest memory of the virtual machine.
- the memory manager may include any algorithms for dynamically allocating or deallocating memory among the different VMs.
- the kernel 202 Y is responsible for providing access to all devices on the physical machine. In addition to other modules that the designer may choose to load onto the system for access by the kernel, the kernel will typically load conventional drivers as needed to control access to devices. Accordingly, a module 240 Y containing loadable kernel modules and drivers is shown in FIG. 4 .
- the kernel 202 Y may interface with the loadable modules and drivers in a conventional manner, i.e., using an API or similar interface.
- a first virtualization barrier 280 V between the COS 20 Z and the VMs 300 Y and 300 Z, a second virtualization barrier 280 Y between the VMs 300 Y and 300 Z, and a third virtualization barrier 280 Z between the virtualization software 200 Y and the VMs 300 Y and 300 Z, as well as the COS 20 Z, are represented in FIG. 4 .
- the virtualization barriers 280 V and 280 Y may be substantially the same as the virtualization barrier 280 B of FIG. 2
- the virtualization barrier 280 Z may be substantially the same as the virtualization barrier 280 A.
- Most modern computers implement a “virtual memory” mechanism, as described briefly above, that allows user-level software to specify memory locations using a set of virtual addresses. These virtual addresses are then translated or mapped into a different set of physical addresses that are actually applied to physical memory to access the desired memory locations.
- the range of possible virtual addresses that may be used by user-level software constitutes a virtual address space, while the range of possible physical addresses that may be specified constitutes a physical address space.
- the virtual address space is typically divided into a number of virtual memory pages, each having a different virtual page number, while the physical address space is typically divided into a number of physical memory pages, each having a different physical page number.
- a memory “page” in either the virtual address space or the physical address space typically comprises a particular number of memory locations, for example, such as either a four kilobyte (KB) memory page or a two megabyte (MB) memory page in an x86 computer system.
- VPN virtual page number
- PPN physical page number
- TLB hardware translation lookaside buffer
- the classical virtual machine monitor provides each virtual machine (VM) with the “illusion” of being a dedicated physical machine that is fully protected and isolated from other virtual machines. To support this illusion, physical memory is virtualized by adding an extra level of address translation.
- machine address and “machine page number” (MPN) are herein used to refer to actual hardware memory.
- MPN machine page number
- physical memory is a software abstraction that presents the illusion of hardware memory to a VM. Address translation performed by a guest operating system in a VM maps a guest virtual page number (GVPN) to a guest physical page number (GPPN).
- GVPN guest virtual page number
- GPPN guest physical page number
- the VMM maintains a pmap data structure for each VM to store GPPN-to-MPN translations.
- the VMM also typically manages separate shadow page tables, which contain GVPN-to-MPN mappings, and keeps them consistent with the GVPN-to-GPPN mappings managed by the guest OS. As the hardware TLB caches direct GVPN-to-MPN mappings, ordinary memory references execute without incurring virtualization overhead.
- the memory 118 X ( FIG. 3 ) and the memory 118 Y ( FIG. 4 ) can also be referred to as “machine” memory. Where necessary, “machine” is used when needed to avoid confusion between “guest physical” and “physical,” as used in a virtual environment.
- FIG. 5 some of the functional units involved in the address mapping process described above will be described.
- the virtual computer system shown in FIG. 5 is a more abstract depiction that can represent either of computer systems 2 X, 2 Y of FIGS. 3 , 4 , respectively.
- System hardware 100 C includes an MMU 116 C, which further includes a TLB 117 C. It should be noted that elements with reference labels similar to those shown in FIGS. 3 and 4 have similar, if not the same, functionality.
- Virtualization software 200 B executes on the system hardware 100 C, and may be substantially the same as the virtualization software 200 X of FIG. 3 or the virtualization software 200 Y of FIG. 4 .
- the virtualization software 200 B includes a memory manager 256 B, part of the VMM (not shown), which further includes an address mapping module 220 B and a set of shadow page tables 222 B.
- the virtualization software 200 B supports a VM 300 C that includes virtual system hardware 310 C, which further includes an MMU 316 C, which may further include a virtual TLB (VTLB) 317 C, although the MMU 316 C may also be implemented without a virtual TLB.
- the VM 300 C also includes a guest OS 20 D and a set of one or more applications 40 G.
- the guest OS 20 D includes a set of guest OS page tables 22 D.
- the guest OS 20 D generates the guest OS page tables 22 D that map the guest software virtual address space to what the guest OS perceives to be the machine address space.
- the guest OS 20 D maps GVPNs to GPPNs.
- a guest application 40 G attempts to access a memory location having a first GVPN, and that the guest OS has specified in the guest OS page tables that the first GVPN is backed by what it believes to be a machine memory page having a first GPPN.
- the address mapping module 220 B keeps track of mappings between the GPPNs of the guest OS 20 D and the “real” machine memory pages of the machine memory within the system hardware 100 C. Thus, the address mapping module 220 B maps GPPNs from the guest OS 20 D to corresponding MPNs in the machine memory. Continuing the above example, the address mapping module translates the first GPPN into a corresponding first MPN.
- the memory manager 256 B creates a set of shadow page tables 222 B that are used by the MMU 116 C.
- the shadow page tables 222 B include a number of shadow page table entries (PTEs) that generally correspond to the PTEs in the guest OS page tables 22 D, but the shadow PTEs map guest software virtual addresses to corresponding machine addresses in the actual machine memory, instead of to the physical addresses specified by the guest OS 20 D.
- PTEs shadow page table entries
- the shadow PTEs in the shadow page tables 222 B provide mappings from GVPNs to corresponding MPNs.
- the shadow page tables 222 B would contain a shadow PTE that maps the first GVPN to the first MPN.
- the MMU 116 C loads the mapping from the first GVPN to the first MPN in the shadow page tables 222 B into the physical TLB 117 C, if the mapping is not already there. This mapping from the TLB 117 C is then used to access the corresponding memory location in the machine memory page having the first MPN.
- Embodiments of the present invention use cloaking to protect unmodified legacy applications running on unmodified commodity operating systems.
- Cloaking is a low-level primitive that operates on basic memory pages. Nearly all higher-level application resources, including code, data, files, and even Inter-Process Communication (IPC) streams, however, are already managed as memory-mapped objects by modern operating systems, or can be adapted as such. As a result, cloaking is sufficiently general to protect all of an application's major resources.
- IPC Inter-Process Communication
- embodiments of the present invention introduce, at load time, a shim program into the address space of each cloaked application, mediating all communication with the OS.
- the shim interposes on events such as system calls and signal delivery, modifying their semantics to enable safe resource sharing between a cloaked application and an untrusted OS.
- the shim manages a mapping of guest virtual addresses to “physical resources,” i.e., allocated memory that can be either file-backed or not.
- FIG. 6 An overview of the architecture of embodiments of the present invention is presented in FIG. 6 .
- a single VM 300 is depicted, consisting of a guest OS 20 together with multiple applications 40 , one of which is a cloaked application 40 C.
- a VMM 250 effectuates a cloaking virtualization barrier 280 C between the cloaked application 40 C and the guest OS 20 , similar to the barrier 280 the VMM 250 enforces between the guest OS 20 and host hardware 100 .
- a cloaked shim program 600 is provided into the address space of the cloaked application 40 C. The cloaked shim 600 cooperates with the VMM 250 to interpose on all control flow between the cloaked application 40 C and the guest OS 20 .
- an uncloaked shim 610 is provided and includes buffer space 612 to provide a neutral area for the guest OS 20 and cloaked application 40 C to exchange uncloaked data, as will be explained in more detail below.
- existing virtualization systems present a single view of guest “physical” memory, generally faithfully emulating the properties of real hardware.
- One-to-one GPPN-to-MPN mappings are typically employed, backing each guest physical page with a distinct machine page.
- Some systems implement many-to-one mappings to support shared memory, e.g., transparent page sharing maps multiple GPPNs, using copy-on-write, to a single MPN.
- existing virtualization systems do not provide flexible support for mapping a single GPPN to multiple MPNs.
- Multi-shadowing in accordance with embodiments of the present invention, is a mechanism that supports context-dependent, one-to-many GPPN-to-MPN mappings.
- multiple shadow page tables are used to provide different views of guest physical memory to different shadow contexts.
- the “context” that determines which view (shadow page table) to use for a particular memory access can be defined in terms of any state accessible to the VMM, such as the current protection ring, page table, instruction pointer, contents of a register, contents of a memory location, or some other criteria.
- a multi-shadow address mapping module 500 would have multiple entries having a context portion 502 identifying CONTEXT 1 and multiple mapping portions 504 - 1 , 504 - 2 , 504 - 3 .
- FIG. 7 shows multiple physical address mapping modules 500 , 500 ′, 500 ′′ that correspond with the multiple shadow page tables, with the address mapping modules providing GPPN-to-MPN mappings and the shadow page tables providing corresponding GVPN-to-MPN mappings.
- a multi-shadow address mapping module 500 would have multiple entries having a context portion 502 identifying CONTEXT 1 and multiple mapping portions 504 - 1 , 504 - 2 , 504 - 3 .
- a first guest physical page (GPPN 1 ) is mapped to a first machine page MPN 1 for CONTEXT 1 but is mapped to a different machine page MPN 4 for CONTEXT 2 as shown in multi-shadow address mapping module 500 ′.
- a first multi-shadow page table (not shown) for CONTEXT 1 , corresponding to the address mapping module 500 , the GVPN that maps to GPPN 1 would be mapped to MPN 1
- a second multi-shadow page table (not shown) for CONTEXT 2 , corresponding to the address mapping module 500 ′, the GVPN that maps to GPPN 1 would be mapped to MPN 4 .
- an MMU walks page tables in hardware, therefore multiple separate page tables—generally one for each context—are implemented.
- Multi-shadowing offers an additional dimension of protection orthogonal to existing hierarchies, enabling a wide range of unconventional protection policies.
- embodiments of the present invention allow a guest OS to perform the tasks of application memory management, without allowing the guest OS to observe the actual memory contents.
- Multi-shadowing ensures that the guest OS or other processes cannot view cloaked code and data in plaintext.
- coordination is provided when, for instance, the kernel needs to swap out memory occupied by the cloaked data to disk, as well as for other operations related to cloaked memory and files.
- some embodiments of the present invention do not rely on the guest kernel using virtual DMA or other mechanisms that can be tracked by the VMM to perform swap and file I/O operations. If the kernel did not use DMA to implement these operations, without the advantages of some embodiments of the present invention, it would be difficult and expensive to track cloaked data using existing hardware and software techniques.
- some embodiments of the present invention include integrity verification, as described below.
- the kernel can corrupt application memory by modifying random bits of any cloaked memory page, and any such corrupted data may be detected before the application attempts to use it. Without integrity verification, an application could behave unexpectedly if using changed data, possibly leading to compromises that exploit such unexpected execution of the program to leak cloaked data.
- Cloaking combines multi-shadowing with encryption, presenting different views of memory—plaintext and encrypted—to different guest contexts.
- Some embodiments of the present invention that implement virtualization-based cloaking do not require any changes to the processor architecture, OS, or applications. Cloaking based on multi-shadowing represents a relatively small change to the core MMU functionality already implemented by a VMM. As an overview, cloaking will be described using a high-level model. Metadata management and integration with existing systems are presented below.
- each GPPN uses only a single MPN, and dynamically encrypts and decrypts its contents depending on the context currently accessing the page. This works well because few pages are accessed simultaneously by both the application and the kernel in practice. As an alternate embodiment, two read-only copies of the page could be maintained, one encrypted, and one plaintext, for pages that are read concurrently from both contexts.
- the VMM When a cloaked page is accessed from outside the shadow context to which it belongs, the VMM first encrypts the page, using a fresh, randomly-generated initialization vector (IV), then takes a secure hash (H) of this ciphertext.
- An initialization vector is commonly used in cryptography so that two chunks of data, e.g., two pages with the same contents, do not each encrypt to the same ciphertext. As an example, if two identical pages are encrypted, and an IV is not used—then each will encrypt to the same ciphertext, and an attacker will know that the two encrypted pages have the same contents. This information can be used to mount a “known plaintext” attack.
- the IV is appended to (or XOR'd with, or combined in some way with) the plaintext before it is encrypted.
- each will encrypt to a different ciphertext, assuming that the same encryption key is used.
- the pair (IV, H) is stored securely for future use.
- the correct hash is first verified. If verification fails, the application may be terminated. If it succeeds, the cloaked page is decrypted, and execution proceeds as normal. By checking the hash before decryption, any attempts to corrupt cloaked pages will be detected.
- a method 400 in accordance with one embodiment of the present invention is presented.
- a request for access to a cloaked page CP
- step 402 a request for access to a cloaked page (CP) is received, e.g., through an attempted memory access.
- step 403 it is determined if the CP is plaintext or encrypted. If plaintext, control passes to step 404 , where it is determined whether or not the requester belongs to the shadow context for the CP. If the requester does belong to the shadow context, control passes to step 406 where the CP is mapped into the requester's shadow mapping.
- step 405 If, on the other hand, the requester is not a member of the shadow context for the requested CP, control passes to step 405 where the page is unmapped from the application shadow.
- An initialization vector (IV) is randomly generated, step 408 , and the CP is encrypted using the IV, step 410 , to create a ciphertext.
- a hash value (H) is generated for this ciphertext, step 412 .
- the (IV, H) pair is securely stored to correspond with the CP, step 414 .
- step 416 the ciphertext is mapped into the requester's shadow mapping.
- a new hash (NH) value is calculated for the CP, step 424 , and compared to the hash H in the retrieved (IV, H) pair, step 426 . If NH is not the same as H, control passes to step 428 where a fault condition is asserted. If NH is the same as H, then CP is decrypted using IV, step 430 , and decrypted CP is mapped into the requestor's shadow mapping, step 432 .
- a single secret key K VMM managed by the VMM is used to encrypt all pages, as will be described below in more detail.
- the encryption uses AES-128 (Advanced Encryption Standard) in CBC (Cipher-Block Chaining) mode, and hashing uses SHA-256 (Secure Hash Algorithm); both are standard constructions.
- AES-128 Advanced Encryption Standard
- CBC Cipher-Block Chaining
- hashing uses SHA-256 (Secure Hash Algorithm); both are standard constructions.
- SHA-256 Secure Hash Algorithm
- An alternate embodiment of the present invention implements an integrity-only mode of operation.
- the concern is not about the privacy of the data, so the application data is in plaintext, i.e., not encrypted.
- the IV which is used for encryption/decryption, as above, is not needed.
- a secure hash H In “integrity only” mode, the focus is on only detecting tampering, and thus should need only the secure hash.
- a secure hash H other cryptographic authentication methods could be used, e.g., a message authentication code (MAC), as known to those of skill in the art.
- MAC message authentication code
- a secure hash H or MAC is used to protect the integrity of encrypted page contents; if a cloaked page is corrupted, its MAC will change, therefore allowing the modification to be detected.
- FIG. 9 presents a state transition diagram 450 for managing, i.e., maintaining, the secrecy and integrity of a single cloaked page.
- Application reads R A and writes W A manipulate plaintext page contents while kernel reads R K and writes W K use an encrypted version of the page.
- the secure hash H is computed and stored immediately after page encryption and verified immediately prior to page decryption.
- the VMM When the cloaked page is accessed (R K , W K ) via the system shadow transition 1 , the VMM unmaps the page from the application shadow, encrypts the page, generates an integrity hash, and maps the page into the system shadow.
- the kernel may then read the encrypted contents, e.g., to swap the page to disk, and may also overwrite its contents, e.g., to swap in a previously-encrypted page.
- the VMM When the encrypted page is subsequently accessed (R A W A ) via the application shadow transitions 2 or 3 , the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page into the application shadow. For an application read R A transition 3 , the page is mapped read-only and its (IV, H) pair is retained. If the page is later written W A by the application, transition 4 , the (IV, H) pair is discarded, and the page becomes readable and writable. If the page is instead accessed (R K , W K ) by the kernel, transition 5 , the VMM proceeds as in transition 1 , except that the hash H for the (unmodified) page is not recomputed. Returning to transition 2 , for an application write W A , the (IV, H) pair is discarded as in transition 4 , and the page remains readable and writable.
- the read-only plaintext state where the (IV, H) pair is retained, is generally required to correctly handle the case where the kernel legitimately caches a copy of the encrypted page contents. For example, consider the case where the kernel swaps a cloaked page to disk, which is later paged in due to an application read, and then swapped out again before the application modifies it. The kernel can optimize the second page-out by noticing that the page is not dirty, and simply unmap the page without reading it because the on-disk swapped copy would still be valid. If the (IV, H) pair has been discarded, it would not be possible to decrypt the page after it is swapped back in.
- Cloaking is compatible with copy-on-write (COW) sharing of identical pages, i.e., those with identical contents, such as described in U.S. Pat. No. 6,789,156 to Waldspurger, “Content-Based, Transparent Sharing of Memory Units” (“the '156 patent”).
- COW copy-on-write
- a plaintext MPN can be shared transparently between VMs or within a single VM.
- Plaintext pages can be shared transparently, and page encryption is handled like a COW fault.
- a private MPN is allocated to store the encrypted version of the GPPN.
- Cloaking is also compatible with virtual devices that access guest memory using DMA. For example, suppose the guest kernel performs disk I/O on a cloaked memory page via a virtual SCSI adapter. For a disk read, the cloaked page contents are already encrypted on disk, and the VMM simply permits the kernel to issue a DMA request to read the page.
- the action taken by the VMM depends on the current state of the cloaked page. If the page is already encrypted, the VMM allows the DMA to be performed directly.
- the VMM When the page is in the plaintext read-only state, the VMM first encrypts the page contents with its existing (IV, H) into a separate page that is used for the DMA operation. Similarly, if the page is in the plaintext read-write state, the VMM encrypts its contents into a separate page used for the DMA operation. The cloaked page then transitions to the read-only plaintext state, and is associated with the newly generated (IV, H). Note that in both plaintext states, the original guest page is still accessible in plaintext form to the application because a transient encrypted copy is used during the actual DMA.
- Embodiments of the present invention introduce OS-neutral abstractions for cloaking both persistent and non-persistent resources, such as files and private memory regions.
- memory mapped data for both file-backed and “anonymous” memory regions, must be managed.
- protection metadata such as (IV, H) pairs, must be managed to enforce privacy and integrity, ordering, and freshness (to prevent rollback).
- the VMM manages the protection metadata in memory and uses it to encrypt/decrypt and check the integrity and ordering of protected data
- the cloaked shim manages a mapping of “physical resources,” i.e., allocated memory (either file-backed or not) virtual addresses within a given application address space, thus permitting a mapping between (IV, H/MAC) pairs and physical pages to be established for use by the VMM.
- An unprotected guest OS updates the cryptographic metadata for protected files as protected data and protection metadata are both stored in the guest OS.
- the unprotected guest OS is only involved in persisting metadata, e.g., storing protection metadata for on-disk file and an associated on-disk metadata file.
- FIG. 10 An overview of the components involved in metadata protection is presented in FIG. 10 . The description to follow begins by examining how metadata is stored, how protected objects are mapped to metadata, and then describes how the metadata is used to enforce protection.
- Each cloaked resource such as a file or an anonymous memory region, is associated with a unique 64-bit resource identifier (RID) in one embodiment of the present invention.
- RID resource identifier
- Each RID has a corresponding resource metadata (RMD) object that stores metadata needed to decrypt, check integrity, and preserve ordering.
- RMD resource metadata
- an RMD object is an ordered set of (IV, H) pairs, one per encrypted page, addressed by a 32-bit resource page number (RPN).
- An RMD object is an abstraction that serves as a container for the protection metadata where each resource has a corresponding metadata object.
- An RMD object is a logically contiguous addressable object that may be created, truncated, extended or deallocated.
- an RMD is applied to different types of resources: files; and anonymous memory regions.
- the RID may be a large integer that uniquely identifies the resource, for example, an integer corresponding to the ⁇ device_id, inode> of a file in the file system. In one embodiment, this is a 64-bit value consisting of 32 bits for the inode and 32 bits for the device_id. On a local filesystem, it is expected that this is sufficient to allow the RID to uniquely identify the file with which it is associated, even in light of renaming, etc.
- the RID for a file is constructed from its device and inode numbers. There is, however, no protection for file system metadata; consequently, a malicious OS could swap inputs on an application.
- a secure namespace can be provided associating pathnames with (RID, MAC) pairs. This could be implemented by employing a protected daemon or shared file, which would be updated on file operations such as rename, create, and unlink.
- MDC metadata cache
- the MDC is composed of a collection of all RMDs in use by all address spaces in the system and the MDC can be seen as a collection of objects indexed by RID.
- an entry has the form:
- dirty_bit indicates if metadata has been modified, and must be written out upon eviction from the cache
- ref-count indicates a number of applications using this resource (it is noted that each application should not indicate more than once that it is using a resource;)
- meta_data is a set of (IV, H/MAC) tuples.
- an RMD object is implemented using a per-RID data structure, which may be referred to as a metadata translation table, and which supports a sparse resource address space.
- a per-RID data structure which may be referred to as a metadata translation table, and which supports a sparse resource address space.
- a three-level data structure similar to a page table is indexed by offset (in units of 4K pages).
- this three-level data structure implementation supports a large amount of cloaked file contents. For example, if each ⁇ IV, H/MAC> tuple consumes 256 bits (32 bytes), then a single 4K leaf page can store 128 tuples. A single 4K directory page can store pointers (MPNs) for 1 K leaf pages. A top-level array of root pages is then used to index into the directory pages. Each root page can store pointers (MPNs) for 1 K directory pages, covering up to 128M tuples, enough for 512 GB of cloaked file contents.
- MPNs pointers
- IDT interrupt descriptor table
- the OS kernel typically registers a routine for each fault/interrupt type, which is invoked in kernel-mode when the corresponding fault/interrupt occurs.
- Traditional hardware delivers hardware interrupts and faults to a kernel-mode handler.
- user-mode programs must specify handlers for resolving user-level exceptions through a “signal” delivery interface defined and mediated by the OS.
- the VMM uses cached virtual-address mapping information for a cloaked user-mode process or application to resolve shadow page table page faults and perform corresponding encryption and decryption operations while running the application process in cloaked mode.
- This VMM-managed software cache is referred to as a “metadata lookaside buffer” (MLB), analogous to the hardware TLB in modern processors, and will be described below in more detail.
- MLB metadata lookaside buffer
- the content of the cloaked virtual memory of a cloaked process is protected by the VMM using protection metadata and associated metadata translations.
- This data needs to be available to the VMM any time the VM is executing in cloaked mode. For example, when a cloaked process touches a page that was not mapped in the shadow page table, the VMM needs to determine whether the page is cloaked, and if it is cloaked, which protection metadata (e.g., IV and Hash/MAC) the VMM should use to decrypt and verify the integrity of the page.
- the VMM can access the metadata translation table and then look up the corresponding ⁇ IV, H/MAC> from the metadata cache, as described below.
- the protection metadata cache in the VMM holds all metadata used by a running cloaked process, and is thus directly accessible by the VMM.
- the metadata translation table is not directly accessible by the VMM. Instead, the VMM caches a subset of the metadata translations in the Metadata Lookaside Buffer MLB.
- the VMM need not be notified. Only when an entry is needed by the VMM, the VMM makes an “MLB upcall” through the user-level exception mechanism to invoke a handler in the shim.
- Embodiments of the present invention provide a control-transfer mechanism to perform an “upcall” from the VMM directly to a guest user-mode handler, without involving the guest OS kernel.
- the VMM saves the faulting context and switches contexts to run the shim's MLB miss handler in guest user-mode.
- the shim Upon completing the handler, the shim returns to the previously-faulted context and continues execution.
- faults/upcalls are “invisible” to the OS kernel in that the data or information is never available to the guest OS in cleartext. All other architecturally-defined hardware faults or interrupts can be delivered to and processed by the guest kernel independently.
- Access control and sharing for cloaked resources are determined by a unique security identifier (SID) that identifies a protection domain or execution context.
- SID unique security identifier
- a SID is associated with an application instance, which may contain multiple processes. Processes with the same SID have common access to cloaked resources.
- the address space for a cloaked process is identified by a unique address space identifier (ASID) 472 , as shown in FIG. 10 , that defines its shadow context. Portions of multiple cloaked resources are typically mapped into the guest virtual address space associated with a given ASID.
- ASID unique address space identifier
- the VMM maintains a per-ASID cache of resource mappings in its virtual address space, i.e., the metadata lookaside buffer MLB 474 .
- the MLB 474 is used to map a virtual address to a resource.
- An MLB entry has the form (start, end) ⁇ (RID, RPN), where start and end denote the virtual address range into which the resource is mapped, RID denotes the resource being mapped, and RPN denotes the first RPN in the mapping. For example, if file “foo.txt” has RID 4, and its third page (starting from 0) is mapped into the first GVPN in the virtual address space, this would be modeled as (0, 4096) ⁇ (4, 2).
- a shim program 476 is responsible for keeping a complete list of resource mappings for both cloaked and uncloaked memory and updating the MLB 474 whenever there is a change.
- the shim 476 resides in the same guest virtual address space, and interposes on all calls that modify it, such as mmap, munmap, and mremap in Linux.
- the VMM implementation is OS-neutral.
- the VMM performs an upcall into the shim to obtain the required mapping, and installs it in the MLB 474 , illustrated by the miss action in FIG. 10 .
- the mappings for the shim 476 itself are pinned in the MLB 474 , preventing recursion. Note that if the MLB has an incorrect mapping, it generally fails-closed. If the MLB 474 maps the wrong range of memory for a RID, or if the MLB 474 maps an uncloaked range as cloaked, then encryption or decryption will fail, or the application will end up accessing ciphertext, also causing it to fail. It is believed that failing closed is a better result than continuing operation on what might be faulty data.
- the VMM first pushes the registers of the running cloaked process onto the top of an upcall register stack 604 in a cloaked thread context (CTC) 602 and then changes the guest VM's Instruction Pointer (IP), stack pointer (SP) and other general registers 606 with proper arguments to run the “MLB upcall”.
- the “MLB upcall” handler installs the entry requested by the VMM through hypercalls and then issues a “return-from-upcall” hypercall to return to the VMM.
- the VMM then pops the registers from the upcall register stack 604 and resumes cloaked application execution. Note that recursive upcalls can be supported up to the memory limit of the “upcall register stack” in the CTC.
- the user-mode “MLB upcall” handler While the user-mode “MLB upcall” handler executes, it may still trap into the guest kernel through guest page faults, system calls and guest hardware interrupts. From the perspective of the guest kernel, it cannot observe that the upcall handler is being executed. In fact, the guest kernel cannot observe any code executed in cloaked mode. From the perspective of the application, it would not detect that the handler has been executed either. This is because the execution of the handler is atomic with respect to user-mode application code execution. This is achieved by delaying all signals delivered to the application thread from the guest kernel until the upcall returns and the application code is resumed. The MLB handler would not touch the memory (including shim's and app's) that would cause the same upcall to be delivered as it would result in an infinite number of upcall deliveries. In this context, the MLB handler would only touch those memory whose VPN ⁇ >RPN pairs are “pinned” in the VMM's MLB to avoid another upcall to the MLB handler.
- the “VMM to guest user-mode” upcall mechanism can also be applied to use cases outside the scope of protection of cloaked application data as provided by embodiments of the present invention described herein. For example, traditionally a divide-by-zero exception caused by an application is delivered to the kernel. The kernel then delivers a signal to a user-mode handler in the application. With the above-described user-mode upcall mechanism, the CPU can directly invoke the user-mode handler for divide-by-zero. As another example, an application that attempts to dereference a NULL pointer typically results in a page fault generated by the hardware MMU and handled by the OS kernel, which in turn generally delivers a signal to a user-level handler in the application. In a virtualized system, the user-mode handler can be directly invoked, without guest OS involvement. User-mode programs could make use of this feature to implement new programming algorithms.
- VMM-mediated upcall variants are also possible.
- another upcall mechanism is used to transfer control to the shim when a cloaked application makes a system call.
- the system call is intercepted by the VMM and execution control is transferred to a user-mode handler routine registered by the shim.
- the system calls made by the application may be transparent to the guest kernel.
- This control transfer is also completely transparent to the application, as the application does not need to know that the system call has been intercepted by the shim. This allows the application to run under protection of embodiments of the present invention without being modified or recompiled.
- the ability to redirect a trap to guest user-mode code allows for the redirection of system calls to handlers in the shim without dynamic VMM intervention.
- the VMM stores the (RID, RPN) pair used for each decryption with the associated GPPN in the existing VMM pmap structure which stores GPPN-to-MPN translations.
- the guest kernel accesses a cloaked page
- its GPPN is known, but its ASID and GVPN may not be known.
- the access could originate from any guest context, e.g., during a virtual DMA operation. If the page is already encrypted, then the memory access proceeds normally, without any VMM intervention.
- the access will fault into the VMM because it is not mapped in the current shadow. If the page is writable, the VMM generates a new random IV; for a read-only page, the existing IV is re-used. The VMM then encrypts the page contents, and computes a secure hash H over the encrypted contents. It stores the resulting (IV, H) pair in the MDC 470 , at the (RID, RPN) pair previously associated with the GPPN in the pmap during its last decryption. The page is then zapped and mapped into the current shadow, and the original kernel access is allowed to proceed.
- the MDC 470 also provides operations to facilitate support for address space cloning, such as clone or fork operations in Linux.
- address space cloning such as clone or fork operations in Linux.
- COW copy-on-write
- each of the parent's private RMD objects is cloned eagerly for the child, by copying all of its existing metadata entries, and assigning it a new RID. This ensures that metadata for any pages encrypted prior to the fork remain available to the child, even if the parent later modifies them.
- the solution implemented by one embodiment of the present invention is to mirror the application's process tree in the MDC 470 ; each RMD object has pointers to its parent, first child, and next sibling RMD objects, if any.
- the MDC 470 also maintains a global 64-bit version number that is incremented on every RMD creation and page decryption.
- a version is stored with each RMD object and set to the global version when it is created.
- a version is stored along with the (RID, RPN) pair in the pmap for each GPPN and set to the global version each time it is decrypted.
- Resources are either persistent or non-persistent. When a resource is not in use by any process, its respective RMD object is removed from the cache.
- RMD objects associated with non-persistent memory regions e.g., application stack, data, or anonymous shared memory, can be discarded when no longer in use.
- RMD objects associated with persistent content such as file-backed memory regions, must generally be saved to disk.
- persistent RMD objects are stored as metadata files in the guest. Metadata file integrity is protected by a message authentication code (MAC), computed using a key derived from the VMM's secret key K VMM, and stored in the file.
- MAC message authentication code
- HMAC Hash Message Authentication Code
- each allocated resource has an associated RID that the shim uses to refer to the object.
- the shim attempts to maintain a one-to-one correspondence between the metadata address space of the resource, by RID/offset, and the in-memory data in an application address space to be able to offer the appropriate virtual to resource address translations for use by the VMM.
- the shim does not need to track (IV, H/MAC) pairs as it manages a per-application mapping of VPN to RPN.
- a 128-bit generation number is also written to the metadata file, and protected by the MAC.
- the VMM checks this number against a master list of valid generations when the file is loaded. This number is stored in the MDC 470 as part of the RMD object. Just prior to eviction, it is incremented in both the RMD and master list.
- the master list is stored in the guest, protected by a MAC and its own counter which is stored outside of the guest by the VMM.
- RMD objects are written to metadata files by a file daemon 478 .
- the daemon 478 communicates with the VMM via a hypercall interface, polling for metadata that should be evicted from the MDC 470 and persisted to disk.
- the daemon extracts the metadata for all of its valid RPNs, obtains their respective MAC as generated by the VMM, commits everything to disk, and finally evicts the RID from the MDC 470 ; refer to the evict action in FIG. 10 .
- the daemon 478 is not trusted and all data it handles is protected cryptographically.
- the daemon 478 were compromised, only system availability would be lost but data privacy and integrity would be maintained.
- a main task of the daemon is to provide access to the guest file system by the VMM.
- the VMM may update the contents of the protection metadata files.
- the daemon may periodically poll the VMM to determine if there are any updates that are needed and, if so, the daemon will read a complete metadata file from the VMM and then write the data to the file associated with that RID.
- the metadata files are updated when metadata has been modified and that file is no longer being used or by virtue of periodic writebacks implemented to improve system consistency.
- SIDs provide a basic primitive for identifying subjects
- RIDs provide a basic primitive for identifying objects.
- One implementation may start with a model that assumes mutual trust between all parts of an application and dynamically assigns SIDs at startup.
- all encryption is performed using a single set of encryption and MAC keys.
- key management and access control in embodiments of the present invention are orthogonal.
- the VMM arbitrates who is allowed to access what resources, regardless of the key with which it was encrypted. Additional keys could be added to support delegation of administrative tasks, e.g., one key per RID would allow different parties to package its own sets of encrypted files outside of the VM.
- embodiments of the present invention provide several abstractions.
- a way of naming objects by assigning each cloaked object a unique resource identifier (RID) is provided.
- RID unique resource identifier
- VMA virtual memory area
- RMD resource metadata
- Embodiments of the present invention keep an identifier for each protection domain known as a security identifier (SID) and each shadow context, i.e., address space, has a corresponding ASID.
- SID security identifier
- the shim is responsible for managing transitions between the cloaked application and the operating system. It uses an explicit hypercall interface for interacting with the VMM, i.e., a secure communication mechanism between the guest and the VMM. This arrangement allows relatively complex operations, such as OS-specific system call proxying, to be located in user-mode shim code, instead of the VMM. It also facilitates extensibility, providing a convenient place to add custom functionality without modifying the VMM.
- each of the uncloaked shim 610 and the cloaked shim 600 consists of its own distinct code, data and stack space.
- Each application thread has its own shim instance, and all thread-specific data used by the shim is kept in thread-local storage, preventing conflicts between different instances.
- the uncloaked shim 610 contains buffer space 612 that provides a neutral area for the kernel and application to exchange uncloaked data.
- Trampoline code 614 facilitates transitions from the guest OS to cloaked code.
- Nothing in the uncloaked shim 610 is trusted or necessary for protection. As a worst case result, the application will crash if either the uncloaked shim code or data becomes corrupted and will have to be restarted.
- Uncloaked code is allowed to invoke operations to initialize a new cloaked context (used to bootstrap). It can also make calls to enter and resume cloaked execution. As control can be transferred only to a cloaked context, these calls can be initiated safely by untrusted code.
- Cloaked code can make hypercalls to cloak new memory regions, unseal existing cloaked data, and access other useful interfaces, such as metadata cache operations.
- the shim issues a hypercall with a pointer to itself and protection metadata containing hashes for all pages associated with cloaked code and data as described above.
- the VMM uses this metadata to verify its integrity, as the cloaked shim will have access to the address space of the cloaked application.
- the shim must be trusted, i.e., not malicious to the application.
- the call to create a new context also takes a pointer to a portion of thread-local storage in which the VMM can setup a new CTC. Once this setup is complete, the VMM transfers control to start execution in the cloaked shim.
- the cloaked shim then runs its loading routine, which reads an executable and loadable format (ELF) binary, and maps appropriate sections into memory.
- ELF executable and loadable format
- the shim performs hypercalls to cloak their corresponding virtual memory ranges.
- the loader program is prepended to the exec call so that the new program will also be cloaked.
- the VMM needs a reliable procedure for identifying each cloaked process uniquely and precisely in order to locate the resources associated with the process inside the VMM. Such identification is difficult without the assistance or knowledge of the guest OS, even though the VMM can observe all instructions executed and the contents of all guest registers and memory.
- the VMM To switch between shadow page tables, the VMM employs a procedure for identifying shadow contexts uniquely. Correct identification requires accounting for the fact that contexts are associated with guest-level process abstractions, and scheduling is controlled by the OS, not the VMM. For example, the guest kernel may switch contexts while handling a fault or system call.
- VMM tracking of guest-level processes such as monitoring assignments to the current page table root work fairly well, but are not foolproof.
- Other approaches such as accessing a guest OS state at fixed kernel addresses, e.g., the Linux current pointer, is a fragile approach, however, as it assumes knowledge of kernel internals and address space layout, which may differ between OS releases.
- the VMM could store identifying information, e.g., a context identifier, at some user-level fixed virtual address.
- This approach is fragile in a situation where the virtual page containing the identifier is not pinned in physical memory as the guest kernel may page it out, and the VMM cannot then page it back in without guest kernel cooperation.
- Address space layout conflicts and potential aliasing between identifier values and data in uncloaked applications present additional problems. Still further, these approaches cannot be guaranteed to work in the presence of an adversarial OS.
- Embodiments of the present invention use a shim-based technique for managing identity that does not depend on information about kernel internals, and does not require the use of pinned memory.
- the shim resides within the application virtual address space, its memory is managed normally by the kernel, and is reclaimed automatically when the application terminates.
- the VMM detects when the execution control transfers from the cloaked process to the guest kernel, and the VMM saves the original instruction pointer IP and other registers in the context structure. Then the VMM changes the IP and registers so that the cloaked process resumes execution from a “self identifying” hypercall. The hypercall then identifies the cloaked process to the VMM and the VMM restores the original IP and other registers.
- the VMM maintains a separate shadow context for each application address space, for which it assigns a unique ASID.
- Each address space may contain multiple threads, each with its own distinct CTC.
- the shim When the shim begins execution, it makes a hypercall to initialize its CTC. During this initialization, the VMM writes the ASID and a random value into the CTC, and returns the ASID to the caller.
- the ASID value is not protected, and can be used by the uncloaked shim. However, since the CTC is cloaked, the random value is protected, and cannot be read by the uncloaked shim.
- the uncloaked shim passes arguments to the VMM containing its ASID, and the address of its CTC.
- the hypercall handler verifies that the CTC contains the expected random value, and also that its ASID matches the specified value. Note that the CTC resides in ordinary, unpinned application virtual memory. If the hypercall handler finds that the GVPN for the CTC is not currently mapped, it returns a failure code to the uncloaked shim, which simply touches the page to fault it back into physical memory, and then retries the hypercall.
- FIG. 11 illustrates the flow of control for handling a fault from a cloaked application, involving the application, its associated shim, the guest kernel, and the VMM.
- the procedure for handling a virtual interrupt is essentially identical.
- the fault occurs in step 1 , and control is transferred to the VMM.
- the VMM saves the contents of all application registers to the CTC in the cloaked shim.
- the VMM then zeros out the application's general-purpose registers to prevent their contents from being leaked to the OS.
- the return instruction pointer IP and stack pointer SP registers are modified to point to addresses in the uncloaked shim, setting up a simple trampoline handler to which the kernel will return after servicing the fault.
- the VMM transfers control to the kernel.
- the kernel handles the fault as usual in step 3 , and then returns to the trampoline handler in the uncloaked shim set up in step 2 .
- this trampoline handler performs a self-identifying hypercall into the VMM to resume cloaked execution.
- the VMM restores the registers saved in step 2 , and returns control to the faulting instruction in the cloaked application.
- the active shadow page table is switched when transitioning between uncloaked and cloaked contexts.
- Two shadow page table switches are used to handle a fault in each of steps 2 and 5 .
- the first switch from the application shadow to the kernel shadow, occurs when the VMM transitions to the kernel in step 2 .
- the second switch from the kernel shadow to the application shadow, is performed when the VMM transitions back to the cloaked application in step 5 .
- the VMM does not manage the shim when it is running in the uncloaked mode as the shim does not need to access the resources maintained by the VMM.
- the VMM treats the shim in the same manner as any other process.
- the CTC prevents the guest kernel from misrepresenting identity.
- the VMM verifies the identity by comparing the value located in the CTC against the value saved or stored in the VMM for the corresponding process. Once verified, the cloaked application is able to access existing pages mapped by the shadow page table that correspond to the process. In other applications, if the guest kernel is trusted, the CTC is not needed.
- the identification mechanism can still be used to identify execution in the process.
- FIG. 12 depicts the flow of control for handling a system call from a cloaked application, involving the application, its associated shim, the guest kernel, and the VMM.
- the transitions involved in performing a system call are a superset of the transitions presented for handling a fault as presented in FIG. 11 .
- the cloaked application performs a system call, step 1 , and control is transferred to the VMM.
- the VMM saves, step 2 , the contents of all application registers to the CTC in the cloaked shim.
- the IP is set to an entry point in the cloaked shim corresponding to a system call dispatch handler; similarly, the SP is set to a private stack in the cloaked shim for executing this handler.
- the VMM redirects control to the dispatch handler in the cloaked shim.
- the cloaked dispatch handler performs, step 3 , any operations required to proxy the system call on behalf of the application. For some system calls, this may involve marshalling arguments, copying them to a buffer in the uncloaked shim.
- the dispatch handler then reissues the system call, substituting the marshalled arguments in place of the original application-specified values.
- the VMM again intercepts the system call.
- the VMM saves, step 4 , the contents of all application registers in the CTC.
- the CTC contains two distinct register save areas: one for the application registers saved previously in step 2 , and one for the shim registers saved in this step.
- the VMM then scrubs the contents of any application registers that are not required by the kernel system call interface.
- the return IP and SP are modified to point to addresses in the uncloaked shim, setting up a simple trampoline handler to which the kernel will return after executing the system call.
- the VMM transfers control to the kernel.
- the kernel executes the system call as usual in step 5 , and then returns to the trampoline handler in the uncloaked shim set up in step 4 .
- the trampoline handler performs, step 6 , a self-identifying hypercall into the VMM to enter cloaked execution.
- step 7 the VMM restores the shim registers saved in step 4 , and resumes execution in the cloaked dispatch handler.
- the cloaked dispatch handler continues execution, step 8 , performing any operations required to finish proxying the system call. For some calls, this may involve unmarshalling result values, and copying them into cloaked application memory.
- the dispatch handler then performs a hypercall into the VMM, requesting resumption of the cloaked application.
- the VMM restores, step 9 , the application registers saved in step 2 , and returns control to the instruction after the original system call in the application.
- the VMM can generally access the guest's physical memory without involving either the guest OS or applications. If the VMM needs to access the virtual memory of a user-level process and this virtual memory is not mapped into the physical address space, however, the VMM will not be able to access it. In one embodiment of the present invention, this issue is addressed by providing the hypercall interface with the ability to force the guest OS to page in required virtual memory pages and atomically transition into a mode such that subsequent accesses from the VMM will succeed.
- the hypercall protocol for the user-level code in a VM receives an error indicating that a particular page is not currently mapped in the virtual address of the application.
- the application may access the virtual address to force it to be paged in by the guest OS and then it can retry the hypercall. Multiple retries of the hypercall are possible if multiple virtual pages are needed to be paged in and the VMM will only process the hypercall if all pages are mapped in the page table.
- the hypercall protocol is only visible to the shim library code, and thus is transparent to the application.
- the traditional system call interface between an application and an OS kernel accepts virtual addresses from the application as arguments, and pages in the application memory if it is not currently backed by machine memory. It would only return an error if the virtual address passed in from the application is not valid.
- the VMM can access a guest virtual address if the virtual address is mapped to a guest physical address as specified in the guest page table or cached in the virtual TLB. If the virtual address is not mapped, it will not have access to it. If the virtual address access by the VMM is for emulating a guest instruction, it would generate a virtual hardware fault and transition the guest execution to the fault handler.
- the shim application communicates with the VMM through this hypercall interface.
- Some hypercalls pass in memory buffer arguments to the VMM, with the intent that the VMM will read from the specified memory buffer, and/or write to it.
- the hypercall that launches the cloaked mode always passes in the CTC as an argument, therefore, as long as the application is executing in the cloaked mode, the CTC is always accessible by the VMM so that the VMM can write the VCPU context to the CTC when a virtual interrupt or fault occurs.
- one embodiment of the present invention provides a method for assuring that a memory buffer needed by a guest application is currently mapped.
- the VMM handles the hypercall by intercepting (step 552 ) the hypercall instruction and examining (step 554 ) the VCPU registers to determine the hypercall command and arguments. If (step 556 ) one or more of the arguments is a virtual address indicating a location of the memory buffer, the VMM checks (step 558 ) whether or not the memory buffer is mapped in the guest page table.
- an argument may be a pointer, i.e., a virtual address, to a parameter in memory, not necessarily a specific memory buffer, and the VMM reads the contents of that parameter in memory. Further, the VMM knows which arguments are pointers based on the hypercall command, i.e., the VMM does not depend on the particular value that is passed. There are several possible ways of checking this, for example, the VMM may walk the guest's page table to determine whether an application virtual address is mapped into guest physical memory.
- NPT nested page tables
- AMD e.g., AMD “NPT” (as known as RVI or Rapid Virtualization Indexing) or Intel “EPT” (Extended Page Tables)
- the hardware may generate a fault if the guest page table does not have the page mapped.
- the VMM may try to access the guest virtual address directly using the shadow page table that partially contains guest virtual address mappings to avoid a page walk. In NPT or EPT, such optimization is not possible.
- the VMM finds that the memory buffer is not currently mapped or it does not have the correct permissions to access the memory, the VMM returns an error and the faulting address (step 560 ) to the hypercall caller through registers, without actually performing the hypercall.
- the application receiving the error return value attempts to access(step 562 ) the memory, which causes a page fault to be delivered to the guest OS.
- the guest OS resolves the page fault by paging in the page or changing the permission on the page. For example, if the memory was mapped read-only, such as if the memory is copy-on-write, and the VMM needs to write to it, the application would need to write to the memory buffer so that the guest kernel would make the page writeable. Then the application asserts the hypercall to the VMM again (step 550 ).
- step 558 if the memory buffer is mapped into a guest page table then control passes to step 564 where it is determined whether or not there are any unexamined virtual address arguments that remain to be processed. If there are, control passes back to step 554 , and if not, then the hypercall is executed, step 566 .
- step 556 If, at step 556 , an argument is not a virtual address of the memory buffer then control passes to step 564 for processing of the hypercall.
- a memory buffer may span several pages, or several memory buffers are needed for the hypercall, as passed in arguments either explicitly or pointed to, by elements of data structures in another memory buffer.
- each unmapped page or page without the correct permission would cause the VMM to return an error and the faulting address.
- the VMM proceeds to executing the hypercall.
- the application may touch each page of a memory buffer immediately before issuing the hypercall to the VMM. Having the application touch each page prior to the hypercall provides some efficiency because doing so may avoid the need to return an error and retry the hypercall. As a virtual interrupt may occur between any two instructions in user-level, however, there is no guarantee that the memory buffer would still be mapped when the hypercall instruction is executed because the guest OS may have swapped it out before resuming execution of the application. Thus, although unlikely, it is possible that multiple faults may be generated on the same address.
- the CTC is accessible by the VMM while the application is running in the cloaked mode.
- the VMM makes sure that the CTC is mapped in the current page table, and the VMM caches the translation in the virtual TLB. Caching this translation allows the CTC to continue to be accessible to the VMM as long as the application is running under cloaked mode because, for x86-based systems, the guest cannot flush the virtual TLB on the VCPU without executing a privileged instruction on the same VCPU.
- the VMM would either intercept the execution of such a privileged instruction or detect the change to the TLB as the result of, e.g., a guest TLB flush or invalidation operation. In either event, the VMM is able to determine whether or not a page is still mapped. On a virtual hardware interrupt or fault, the VMM writes the cloaked register states into the CTC and transitions out of the cloaked mode. As a result, the VMM can have multiple accesses, i.e., continue to access the virtual memory while interleaving with the execution of other guest programs, which may or may not touch the same virtual memory. In other words, other programs may execute and such execution will not prevent the VMM from accessing the virtual memory of the cloaked program.
- the VMM could “pin” a page table entry, for example, the CTC, in the VMM for the virtual address it wants to access. This is a further step because the shadow page table is a cache and, therefore, the translation could be lost, i.e., the translation could be evicted from this cache. The loss of the translation could be problematic in a situation where, for example, operation of another VCPU invalidates the underlying page table entry that maps that virtual address.
- Cloaking necessarily changes the way the OS can manage process memory—it cannot modify it or introduce sharing without application help. It also changes the way the OS transfers control—it can only branch to well-defined entry and exit points within the application. Accommodating these changes requires adapting the semantics of a variety of system calls.
- a majority of system calls can be passed through to the OS with no special handling. These include calls with scalar arguments that have no interesting side effects, such as, e.g., getpid, nice, and sync.
- the shim need not alter arguments to these system calls, so the cloaked shim is bypassed altogether, resulting in control flow as shown in FIG. 11 .
- the VMM itself is not aware of system call semantics; during initialization, the shim indicates which system call numbers can be bypassed.
- the pipe command normally creates a queue in the kernel for communicating bytes. As this command is not easily protected, it is instead emulated with a queue in cloaked shared memory.
- reads and writes are implemented over the pipe as normal, however, with a modification.
- a write sends zeros instead of actual data.
- zeros are read, then actual data is copied from the protected queue.
- Emulation is required to support futex (Linux fast mutex), as the normal OS implementation involves direct modification of process memory.
- sendfile typically takes two descriptors, one for a file, and the other for a socket, and writes the contents of the former to the latter. This, however, will not work if a file is cloaked in accordance with teachings of the present invention. Instead, the cloaked file is read first, then its contents are written to the socket using normal send calls.
- Handling the clone and fork system calls is related to how the shim manages resources.
- a “clone” call begins by allocating thread-local storage for the new thread.
- the child's cloaked thread context CTC is set up by making a copy of the parent's CTC, and fixing all thread-local pointers for the child.
- the IP and SP for entering cloaked mode in the child's CTC are changed, arranging for the child to start executing in a “child_start” function located in the child's shim, which will complete its initialization.
- the CTC would be modified by the VMM on a switch from cloaked to uncloaked mode. In this case, however, the child's CTC is not currently being used. Thus, on a clone system call, only the parent's CTC is modified.
- the uncloaked stack that will be used by the cloned thread, when returning from the system call, is set up so that it will start running the new cloaked context. After returning from the system call, the parent thread returns to the original execution context.
- the child thread begins execution in child_start, as described above.
- the shim emulates it, registering the handler in its own table. All actual signal handlers (those registered with the kernel) use a single handler located in the uncloaked shim. This signal handler makes a hypercall to the VMM immediately upon receiving a signal, indicating which shadow context received the signal, the signal that occurred, and any additional signal parameters.
- the VMM examines the cloaked context and checks the signal status to determine in which context the signal occurred: the cloaked shim, uncloaked shim, cloaked application, or other uncloaked code. If the signal occurred when the cloaked application was executing, the VMM transfers control to a well-defined signal entry point in the shim, with relevant signal information. If the signal occurred while the shim was executing, the VMM further checks a flag in the CTC to determine whether to safely rollback execution to the last application system call entry point, or to defer the signal delivery until shim exit, when execution has effectively returned to the application.
- Files used by cloaked applications i.e., cloaked files
- the kernel file cache contains only encrypted blocks from these cloaked files.
- Read or write operations to a partial file block cannot be performed inside the guest kernel because a partial encrypted block cannot be decrypted with the exception of using a stream cipher.
- an application may access the same file using read and write system calls or through file-backed memory-mapped “mmap regions.”
- Each mmap region is a contiguous portion of the application's virtual address space created via the mmap system call (in Linux) to map memory for application use.
- the synchronization between encrypted and decrypted views would be expensive if the kernel implements read and write system calls using its encrypted view and the application accesses the file using virtual memory using its decrypted view.
- Embodiments of the present invention provide operations for securely processing cloaked file I/O operations—including read and write system calls, as well as some inter-process communication (IPC) operations, such as pipes, by emulating the file I/O semantics in the shim layer with memory-mapped regions using the mmap system call.
- IPC inter-process communication
- Unprotected, i.e., “uncloaked” files, are handled using argument marshalling, while protected files must be adapted to utilize cloaking.
- Each cloaked file has an associated metadata file, as explained above.
- the shim makes a hypercall to determine if the metadata for its RID is in the VMM's metadata cache MDC. If the metadata is not found, the shim makes a hypercall to allocate an RMD object in the MDC for that RID, reads the entire metadata file and passes its contents to the VMM, which verifies its integrity.
- the shim interposes on all I/O-related system calls. Encrypted file I/O for cloaked applications is implemented in the shim using mmap. For example, read and write system calls are emulated by copying data to/from memory-mapped buffers. File data is mapped using the MMAP_SHARED flag, to ensure that other processes that may open the same file obtain a consistent view. By transforming all file I/O into memory-mapped I/O, file data is decrypted automatically when it is read by a cloaked application, and encrypted automatically when it is flushed to disk by the kernel. For efficiency, the shim maintains a cache of mapped file regions; one implementation of the present invention maps regions using 1 MB chunks to amortize the cost of the underlying mmap and munmap calls.
- mmap for file I/O obviates the need to implement any cryptography in the shim and allows keys and metadata to be managed, in one embodiment of the present invention, solely by the VMM.
- This implementation avoids the need for maintaining consistency between different views of the same file.
- mmap encryption and decryption need only be performed when necessary.
- the application can read portions of a file repeatedly without causing any additional decryptions.
- This embodiment of the present invention provides an advantage over an implementation based on the read operation, as data would then need to be decrypted each time it was passed to the application. Similarly, for a write operation, data need only be encrypted when the OS actually flushes it to disk.
- a single-page header is prepended to each cloaked file.
- This header contains the actual file size, which may differ from the current on-disk size due to the 1 MB mapping granularity.
- Each shim using the file maps its header using a shared mmap, to emulate operations such as fstat and lseek.
- the shim also tracks operations that create or manipulate file descriptors, such as dup, and maintains a table of all open files, their offsets, and whether they are cloaked. This table is kept in a shared anonymous region to properly track and share descriptors across process forks.
- An implementation of a system in accordance with one or more of the embodiments of the present invention described above supports cloaking for all application memory regions—private and shared, anonymous and file-backed.
- An implementation of an embodiment of the present invention can be based on a version of the VMware VMM for 32-bit x86 processors that uses binary translation for guest kernel code.
- the modified VMM can be built as a VMware Workstation binary running in a “hosted” configuration on top of an existing Linux host OS.
- multi-shadowed memory cloaking does not depend on specific features of the VMware VMM, embodiments of the present invention as described herein could also be realized in other virtualization platforms as is apparent to those of ordinary skill in the art.
- a variety of applications have been run in a system implementing embodiments of the present invention. Cloaking a standard shell like bash or tcsh provides a convenient way to launch other cloaked applications. Most common commands, e.g., ls, ps, df, rm, have been implemented this way as have more complicated console-based tools like mail and traceroute. Shell scripts using simple tools like sed, awk, and grep have been protected, as have scripts in more complicated languages such as Perl and ruby.
- a variety of web and mail servers have been run with embodiments of the present invention, including Apache, exim and postfix.
- Embodiments of the present invention are also able to run a variety of small and large applications; from modest programs like xterm and konsole to larger clients such as Konqueror and Firefox.
- Embodiments of the present invention are directed primarily toward software attacks; however, compared to architecture-level approaches, embodiments of the present invention provide substantial flexibility by being software-based and do not require applications and/or the OS to be substantially modified or rewritten. Embodiments of the present invention make integration with unmodified operating systems feasible, and enable sharing between protection domains. Nevertheless, embodiments of the present invention's software mechanisms could be combined with more hardware-centric approaches to provide similar benefits.
- a system cryptographically isolates an application inside a virtual machine from the operating system it is running on, offering another layer of protection for application data, even in the face of total OS compromise.
- This capability is enabled by multi-shadowing, a novel technique for presenting different views of “physical” memory in virtualized systems. This allows memory to be cloaked, so that it appears normal to an application, but encrypted to the operating system. Cloaking supports a separation of responsibilities for isolation and resource management, allowing the use of complex commodity operating systems to manage application virtual memory and other resources, while relying on a simpler hypervisor to ensure data privacy and integrity.
- Embodiments of the present invention target whole-application protection, and the threats that may be directed toward it.
- Embodiments of the present invention implement a system that can be deployed incrementally, and used for diverse applications.
- Embodiments of the present invention protect entire existing applications in situ in existing commodity operating systems. This approach has several advantages:
- Sensitive data is remarkably diverse, from databases of credit card numbers, to files containing medical patient information. Sensitive data in real applications frequently does not lend itself to being placed in a separate container, and restructuring applications is often impractical.
- Embodiments of the present invention provide an incremental path to achieving this, as cloaking can be used for whole application protection as well as fine-grained compartmentalization.
- Embodiments of the present invention prevent the guest operating system from reading or modifying application code, data and registers. All non-application access to cloaked data, including DMA from virtual I/O devices, only reveals the data in encrypted form. Data secrecy, integrity, ordering and freshness are protected up to the strength of the cryptography used. If the OS or other hostile code tries to modify encrypted data, the application will fail-stop.
- Embodiments of the present invention may be used to implement a “trusted path” for user interface devices, as this would provide protection for many applications, including web, email, and VOIP clients.
- user interaction could be protected if the application uses a remote display system that renders to software frame buffers.
- I/O devices present a memory mapped interface to software.
- embodiments of the present invention can be employed to protect the contents of “physical” device memory from being inspected or modified by untrusted software.
- an interactive VM typically provides a virtual high resolution graphics display that uses a memory-mapped frame buffer.
- a multi-shadowed frame buffer in accordance with one or more embodiments of the present invention could implement a trusted path, by ensuring that a cloaked application's output remains private. This approach can be used to prevent the OS from observing raw device memory, and to cloak off-screen display images and other memory used by window managers and graphics subsystems.
- Applications can be modified to apply multi-shadowing selectively, i.e., cloaking only sensitive pages.
- two shadow contexts could be defined for each application: a protected shadow containing cloaked code and data, and an unprotected shadow for uncloaked code and data.
- cloaked memory can be accessed only by cloaked code.
- a shadow context would then be identified by the virtual address of the current instruction pointer.
- a VMM can change the execute permission of pages in the shadow page tables (independent of guest PTE permissions).
- all protected pages are marked nonexecutable; similarly, in the protected shadow, all unprotected pages are marked non-executable.
- control transfers to and from a cloaked application are only permitted at well-defined entry and exit points through mechanisms such as system calls and signal delivery.
- Application registers are also protected from the OS, and are securely saved and restored upon entry and exit from an application's execution context.
- Embodiments of the present invention can also protect information shared between cloaked applications via the file system, shared memory, or other forms of IPC.
- Embodiments of the present invention may be implemented on one or more of the VMM products available from VMware of Palo Alto, Calif.
- Embodiments of the present invention offer an additional layer of defense-in-depth.
- As its protection model is orthogonal to that of the guest OS, protected applications require no additional privileges.
- Embodiments of the above-described invention may be implemented in all software, all hardware, or a combination of hardware and software, including program code stored in a firmware format to support dedicated hardware.
- a software implementation of the above described embodiment(s) may comprise a series of computer instructions either fixed on a tangible medium, such as a computer readable media, e.g. diskette, CD-ROM, ROM, or fixed disk or transmittable to a computer system in a carrier wave, via a modem or other interface device.
- the medium can be either a tangible medium, including but not limited to optical or analog communications lines, or may be implemented with wireless techniques, including but not limited to radio, microwave, infrared or other transmission techniques.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Stored Programmes (AREA)
Abstract
A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
Description
- This application claims priority from provisional patent application Ser. No. 60/983,797, filed 30 Oct. 2007, entitled “A Virtualization-Based Approach To Retrofitting Protection In Commodity Operating Systems,” the entire contents of which is hereby incorporated by reference herein.
- This application is related to:
- Attorney Docket A189, entitled “Providing VMM Access to Guest Virtual Memory,” filed on even date herewith, the entire contents of which is hereby incorporated by reference for all purposes;
- Attorney Docket A193, entitled “Cryptographic Multi-Shadowing With Integrity Verification,” filed on even date herewith, the entire contents of which is hereby incorporated by reference for all purposes;
- Attorney Docket A194, entitled “Transparent VMM-Assisted User-Mode Execution Control Transfer,” filed on even date herewith, the entire contents of which is hereby incorporated by reference for all purposes; and
- Attorney Docket A195, entitled “Transparent Memory-Mapped Emulation of I/O Calls,” filed on even date herewith, the entire contents of which is hereby incorporated by reference for all purposes.
- One or more embodiments of the present invention relate to identifying an application or process in a virtual machine in order to locate resources associated with the identified application.
- Commodity operating systems (OS) are used in amazingly diverse environments, from ubiquitous use in the home, to service in commercial, government, and military settings. These systems are tasked with handling all manner of sensitive data, from individual passwords and cryptokeys, to databases of social security numbers, to sensitive documents, and voice traffic.
- The security of known commodity operating systems, however, is less than ideal. While some facets of their security will continue to improve, it is believed that competitive pressures to provide richer functionality and retain compatibility with existing applications will keep the complexity of such systems high and, therefore, their security assurance low.
- Over the years, a variety of techniques has been used for executing multiple software modules within a computer system, thereby providing some amount of security. Early computer systems could execute multiple software programs, but they could only execute one program at a time. Such computers might load one program into memory and execute it to completion or other termination, before proceeding to a subsequent program that would then be loaded into memory and executed. As another example, various multitasking operating systems enable multiple programs (or selected portions thereof) to be loaded into memory at one time and executed in an alternating manner, according to a scheduling algorithm. Also, some processors include multithreading capabilities that enable multiple threads of one or more programs to be executed simultaneously on a single processor. Finally, multiprocessor computer systems have also become commonplace, in which each processor can execute one or more threads all at the same time.
- Many computer systems generally attempt to isolate the code and data of each different software module from the code and data of any other software module within the computer system. As a result, one software module then cannot interfere with the execution of another software module by altering the latter's code or data. Such isolation may be provided for code and/or data that is stored on a hard drive (or other secondary data storage means) and/or that is resident in main memory (or other primary data storage means). The term “data” is generally used in a broad sense, to include data that is operated on by the instructions (code) of a software module as well as the contents of a stack and any other possible forms of data that are associated with a software module.
- As one example of the isolation of code and data, many systems implement a virtual addressing mechanism, in which different software modules within the system have different virtual address spaces, with each virtual address space generally being mapped to different portions of the physical address space of the computer system, so that the virtual addresses of a given software module are generally only mapped to physical addresses that contain the code or data of that particular software module. Virtual addressing mechanisms are well understood by one of ordinary skill in the art. A given software module may attempt to access every memory location in its own virtual address space, accessing every memory location to which it has access, and it will still only be able to access its own code and data (assuming that there is no shared memory). Thus, providing a virtual addressing mechanism provides some isolation between the code and data of multiple software modules in a computer system and, therefore, provides some security.
- Various other protection mechanisms may also be implemented in such computer systems to isolate the code and/or data of multiple software modules from one another.
- The x86 architecture provides two primary memory protection mechanisms that may be used by an OS (or other system software) to try to isolate the code and data of multiple tasks or processes that execute on the processor, namely, a segmentation mechanism and a paging mechanism. Windows and Linux use the paging mechanism, but they generally do not take advantage of the segmentation mechanism. Instead, these OSs define segments that include the entire addressable range of the processor, so that the segmentation protection mechanism becomes ineffective in providing isolation between the code and data of multiple tasks. Thus, for simplicity, this discussion focuses on the paging mechanism of the x86 processor, which implements a virtual addressing mechanism. The invention, however, is not limited to implementations using the x86 processor, or implementations using similar memory protection mechanisms.
- Generally, for Windows and Linux, different user processes are generally given different virtual address spaces. The OS creates a different set of page tables (and a page directory) for each virtual address space, which maps the respective virtual addresses to physical addresses. Thus, the page tables for a given user process map that process's virtual addresses to the physical addresses that contain the code and data for that process. The page tables for the user processes also contain mappings for code and data of the OS, but the user processes cannot use these mappings because the user processes are executed at a Current Privilege Level (CPL) of 3 and these mappings are set to require a supervisor, i.e., a higher, privilege level (a CPL of 0, 1 or 2). Otherwise, the page tables for a given user process generally only contain mappings to physical memory pages that contain that process's code and data. Therefore, a user process can generally only access its own code and data. Executing the user processes at a CPL of 3 also prevents the processes from modifying their own page tables. Otherwise, a process could add entries to its page tables that map to any physical address in the system, so that the process could give itself access to the code and data of other software modules, including other user processes and the OS.
- Windows and Linux generally provide adequate protection for the software modules in a computer system, so long as all of the software modules are well designed and well behaved, i.e., they are not attempting to circumvent the protection mechanism. Thus, many processes may be running concurrently in such a computer system, with the OS giving each process a share of the system resources, including processor time, memory space and hard disk space, without any of the processes interfering with the code or data of the other processes.
- As shown in
FIG. 1 , asimple computer system 2A has multiple software modules. Thecomputer system 2A includessystem hardware 100A, an OS 20A, afirst application 40A and asecond application 40B. Thesystem hardware 100A may be conventional hardware based on, for example, the x86 platform, and the OS 20A may be, for example, Windows or Linux. Theapplications system hardware 100A and theOS 20A. The OS 20A also includes a set ofdrivers 29A, which may be conventional drivers for theOS 20A, possibly including one or more drivers from a company that is different from the OS vendor (a third party vendor). - The
OS 20A, in conjunction with thesystem hardware 100A, attempts to isolate the code and data of theapplications OS 20A and thesystem hardware 100A may implement a virtual addressing mechanism, as described above. As illustrated inFIG. 1 , implementing such a protection mechanism may be characterized as establishing anisolation barrier 80B between theapplications applications applications OS 20A may mark physical memory pages that contain shared code or data as read only, such as when using a copy-on-write (COW) technique. - The
isolation barrier 80B may be referred to as an “OS isolation barrier” because it is implemented by theOS 20A, in conjunction with thesystem hardware 100A. TheOS 20A, again in conjunction with thesystem hardware 100A, also establishes anOS isolation barrier 80A between theOS 20A and all applications in the system, including theapplications OS 20A. In the case of a Windows or Linux OS running on an x86 platform, as above, theOS isolation barrier 80A is established by executing the applications in the system at a CPL of 3 and requiring a supervisor privilege level to access memory pages containing the code and data of theOS 20A. - Although the Windows and Linux OSs provide adequate isolation between software modules for computer systems that contain only well designed and well behaved software modules, malicious software modules have been known to wreak havoc in such computer systems by circumventing these protection mechanisms. In particular, such malicious software modules have been known to breach the
OS isolation barriers - As is too well-known, hackers exploit the vulnerabilities of today's systems for a variety of reasons and with a variety of goals, some being relatively benign and others being quite destructive or disruptive. As one example, a malicious software module may be written and deployed that searches for sensitive data on a computer's hard drive or in its memory and transmits any such sensitive data back to the hacker that launched the malicious code.
- Security threats and data breaches have been gaining greater notoriety, and it is widely accepted that something should be done to improve the security of the ubiquitous personal computer. In particular, there is a recognized need to improve the security for the vast number of computers based on the x86 architecture. Many believe that software changes alone will not provide adequate protection. Accordingly, many different companies are working toward solutions that involve substantial changes to both the system hardware and the system software, i.e., the operating system, of a computer system. Many such security measures, however, require substantial changes to application level software as well.
- With respect to the ubiquitous x86 platform, much of the work being done in this area requires substantial hardware changes or an entirely new hardware platform. This work would also require substantial changes to existing software platforms, including system software and possibly application software. Applications in some of these implementations might also have limited access to input/output devices because of a limited supply of trusted device drivers.
- The amount of money that is invested in computer hardware and software based on the x86 architecture throughout the world is enormous. Many individuals, businesses, schools, governments and other organizations will be reluctant to scrap their current x86 systems, along with all the software that currently runs on x86 systems, and replace them with new technology. Even if a new, more secure and widely accepted hardware platform were available today, it would still take a long time for the new hardware to become anywhere near as widespread as the x86 platform is today. In the meantime, a large number and proportion of computers would remain vulnerable to the security threats described above.
- Notwithstanding the foregoing, there are some proposed security measures that may be implemented primarily in software. In particular, there are some such measures that use virtualization technology to create multiple virtual machines (VMs), where different software modules run in different VMs. It is widely recognized that a well-designed and implemented virtualization layer can generally provide much greater isolation between multiple VMs than a general OS can provide between multiple software modules.
- A
general computer system 2B, referring now toFIG. 2 , is described in co-pending application Ser. No. 11/584,178, filed 20 Oct. 2006, titled “Isolating Data within a Computer System Using Private Shadow Mappings,” herein incorporated by reference in its entirety for all purposes, in which multiple VMs are implemented to isolate multiple software modules from one another. Thecomputer system 2B includessystem hardware 100B, which may be conventional hardware, such as hardware based on the x86 platform. Thesystem hardware 100B may be substantially the same as thesystem hardware 100A ofFIG. 1 , or it may be substantially different.Virtualization software 200A executes on thesystem hardware 100B and supports a plurality of VMs, such as afirst VM 300A and asecond VM 300B, in a known manner.Virtualization software 200A may comprise a virtual machine monitor (VMM,) for example, such as a VMM as implemented in a virtualization product of VMware, Inc. of Palo Alto, Calif. Such a VMM and other possible units of thevirtualization software 200A are described in greater detail below. - In supporting the
VM 300A, thevirtualization software 200A virtualizes avirtual system hardware 310A, which may be based on an existing hardware platform, such as the x86 platform. AnOS 20B, along with a set ofdrivers 29B, runs on thevirtual system hardware 310A. TheOS 20B may be any OS designed to run on the hardware platform virtualized in thevirtual hardware 310A. For example, if thevirtual hardware 310A is based on the x86 platform, theOS 20B may be, for example, a Windows OS, Solaris OS, Mac OS X, Novell Netware, or a Linux OS. The set ofdrivers 29B may be conventional drivers for theOS 20B. Afirst application 40H and asecond application 40D run on theOS 20B. Theapplications virtual hardware 310A and theOS 20B. - Similar to the
OS 20A ofFIG. 1 , theOS 20B, in conjunction with thevirtual system hardware 310A, attempts to isolate the code and data of theapplications OS isolation barrier 80B between theapplications OS 20A ofFIG. 1 , theOS 20B, again in conjunction with thevirtual system hardware 310A, also establishes anOS isolation barrier 80A between theOS 20B and all applications in theVM 300A, including theapplications VM 300A may be substantially the same as thecomputer system 2A, except that thevirtual system hardware 310A is virtual hardware, virtualized by thevirtualization software 200A, instead of physical hardware. - In supporting the
VM 300B, thevirtualization software 200A virtualizes avirtual system hardware 310B in a like manner as done for theVM 300A. - The
virtualization software 200A isolates the VMs in thecomputer system 2B from one another. For example, thevirtualization software 200A allows software within theVM 300A to access portions of physical memory in thesystem hardware 100B and it allows software within theVM 300B to access other portions of the physical memory. Thevirtualization software 200A maps attempted memory accesses from therespective VMs virtualization software 200A maps attempted hard disk accesses from therespective VMs system hardware 100B, ensuring that one VM cannot access the hard disk space of another VM. - The
virtualization software 200A also takes other precautions to isolate the VMs in thecomputer system 2B from one another, and from thevirtualization software 200A, itself. For example, U.S. Pat. No. 7,281,102 to Agesen et al., “Restricting Memory Access to Protect Data when Sharing a Common Address Space”, (“the '102 patent”), describes methods that may be used to enable a VMM to occupy a portion of a linear address space of a VM, while preventing the VM from accessing the memory of the VMM. There are also various other methods that enable virtualization software to coexist with VMs in a virtual computer system, while protecting or isolating the virtualization software from software within the VMs. Thevirtualization software 200A may prevent software within theVMs - Thus, the
virtualization software 200A, in conjunction with thesystem hardware 100B, may be said to establish afirst isolation barrier 280B between theVMs second isolation barrier 280A between thevirtualization software 200A and all VMs in thecomputer system 2B, including theVMs isolation barriers virtualization software 200A, in conjunction with thesystem hardware 100B. Theisolation barriers - Virtualization techniques may provide better security and more effective isolation between multiple software modules than a general OS may provide. Thus, the
virtualization barriers FIG. 2 can generally provide much better isolation between themultiple VMs virtualization software 200A than theOS isolation barriers FIG. 1 provide between themultiple applications OS 20A. Although computer systems that establish multiple VMs and that run different software modules within the different VMs generally provide better isolation for the software modules than do general OSs, such virtual computer systems have other limitations. - As an example of one limitation, if the software within a VM becomes corrupted by malicious software, the same problems described above relative to non-virtualized computer systems can occur within the affected VM. The software modules within the particular VM may be compromised by the malicious software. Approaches to retrofitting operating systems to possess higher-assurance security execution environments using multiple virtual machines, new operating systems, secure co-processors, or substantial changes to the processor architecture have been explored. Unfortunately, these may demand not insignificant changes in how applications are written and used, and how OS resources are managed. Such departures from standard operation pose a substantial barrier to adoption of these known approaches.
- Application security is ultimately limited by the functions provided by commodity operating systems. A virtual-machine-based system in accordance with an embodiment of the present invention may protect the privacy and integrity of application data, even in the event of a total operating system compromise. Embodiments of the present invention present an application with a normal view of its resources, but the OS sees an encrypted view of these resources. This functionality allows the operating system to carry out the complex tasks of managing an application's resources, without allowing it to read or modify them. Thus, embodiments of the present invention offer defenses against application data being compromised.
- Embodiments of the present invention build on multi-shadowing, a mechanism that presents different views of “physical” memory, depending on the context performing the access. This approach offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors.
- Embodiments of the present invention do not replace the role of an existing operating system (OS) for managing resources. Instead, the isolation capabilities of the virtualization layer are extended to allow for protection of entities inside a virtual machine.
- In one embodiment, a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) implements a method of establishing an identity of a first execution context running in the VM where the method comprises: providing a shim program in a virtual address space of the first execution context; the shim program, upon initialization, associating a first page, having a first page address, with the first execution context and passing the first page address to the VMM; the VMM, upon receipt of the first page address from the shim program, assigning a unique identifier (ASID) for the first execution context, generating a second identifier value and writing the second identifier value and the ASID at the first page address; and the VMM returning the ASID to the shim program.
- In another embodiment, a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) implements a method of confirming an identity of a first execution context running in the VM, the method comprising: the VMM receiving first identifying data corresponding to the first execution context; the VMM retrieving second data as a function of the received first identifying data; the VMM retrieving third data as a function of the received first identifying data; and the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
- In yet another embodiment, a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein implements a method of facilitating a guest operating system (OS) running in the VM to perform at least one function for the first execution context, the method comprising: the VMM intercepting a first event from the first execution context to the guest OS; the VMM confirming an identity of the first execution context. Further, if the identity is confirmed: the VMM saving a state of the first execution context in a memory space provided for the identified first execution context and passing a second event to the guest OS, the second event being a function of the first event and comprising control return location information; the guest OS processing the second event and returning control as a function of the control return location information; the VMM receiving a request to resume the first execution context; the VMM determining if the request to resume the first execution context is valid; and if the request to resume is valid, the VMM restoring the saved state of the first execution context; and the first execution context resuming operation.
-
FIG. 1 illustrates a computer system running multiple software modules on a general operating system; -
FIG. 2 illustrates a virtual computer system with multiple virtual machines (VMs) for running multiple software modules; -
FIG. 3 illustrates a virtual computer system installed on a host platform, with a virtual machine monitor (VMM) at the same system level as the host operating system; -
FIG. 4 illustrates an alternative configuration of a virtual computer system, which includes a kernel on which is run the VMM ofFIG. 3 ; -
FIG. 5 is a representation of components used for known address mapping function; -
FIG. 6 is a block diagram of the architecture of one embodiment of the present invention; -
FIG. 7 is a representation of multiple physical address mapping modules in accordance with one embodiment of the present invention; -
FIGS. 8A and 8B represent a flowchart of a process in accordance with one embodiment of the present invention; -
FIG. 9 is a state transition diagram for managing cloaked pages in accordance with one embodiment of the present invention; -
FIG. 10 is a representation of the components involved in metadata protection in accordance with an embodiment of the present invention; -
FIG. 11 is a representation of the control flow for handling faults and interrupts in accordance with an embodiment of the present invention; -
FIG. 12 is a state transition diagram for the control flow for handling system calls in accordance with an embodiment of the present invention; and -
FIG. 13 is a flowchart of the steps for accessing memory in accordance with one embodiment of the present invention. - Application security is often limited by the poor assurance of commodity operating systems. A virtual-machine-based system in accordance with an embodiment of the present invention may protect the privacy and integrity of application data, even in the event of a total OS compromise. Embodiments of the present invention present an application with a normal view of its resources, but the OS with an encrypted view of those resources. This allows the operating system to carry out the complex tasks of managing an application's resources, without allowing it to read or modify them. Thus, embodiments of the present invention offer defenses against application data being compromised.
- Embodiments of the present invention build on “multi-shadowing,” a mechanism that presents different views of “physical” memory, depending on the context performing the access. This approach offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors.
- Many embodiments of the present invention do not replace the role of an existing OS for managing resources. Instead, the isolation capabilities of the virtualization layer are extended to allow protection of entities inside a virtual machine.
- The technique of “multi-shadowing” leverages the extra level of indirection offered by memory virtualization in a virtual machine monitor (VMM) to provide a protection layer. Conceptually, as will be described below, a typical VMM maintains a one-to-one mapping from guest “physical” addresses to actual machine addresses. Multi-shadowing replaces this with a one-to-many, context-dependent mapping, providing multiple views of guest memory. Embodiments of the present invention extend multi-shadowing to present an application with a cleartext view of its pages, and the OS with an encrypted view, a technique referred to as “cloaking.” Encryption-based protection allows resources to remain accessible to the OS, yet secure, permitting the OS to manage resources without compromising application privacy or integrity.
- Multi-Shadowed Cloaking
- Prior to the detailed description of embodiments of the present invention, the operation of traditional virtualized systems will be briefly explained, followed by an explanation of how these systems are extended to support multi-shadowing according to embodiments of the present invention. The manner in which multi-shadowing is coupled with encryption to implement cloaking, providing both encrypted and unencrypted views of memory is then discussed.
- Discussion of Virtualization
- As is well known in the art, a virtual machine (VM) is a software abstraction, i.e., a “virtualization” of an actual or an abstract physical computer system. The VM runs as a “guest” on an underlying “host” hardware platform. Guest software, such as a guest OS and guest applications, may be loaded onto the virtual computer for execution. The guest OS may, but need not be, the same as the OS or other system software running at the system level in the host. For example, a Windows OS may run in the VM even though the OS used to handle actual I/O (input/output), memory management, etc., on the host might be a Linux OS. As long as a suitable interface is provided between the VM and the host platform, a user of a VM need not even be aware that she is not using a “real” computer, that is, a system with hardware dedicated exclusively to her use. The existence of the underlying host can be made transparent to a user of the VM and to the guest software itself.
- A Hosted Virtual Computer System
-
FIG. 3 illustrates the main components of acomputer system 2X that supports aVM 300X, as generally implemented in the Workstation virtualization product of VMware, Inc. As in conventional (non-virtualized) computer systems, bothsystem hardware 100X andsystem software 19W are included. Thesystem hardware 100X includes CPU(s) 112X, which may be a single processor, or two or more cooperating processors in a known multiprocessor arrangement. The system hardware also includessystem memory 118X, one ormore disks 120X, and some form of Memory Management Unit (MMU) 116X. One of ordinary skill in the art will understand that the system may not contain any disks. In other words, the system may instead use network-attached storage (NAS), such as a remote file server, i.e., one using NFS (Network File System) or CIFS (Common Internet File System) protocols, or a remote storage array via a storage-area network (SAN), or via a standard network, e.g., using the iSCSI (Internet Small Computer System Interface) protocol. Further, flash memory could be used to replace the disks. As is understood in the field of computer engineering, the system hardware also includes, or is connected to, conventional registers, interrupt handling circuitry, a clock, etc., which, for the sake of simplicity, are not shown in the figure. - The
system software 19W either is or at least includes anoperating system 20W, which hasdrivers 29W as needed for controlling and communicating withvarious devices 123X, and usually with thedisk 120X as well.Conventional applications 40W, if included, may be installed to run on thehardware 100X via thesystem software 19W and any drivers needed to enable communication with those devices. - The virtual machine (VM) 300X—also known as a “virtual computer”—is a software implementation of a complete computer system. In the VM, the physical system components of a “real” computer are emulated in software, that is, they are virtualized. Thus, the
VM 300X will typically include virtualized (“guest”)system hardware 310X, which in turn includes one or morevirtual CPUs 312X (VCPU),virtual system memory 318X (VMEM), one or morevirtual disks 320X (VDISK), and one or morevirtual devices 323X (VDEVICE), all of which are implemented in software using known techniques to emulate the corresponding components of an actual computer. It should be noted, however, that a VDISK and a VDEVICE are typically included but are not strictly necessary. The concept, design and operation of virtual machines are well known in the field of computer science. - The
VM 300X also includessystem software 19X, which may include aguest operating system 20X, which may, but need not, simply be a copy of a conventional, commodity OS, as well asdrivers 29X as needed, for example, to control the virtual device(s) 323X. Note that a disk—virtual or physical—is also a “device,” but is usually considered separately because of its essential role. Of course, most computers are intended to run various applications, and a VM is usually no exception. Consequently, by way of example,FIG. 3 illustrates one ormore applications 40X installed to run on theguest OS 20X; any number of applications, including none at all, may be loaded for running on the guest OS, limited only by the requirements of the VM. Software running in theVM 300X, including theguest OS 20X and theguest applications 40X, is generally referred to as “guest software.” - Note that although the virtual hardware “layer” 310X will be a software abstraction of physical components, the VM's
system software 19X may be the same as would be loaded into a hardware computer. The modifier “guest” is used here to indicate that the VM, although it acts as a “real” computer from the perspective of a user and guest software, is actually just computer code that is executed on the underlying “host” hardware andsoftware platform virtual device 323X will actually be carried out by I/O to acorresponding hardware device 123X, but in a manner transparent to the VM. - Some interface is usually required between the
VM 300X and the underlying “host”hardware 100X, which is responsible for actually executing VM related instructions and transferring data to and from the actual,physical memory 118X andother system hardware 100X. The interface between the VM and the underlying host system is often referred to as a Virtual Machine Monitor (VMM). As used in this patent, the term VMM should not be interpreted as being limited in any way to or by existing virtualization software that is referred to as a VMM. Instead, the term VMM should be interpreted broadly as virtualization software that supports the operation of a virtual machine, whether such virtualization software is referred to as a VMM, a hypervisor, or if some other terminology is used; or, in the event that some virtualization functionality is implemented or supported in hardware, the term VMM may be interpreted broadly as virtualization logic that supports the operation of a virtual machine. - A VMM is usually a relatively thin layer of software that runs directly on top of a host, such as the
system software 19W, or directly on the hardware, and virtualizes the resources of the hardware platform.FIG. 3 showsvirtualization software 200X, which may be implemented as a VMM, running directly on thesystem hardware 100X. Thevirtualization software 200X is also referred to as aVMM 200X herein, although it may alternatively comprise other virtualization software that may not be considered or called a VMM. TheVMM 200X will typically include at least onedevice emulator 254X, which may also form the implementation of the virtual device(s) 323X. The interface exported to the respective VM is usually such that theguest OS 20X cannot determine the presence of the VMM. The VMM also usually tracks and either forwards (to thehost OS 20W) or itself schedules and handles all requests by its VM for machine resources, as well as various faults and interrupts.FIG. 3 therefore illustrates an interrupt (including fault)handler 252X within the VMM. The VMM also includes amemory manager 256X. The general features of VMMs are well known and are therefore not discussed in further detail here. - A
single VM 300X is illustrated inFIG. 3 merely for the sake of simplicity; in many installations, there will be more than one VM installed to run on the common hardware platform; all may have essentially the same general structure, although the individual components need not be identical. Also, as shown inFIG. 3 , asingle VMM 200X is the interface for thesingle VM 300X. It would also be possible to include the VMM as part of its respective VM. Although the VMM is usually completely transparent to the VM, the VM and VMM may be viewed as a single module that virtualizes a computer system. The VM and VMM are shown as separate software entities in the figures merely for the sake of clarity. Moreover, it would also be possible to use a single VMM to act as the interface for more than one VM. - In the system illustrated in
FIG. 3 , both the host OS and the VMM are installed at system level, meaning that they each run at the greatest privilege level and can therefore independently modify the state of the hardware processor(s). For I/O to at least some devices, however, the VMM may issue requests via thehost OS 20W. To make this possible, aspecial driver VMDRV 290 is installed just as any other driver within thehost OS 20W is installed and exposes a standard API to a user-level application VMAPP 292. When the system is in the VMM context, meaning that the VMM is taking exceptions, handling interrupts, etc., but the VMM wishes to use the existing I/O facilities of the host OS, the VMM calls thedriver VMDRV 290, which then issues calls to theapplication VMAPP 292, which then carries out the I/O request by calling the appropriate routine in the host OS. - A
line 280X symbolizes the boundary between the virtualized (VM/VMM) and non-virtualized (host software) “worlds” or “contexts.” Thedriver VMDRV 290 andapplication VMAPP 292 thus enable communication between the worlds. Theboundary 280X may also be characterized as a “virtualization barrier”, as that term is used above. Thevirtualization barrier 280X, however, does not provide as complete a barrier, or as secure a barrier, between thehost OS 20W and theVM 300X as thevirtualization barrier 280B provides between theVM 300A and theVM 300B shown inFIG. 2 . This is primarily because thesystem software 19W has direct access to thesystem hardware 100X, including all of thememory 118X and thedisk 120X, including, in particular, the memory and disk space that contains the code and data of theVMM 200X and theVM 300X. Accordingly, thevirtualization barrier 280X may be referred to more specifically as a “limited virtualization barrier,” while thevirtualization barrier 280B may be referred to more specifically as a “complete virtualization barrier” or as a “bidirectional virtualization barrier.” Another virtualization barrier would be established between theVM 300X and any other VM in thecomputer system 2X, although no such other virtualization barrier is illustrated inFIG. 3 because only one VM is illustrated. Avirtualization barrier 280W between theVM 300X and theVMM 200X operates substantially the same as thevirtualization barrier 280A shown inFIG. 2 . - A Kernel-Based Virtual Computer System
- In the
computer system 2X ofFIG. 3 , the VMM is co-resident at system level with a host operating system. Both the VMM and the host OS can independently modify the state of the host processor, but the VMM calls into the host OS via a driver and a dedicated user-level application to have the host OS perform certain I/O operations on behalf of the VM. The virtual computer in this configuration is thus fully hosted in that it runs on an existing host hardware platform and together with an existing host OS. - In other implementations, a dedicated kernel, takes the place, and performs the conventional functions, of the host OS, and virtual computers run on the kernel. A “kernel-based” virtual computer system, in which a kernel serves as the system software for one or more VMM/VM pairs, is illustrated in
FIG. 4 . Compared with a system in which VMMs run on a host OS, use of a kernel offers greater modularity and facilitates provision of services that extend across multiple VMs (for example, for resource management). Compared with the hosted deployment described above, a kernel may offer greater performance because it can be co-developed with the VMM and be optimized for the characteristics of a workload consisting of VMMs. The ESX Server virtualization product of VMware, Inc., has such a configuration. A kernel-based virtualization system of the type illustrated inFIG. 4 is described in U.S. Pat. No. 6,961,941 to Nelson et al., “Computer Configuration for Resource Management in Systems Including a Virtual Machine”, (“the '941 patent”). - As shown in
FIG. 4 , the general configuration of a kernel-basedvirtual computer system 2Y, includes one or more virtual machines (VMs), such as afirst VM 300Y and asecond VM 300Z, each of which is installed as a “guest” on a “host”hardware platform 100Y. Thehardware platform 100Y includes one or more processors (CPUs) 112Y,system memory 118Y, and one ormore disks 120Y. Thehardware 100Y may also include other conventional mechanisms such as a Memory Management Unit (MMU) 116Y andvarious devices 123Y. - The
VM 300Y includesvirtual system hardware 310Y, which typically includes at least onevirtual CPU 312Y, at least onevirtual disk 320Y, avirtual system memory 318Y, and variousvirtual devices 323Y. TheVM 300Y also includes aguest operating system 20Y (which may simply be a copy of a conventional operating system) running on thevirtual system hardware 310Y, along with a set ofdrivers 29Y for accessing thevirtual devices 323Y and thevirtual disk 320Y. One or more applications 40Y may execute in theVM 300Y on theguest OS 20Y and thevirtual system hardware 310Y. All of the components of the VM may be implemented in software using known techniques to emulate the corresponding components of an actual computer. This implementation of theVM 300Y may generally be substantially the same as the implementation of theVM 300X shown inFIG. 3 . - The
VMs virtualization software 200Y comprising akernel 202Y and a set of VMMs, including afirst VMM 250Y and asecond VMM 250Z. In this implementation, each VMM supports one VM. Thus, theVMM 250Y supports theVM 300Y and theVMM 250Z supports theVM 300Z. TheVMM 250Y includes, among other components,device emulators 254Y, which may constitute thevirtual devices 323Y that theVM 300Y accesses. TheVMM 250Y may also include amemory manager 256Y. The VMM also usually tracks and either forwards (to some form of system software,) or itself schedules and handles, all requests by its VM for machine resources, as well as various faults and interrupts. A mechanism known in the art as an exception or interrupthandler 252Y may therefore be included in the VMM. - The
computer system 2Y may, initially, have an existingoperating system 20Z that may be at system level, and thekernel 202Y may not yet even be operational within the system. The initial system level interface between theOS 20Z and thesystem hardware 100Y is represented by a dashed line inFIG. 4 . In such a case, one of the functions of theOS 20Z may be to make it possible to load thekernel 202Y, after which the kernel runs on thenative hardware 100Y and manages system resources. In effect, the kernel, once loaded, displaces theOS 20Z. Thus, thekernel 202Y may be viewed either as displacing theOS 20Z from the system level and taking this place itself, or as residing at a “sub-system level.” When interposed between theOS 20Z and thehardware 100Y, thekernel 202Y essentially turns theOS 20Z into an “application,” which has access to system resources only when allowed by thekernel 202Y. The kernel then schedules theOS 20Z as if it were any other component that needs to use system resources. Accordingly, another interface is shown between theOS 20Z and thekernel 202Y for enabling theOS 20Z to access thesystem hardware 100Y. This second interface is shown with a solid line inFIG. 4 . - The
OS 20Z may also be included to allow applications unrelated to virtualization to run; for example, a system administrator may need such applications to monitor thehardware 100Y or to perform other administrative routines. TheOS 20Z may thus be viewed as a “console” OS (COS). In such implementations, thekernel 202Y may also include a remote procedure call (RPC) mechanism to enable communication between, for example, theVMM 250Y and any applications 40Z installed to run on theCOS 20Z. - As described in the '941 patent, the
kernel 202Y handles the various VMM/VMs and theCOS 20Z as entities that can be separately scheduled, which are referred to as “worlds.” The worlds are controlled by a world manager, represented inFIG. 4 within thekernel 202Y asmodule 212Y. Thekernel 202Y may also include an interrupt/exception handler 214Y that is able to intercept and handle interrupts and exceptions for all devices on the machine. - The
kernel 202Y includes asystem memory manager 210Y that manages all machine memory that is not allocated exclusively to theCOS 20Z. When thekernel 202Y is loaded, the information about the maximum amount of memory available on the machine is available to the kernel, as well as information about how much of it is being used by the COS. Part of the machine memory is used for thekernel 202Y itself and the rest is used for the virtual machine worlds. Virtual machine worlds use machine memory for two purposes. First, memory is used to back portions of each world's memory region, that is, to store code, data, stacks, etc. For example, the code and data for theVMM 250Y is backed by machine memory allocated by thekernel 202Y. Second, memory is used for the guest memory of the virtual machine. The memory manager may include any algorithms for dynamically allocating or deallocating memory among the different VMs. - The
kernel 202Y is responsible for providing access to all devices on the physical machine. In addition to other modules that the designer may choose to load onto the system for access by the kernel, the kernel will typically load conventional drivers as needed to control access to devices. Accordingly, amodule 240Y containing loadable kernel modules and drivers is shown inFIG. 4 . Thekernel 202Y may interface with the loadable modules and drivers in a conventional manner, i.e., using an API or similar interface. - A
first virtualization barrier 280V between theCOS 20Z and theVMs second virtualization barrier 280Y between theVMs third virtualization barrier 280Z between thevirtualization software 200Y and theVMs COS 20Z, are represented inFIG. 4 . There would also be additional virtualization barriers between any other VMs in the computer system. Thevirtualization barriers virtualization barrier 280B ofFIG. 2 , while thevirtualization barrier 280Z may be substantially the same as thevirtualization barrier 280A. - Overview of Memory Mapping in Virtual Computer Systems
- When memory addresses are generated in the
VM 300X ofFIG. 3 , either by theapplications 40X or theguest system software 19X, the addresses are generally mapped to corresponding addresses in thephysical memory 118X. Both theguest OS 20X and thememory manager 256X are involved in this mapping process. Similarly, when memory addresses are generated in theVM 300Y ofFIG. 4 , either by the applications 40Y or the system software of theVM 300Y, theguest OS 20Y and thememory manager 256Y are involved in the process of mapping the addresses to corresponding addresses in thephysical memory 118Y. These address mapping processes are substantially similar in both the hostedvirtual computer system 2X ofFIG. 3 and the kernel-basedvirtual computer system 2Y ofFIG. 4 . Thus, the following description is generally limited to the process of mapping addresses from theVM 300X ofFIG. 3 to thephysical memory 118X, although it generally also applies to the corresponding process ofFIG. 4 , and to corresponding processes in other virtual computer systems. - Most modern computers implement a “virtual memory” mechanism, as described briefly above, that allows user-level software to specify memory locations using a set of virtual addresses. These virtual addresses are then translated or mapped into a different set of physical addresses that are actually applied to physical memory to access the desired memory locations. The range of possible virtual addresses that may be used by user-level software constitutes a virtual address space, while the range of possible physical addresses that may be specified constitutes a physical address space. The virtual address space is typically divided into a number of virtual memory pages, each having a different virtual page number, while the physical address space is typically divided into a number of physical memory pages, each having a different physical page number. A memory “page” in either the virtual address space or the physical address space typically comprises a particular number of memory locations, for example, such as either a four kilobyte (KB) memory page or a two megabyte (MB) memory page in an x86 computer system.
- The operation of a virtual memory system is well understood by those of ordinary skill in the art and will not be described in further detail herein. For more information, see “Computer Organization & Design: the Hardware/Software Interface,” by David A. Patterson and John L. Hennessy, 2nd ed., Morgan Kaufmann Publishers Inc., San Francisco, Calif., 1998.
- Classical Memory Virtualization
- Conventional non-virtualized operating systems use page tables to map virtual addresses to physical addresses with page granularity. A virtual page number (VPN) is mapped to a physical page number (PPN), and VPN-to-PPN translations are cached by a hardware translation lookaside buffer (TLB.)
- The classical virtual machine monitor (VMM) provides each virtual machine (VM) with the “illusion” of being a dedicated physical machine that is fully protected and isolated from other virtual machines. To support this illusion, physical memory is virtualized by adding an extra level of address translation. The terms “machine address” and “machine page number” (MPN) are herein used to refer to actual hardware memory. In contrast, “physical” memory is a software abstraction that presents the illusion of hardware memory to a VM. Address translation performed by a guest operating system in a VM maps a guest virtual page number (GVPN) to a guest physical page number (GPPN). The VMM maintains a pmap data structure for each VM to store GPPN-to-MPN translations. The VMM also typically manages separate shadow page tables, which contain GVPN-to-MPN mappings, and keeps them consistent with the GVPN-to-GPPN mappings managed by the guest OS. As the hardware TLB caches direct GVPN-to-MPN mappings, ordinary memory references execute without incurring virtualization overhead. It should be noted that the
memory 118X (FIG. 3 ) and thememory 118Y (FIG. 4 ) can also be referred to as “machine” memory. Where necessary, “machine” is used when needed to avoid confusion between “guest physical” and “physical,” as used in a virtual environment. - Referring now to
FIG. 5 , some of the functional units involved in the address mapping process described above will be described. The virtual computer system shown inFIG. 5 is a more abstract depiction that can represent either ofcomputer systems FIGS. 3 , 4, respectively.System hardware 100C includes anMMU 116C, which further includes aTLB 117C. It should be noted that elements with reference labels similar to those shown inFIGS. 3 and 4 have similar, if not the same, functionality. -
Virtualization software 200B executes on thesystem hardware 100C, and may be substantially the same as thevirtualization software 200X ofFIG. 3 or thevirtualization software 200Y ofFIG. 4 . Thevirtualization software 200B includes amemory manager 256B, part of the VMM (not shown), which further includes anaddress mapping module 220B and a set of shadow page tables 222B. - The
virtualization software 200B supports aVM 300C that includesvirtual system hardware 310C, which further includes anMMU 316C, which may further include a virtual TLB (VTLB) 317C, although theMMU 316C may also be implemented without a virtual TLB. TheVM 300C also includes aguest OS 20D and a set of one or more applications 40G. Theguest OS 20D includes a set of guest OS page tables 22D. - The
guest OS 20D generates the guest OS page tables 22D that map the guest software virtual address space to what the guest OS perceives to be the machine address space. In other words, theguest OS 20D maps GVPNs to GPPNs. Suppose, for example, that a guest application 40G attempts to access a memory location having a first GVPN, and that the guest OS has specified in the guest OS page tables that the first GVPN is backed by what it believes to be a machine memory page having a first GPPN. - The
address mapping module 220B keeps track of mappings between the GPPNs of theguest OS 20D and the “real” machine memory pages of the machine memory within thesystem hardware 100C. Thus, theaddress mapping module 220B maps GPPNs from theguest OS 20D to corresponding MPNs in the machine memory. Continuing the above example, the address mapping module translates the first GPPN into a corresponding first MPN. - The
memory manager 256B creates a set of shadow page tables 222B that are used by theMMU 116C. The shadow page tables 222B include a number of shadow page table entries (PTEs) that generally correspond to the PTEs in the guest OS page tables 22D, but the shadow PTEs map guest software virtual addresses to corresponding machine addresses in the actual machine memory, instead of to the physical addresses specified by theguest OS 20D. In other words, while the guest OS page tables 22D provide mappings from GVPNs to GPPNs, the shadow PTEs in the shadow page tables 222B provide mappings from GVPNs to corresponding MPNs. Thus, continuing the above example, instead of containing a mapping from the first GVPN to the first GPPN, the shadow page tables 222B would contain a shadow PTE that maps the first GVPN to the first MPN. When the guest application attempts to access a memory location having the first GVPN, theMMU 116C loads the mapping from the first GVPN to the first MPN in the shadow page tables 222B into thephysical TLB 117C, if the mapping is not already there. This mapping from theTLB 117C is then used to access the corresponding memory location in the machine memory page having the first MPN. - Embodiments of the present invention use cloaking to protect unmodified legacy applications running on unmodified commodity operating systems. Cloaking is a low-level primitive that operates on basic memory pages. Nearly all higher-level application resources, including code, data, files, and even Inter-Process Communication (IPC) streams, however, are already managed as memory-mapped objects by modern operating systems, or can be adapted as such. As a result, cloaking is sufficiently general to protect all of an application's major resources.
- To implement cloaking some modifications to the normal execution environment are provided.
- As will be described below in more detail, embodiments of the present invention introduce, at load time, a shim program into the address space of each cloaked application, mediating all communication with the OS. With assistance from the VMM, the shim interposes on events such as system calls and signal delivery, modifying their semantics to enable safe resource sharing between a cloaked application and an untrusted OS. In addition, the shim manages a mapping of guest virtual addresses to “physical resources,” i.e., allocated memory that can be either file-backed or not.
- An overview of the architecture of embodiments of the present invention is presented in
FIG. 6 . For ease of explanation, asingle VM 300 is depicted, consisting of aguest OS 20 together withmultiple applications 40, one of which is acloaked application 40C. AVMM 250 effectuates acloaking virtualization barrier 280C between thecloaked application 40C and theguest OS 20, similar to thebarrier 280 theVMM 250 enforces between theguest OS 20 andhost hardware 100. A cloakedshim program 600 is provided into the address space of the cloakedapplication 40C. The cloakedshim 600 cooperates with theVMM 250 to interpose on all control flow between thecloaked application 40C and theguest OS 20. Additionally, an uncloakedshim 610 is provided and includesbuffer space 612 to provide a neutral area for theguest OS 20 and cloakedapplication 40C to exchange uncloaked data, as will be explained in more detail below. - Multi-Shadowing
- As discussed above, existing virtualization systems present a single view of guest “physical” memory, generally faithfully emulating the properties of real hardware. One-to-one GPPN-to-MPN mappings are typically employed, backing each guest physical page with a distinct machine page. Some systems implement many-to-one mappings to support shared memory, e.g., transparent page sharing maps multiple GPPNs, using copy-on-write, to a single MPN. However, existing virtualization systems do not provide flexible support for mapping a single GPPN to multiple MPNs.
- Multi-shadowing, in accordance with embodiments of the present invention, is a mechanism that supports context-dependent, one-to-many GPPN-to-MPN mappings. Conceptually, multiple shadow page tables are used to provide different views of guest physical memory to different shadow contexts. The “context” that determines which view (shadow page table) to use for a particular memory access can be defined in terms of any state accessible to the VMM, such as the current protection ring, page table, instruction pointer, contents of a register, contents of a memory location, or some other criteria.
FIG. 7 shows multiple physicaladdress mapping modules FIG. 7 , a multi-shadowaddress mapping module 500 would have multiple entries having acontext portion 502 identifying CONTEXT1 and multiple mapping portions 504-1, 504-2, 504-3. In the example shown inFIG. 7 , a first guest physical page (GPPN1) is mapped to a first machine page MPN1 for CONTEXT1 but is mapped to a different machine page MPN4 for CONTEXT2 as shown in multi-shadowaddress mapping module 500′. Similarly, in a first multi-shadow page table (not shown) for CONTEXT1, corresponding to theaddress mapping module 500, the GVPN that maps to GPPN1 would be mapped to MPN1, and, in a second multi-shadow page table (not shown) for CONTEXT2, corresponding to theaddress mapping module 500′, the GVPN that maps to GPPN1 would be mapped to MPN4. In an x86 architecture, an MMU walks page tables in hardware, therefore multiple separate page tables—generally one for each context—are implemented. - Traditional operating systems and processor architectures implement hierarchical protection domains, such as protection rings. Multi-shadowing offers an additional dimension of protection orthogonal to existing hierarchies, enabling a wide range of unconventional protection policies.
- As will be described in more detail below, embodiments of the present invention allow a guest OS to perform the tasks of application memory management, without allowing the guest OS to observe the actual memory contents.
- Multi-shadowing ensures that the guest OS or other processes cannot view cloaked code and data in plaintext. To allow the guest kernel to easily manage the underlying memory resources, coordination is provided when, for instance, the kernel needs to swap out memory occupied by the cloaked data to disk, as well as for other operations related to cloaked memory and files. Advantageously, some embodiments of the present invention do not rely on the guest kernel using virtual DMA or other mechanisms that can be tracked by the VMM to perform swap and file I/O operations. If the kernel did not use DMA to implement these operations, without the advantages of some embodiments of the present invention, it would be difficult and expensive to track cloaked data using existing hardware and software techniques.
- It has been recognized that encryption alone does not prevent the guest kernel from modifying cloaked page contents. Accordingly, some embodiments of the present invention include integrity verification, as described below. The kernel can corrupt application memory by modifying random bits of any cloaked memory page, and any such corrupted data may be detected before the application attempts to use it. Without integrity verification, an application could behave unexpectedly if using changed data, possibly leading to compromises that exploit such unexpected execution of the program to leak cloaked data.
- Memory Cloaking
- Cloaking combines multi-shadowing with encryption, presenting different views of memory—plaintext and encrypted—to different guest contexts.
- Some embodiments of the present invention that implement virtualization-based cloaking do not require any changes to the processor architecture, OS, or applications. Cloaking based on multi-shadowing represents a relatively small change to the core MMU functionality already implemented by a VMM. As an overview, cloaking will be described using a high-level model. Metadata management and integration with existing systems are presented below.
- Single Page, Encrypted/Unencrypted Views
- In accordance with the teachings of some embodiments of the present invention, each GPPN uses only a single MPN, and dynamically encrypts and decrypts its contents depending on the context currently accessing the page. This works well because few pages are accessed simultaneously by both the application and the kernel in practice. As an alternate embodiment, two read-only copies of the page could be maintained, one encrypted, and one plaintext, for pages that are read concurrently from both contexts.
- When a cloaked page is accessed from outside the shadow context to which it belongs, the VMM first encrypts the page, using a fresh, randomly-generated initialization vector (IV), then takes a secure hash (H) of this ciphertext. An initialization vector is commonly used in cryptography so that two chunks of data, e.g., two pages with the same contents, do not each encrypt to the same ciphertext. As an example, if two identical pages are encrypted, and an IV is not used—then each will encrypt to the same ciphertext, and an attacker will know that the two encrypted pages have the same contents. This information can be used to mount a “known plaintext” attack. Using a randomly-generated IV, the IV is appended to (or XOR'd with, or combined in some way with) the plaintext before it is encrypted. As identical pages will have different IVs, each will encrypt to a different ciphertext, assuming that the same encryption key is used.
- The pair (IV, H) is stored securely for future use. During decryption, the correct hash is first verified. If verification fails, the application may be terminated. If it succeeds, the cloaked page is decrypted, and execution proceeds as normal. By checking the hash before decryption, any attempts to corrupt cloaked pages will be detected.
- In general, referring now to
FIGS. 8A and 8B , amethod 400 in accordance with one embodiment of the present invention is presented. Initially, atstep 402, a request for access to a cloaked page (CP) is received, e.g., through an attempted memory access. Subsequently,step 403, it is determined if the CP is plaintext or encrypted. If plaintext, control passes to step 404, where it is determined whether or not the requester belongs to the shadow context for the CP. If the requester does belong to the shadow context, control passes to step 406 where the CP is mapped into the requester's shadow mapping. If, on the other hand, the requester is not a member of the shadow context for the requested CP, control passes to step 405 where the page is unmapped from the application shadow. An initialization vector (IV) is randomly generated,step 408, and the CP is encrypted using the IV,step 410, to create a ciphertext. A hash value (H) is generated for this ciphertext,step 412. The (IV, H) pair is securely stored to correspond with the CP,step 414. Instep 416, the ciphertext is mapped into the requester's shadow mapping. - Returning to step 403, if CP is encrypted, control passes to step 418 where it is determined whether or not the requester belongs to the shadow context for the CP. If the requester does not belong to the shadow context, control passes to step 420 where the CP is mapped into the requester's shadow mapping.
- If the requester is a member of the shadow context for the requested CP, control passes to step 422 where the (IV, H) pair corresponding to the CP is retrieved. A new hash (NH) value is calculated for the CP,
step 424, and compared to the hash H in the retrieved (IV, H) pair,step 426. If NH is not the same as H, control passes to step 428 where a fault condition is asserted. If NH is the same as H, then CP is decrypted using IV,step 430, and decrypted CP is mapped into the requestor's shadow mapping,step 432. - In one embodiment of the present invention a single secret key KVMM managed by the VMM is used to encrypt all pages, as will be described below in more detail. In one embodiment, the encryption uses AES-128 (Advanced Encryption Standard) in CBC (Cipher-Block Chaining) mode, and hashing uses SHA-256 (Secure Hash Algorithm); both are standard constructions. Of course, one of ordinary skill in the art will understand that a mode using multiple keys could be supported.
- An alternate embodiment of the present invention implements an integrity-only mode of operation. In this embodiment, the concern is not about the privacy of the data, so the application data is in plaintext, i.e., not encrypted. As a result, the IV, which is used for encryption/decryption, as above, is not needed.
- In “integrity only” mode, the focus is on only detecting tampering, and thus should need only the secure hash. As an alternative implementation to a secure hash H, other cryptographic authentication methods could be used, e.g., a message authentication code (MAC), as known to those of skill in the art. In any case, a secure hash H or MAC is used to protect the integrity of encrypted page contents; if a cloaked page is corrupted, its MAC will change, therefore allowing the modification to be detected.
- Basic Cloaking Protocol
- Consider a single guest “physical” page (GPPN). At any point in time, the page is mapped into only one shadow page table—either a protected application shadow used by a cloaked user-space process, or the system shadow used for all other accesses. When the page is mapped into the application shadow, its contents are ordinary plaintext, and application reads and writes proceed normally.
-
FIG. 9 presents a state transition diagram 450 for managing, i.e., maintaining, the secrecy and integrity of a single cloaked page. Of course one of ordinary skill in the art would understand how to apply this to multiple cloaked pages. Application reads RA and writes WA manipulate plaintext page contents while kernel reads RK and writes WK use an encrypted version of the page. The secure hash H is computed and stored immediately after page encryption and verified immediately prior to page decryption. - When the cloaked page is accessed (RK, WK) via the
system shadow transition 1, the VMM unmaps the page from the application shadow, encrypts the page, generates an integrity hash, and maps the page into the system shadow. The kernel may then read the encrypted contents, e.g., to swap the page to disk, and may also overwrite its contents, e.g., to swap in a previously-encrypted page. - When the encrypted page is subsequently accessed (RA WA) via the application shadow transitions 2 or 3, the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page into the application shadow. For an application read RA transition 3, the page is mapped read-only and its (IV, H) pair is retained. If the page is later written WA by the application,
transition 4, the (IV, H) pair is discarded, and the page becomes readable and writable. If the page is instead accessed (RK, WK) by the kernel,transition 5, the VMM proceeds as intransition 1, except that the hash H for the (unmodified) page is not recomputed. Returning totransition 2, for an application write WA, the (IV, H) pair is discarded as intransition 4, and the page remains readable and writable. - The read-only plaintext state, where the (IV, H) pair is retained, is generally required to correctly handle the case where the kernel legitimately caches a copy of the encrypted page contents. For example, consider the case where the kernel swaps a cloaked page to disk, which is later paged in due to an application read, and then swapped out again before the application modifies it. The kernel can optimize the second page-out by noticing that the page is not dirty, and simply unmap the page without reading it because the on-disk swapped copy would still be valid. If the (IV, H) pair has been discarded, it would not be possible to decrypt the page after it is swapped back in.
- Cloaking is compatible with copy-on-write (COW) sharing of identical pages, i.e., those with identical contents, such as described in U.S. Pat. No. 6,789,156 to Waldspurger, “Content-Based, Transparent Sharing of Memory Units” (“the '156 patent”). At the VMM level, a plaintext MPN can be shared transparently between VMs or within a single VM. Plaintext pages can be shared transparently, and page encryption is handled like a COW fault. When a cloaked GPPN transitions to an encrypted state, it is treated like a COW fault, and a private MPN is allocated to store the encrypted version of the GPPN.
- Virtual DMA
- Cloaking is also compatible with virtual devices that access guest memory using DMA. For example, suppose the guest kernel performs disk I/O on a cloaked memory page via a virtual SCSI adapter. For a disk read, the cloaked page contents are already encrypted on disk, and the VMM simply permits the kernel to issue a DMA request to read the page.
- For a disk write, the action taken by the VMM depends on the current state of the cloaked page. If the page is already encrypted, the VMM allows the DMA to be performed directly. When the page is in the plaintext read-only state, the VMM first encrypts the page contents with its existing (IV, H) into a separate page that is used for the DMA operation. Similarly, if the page is in the plaintext read-write state, the VMM encrypts its contents into a separate page used for the DMA operation. The cloaked page then transitions to the read-only plaintext state, and is associated with the newly generated (IV, H). Note that in both plaintext states, the original guest page is still accessible in plaintext form to the application because a transient encrypted copy is used during the actual DMA.
- Managing Protection Metadata
- Embodiments of the present invention introduce OS-neutral abstractions for cloaking both persistent and non-persistent resources, such as files and private memory regions. In other words, memory mapped data, for both file-backed and “anonymous” memory regions, must be managed. For each resource, protection metadata, such as (IV, H) pairs, must be managed to enforce privacy and integrity, ordering, and freshness (to prevent rollback). This management is provided, in embodiments of the present invention, by several parts of the described system: the VMM manages the protection metadata in memory and uses it to encrypt/decrypt and check the integrity and ordering of protected data; the cloaked shim manages a mapping of “physical resources,” i.e., allocated memory (either file-backed or not) virtual addresses within a given application address space, thus permitting a mapping between (IV, H/MAC) pairs and physical pages to be established for use by the VMM. An unprotected guest OS updates the cryptographic metadata for protected files as protected data and protection metadata are both stored in the guest OS. The unprotected guest OS is only involved in persisting metadata, e.g., storing protection metadata for on-disk file and an associated on-disk metadata file.
- An overview of the components involved in metadata protection is presented in
FIG. 10 . The description to follow begins by examining how metadata is stored, how protected objects are mapped to metadata, and then describes how the metadata is used to enforce protection. - Protected Resources
- Each cloaked resource, such as a file or an anonymous memory region, is associated with a unique 64-bit resource identifier (RID) in one embodiment of the present invention. Each RID has a corresponding resource metadata (RMD) object that stores metadata needed to decrypt, check integrity, and preserve ordering. In one embodiment of the present invention, an RMD object is an ordered set of (IV, H) pairs, one per encrypted page, addressed by a 32-bit resource page number (RPN).
- An RMD object is an abstraction that serves as a container for the protection metadata where each resource has a corresponding metadata object. An RMD object is a logically contiguous addressable object that may be created, truncated, extended or deallocated.
- An RMD is applied to different types of resources: files; and anonymous memory regions. In one embodiment of a file-backed RMD, the RID may be a large integer that uniquely identifies the resource, for example, an integer corresponding to the <device_id, inode> of a file in the file system. In one embodiment, this is a 64-bit value consisting of 32 bits for the inode and 32 bits for the device_id. On a local filesystem, it is expected that this is sufficient to allow the RID to uniquely identify the file with which it is associated, even in light of renaming, etc.
- As set forth above, for one embodiment, the RID for a file is constructed from its device and inode numbers. There is, however, no protection for file system metadata; consequently, a malicious OS could swap inputs on an application. In order to provide security for this file system metadata, a secure namespace can be provided associating pathnames with (RID, MAC) pairs. This could be implemented by employing a protected daemon or shared file, which would be updated on file operations such as rename, create, and unlink.
- When a resource is mapped into memory, its RMD object is loaded into a metadata cache (MDC) 470 in the VMM. A
single MDC 470 caches metadata for all cloaked resources mapped by the guest. This design ensures metadata consistency for shared objects, such as files and shared memory regions. - The MDC is composed of a collection of all RMDs in use by all address spaces in the system and the MDC can be seen as a collection of objects indexed by RID.
- In one embodiment of the present invention, an entry has the form:
- [RID−>(meta_data, dirty_bit, ref-count), RID−>(..),....)]
- where the dirty_bit indicates if metadata has been modified, and must be written out upon eviction from the cache;
- where ref-count indicates a number of applications using this resource (it is noted that each application should not indicate more than once that it is using a resource;) and
- where meta_data is a set of (IV, H/MAC) tuples.
- In one embodiment of the present invention, an RMD object is implemented using a per-RID data structure, which may be referred to as a metadata translation table, and which supports a sparse resource address space. A three-level data structure similar to a page table is indexed by offset (in units of 4K pages).
- It can be seen that this three-level data structure implementation supports a large amount of cloaked file contents. For example, if each <IV, H/MAC> tuple consumes 256 bits (32 bytes), then a single 4K leaf page can store 128 tuples. A single 4K directory page can store pointers (MPNs) for 1 K leaf pages. A top-level array of root pages is then used to index into the directory pages. Each root page can store pointers (MPNs) for 1 K directory pages, covering up to 128M tuples, enough for 512 GB of cloaked file contents.
- Protected Address Spaces
- In the x86 architecture, hardware faults and interrupts are generally delivered through an interrupt descriptor table (IDT). The OS kernel typically registers a routine for each fault/interrupt type, which is invoked in kernel-mode when the corresponding fault/interrupt occurs. Traditional hardware delivers hardware interrupts and faults to a kernel-mode handler. Typically, user-mode programs must specify handlers for resolving user-level exceptions through a “signal” delivery interface defined and mediated by the OS. Thus, in the x86 architecture, there is no mechanism to invoke a user-mode application handler from the existing hardware directly, without going through the OS (or guest OS) kernel.
- In embodiments of the present invention, the VMM uses cached virtual-address mapping information for a cloaked user-mode process or application to resolve shadow page table page faults and perform corresponding encryption and decryption operations while running the application process in cloaked mode. This VMM-managed software cache is referred to as a “metadata lookaside buffer” (MLB), analogous to the hardware TLB in modern processors, and will be described below in more detail.
- In embodiments of the present invention, the content of the cloaked virtual memory of a cloaked process is protected by the VMM using protection metadata and associated metadata translations. This data needs to be available to the VMM any time the VM is executing in cloaked mode. For example, when a cloaked process touches a page that was not mapped in the shadow page table, the VMM needs to determine whether the page is cloaked, and if it is cloaked, which protection metadata (e.g., IV and Hash/MAC) the VMM should use to decrypt and verify the integrity of the page. The VMM can access the metadata translation table and then look up the corresponding <IV, H/MAC> from the metadata cache, as described below.
- The protection metadata cache in the VMM holds all metadata used by a running cloaked process, and is thus directly accessible by the VMM. However, the metadata translation table is not directly accessible by the VMM. Instead, the VMM caches a subset of the metadata translations in the Metadata Lookaside Buffer MLB. When new entries are inserted into the MLB table in the user-mode shim, the VMM need not be notified. Only when an entry is needed by the VMM, the VMM makes an “MLB upcall” through the user-level exception mechanism to invoke a handler in the shim.
- When the VMM misses in the MLB, however, it needs to invoke a user-mode “MLB miss handler” in the cloaked process to resolve the miss. As above, with the constraints of the x86 architecture, existing hardware cannot invoke a user-mode handler without the OS kernel.
- Embodiments of the present invention provide a control-transfer mechanism to perform an “upcall” from the VMM directly to a guest user-mode handler, without involving the guest OS kernel. As will be described in more detail below, when the VMM experiences an MLB miss, the VMM saves the faulting context and switches contexts to run the shim's MLB miss handler in guest user-mode. Upon completing the handler, the shim returns to the previously-faulted context and continues execution. As a result, such faults/upcalls are “invisible” to the OS kernel in that the data or information is never available to the guest OS in cleartext. All other architecturally-defined hardware faults or interrupts can be delivered to and processed by the guest kernel independently.
- Access control and sharing for cloaked resources are determined by a unique security identifier (SID) that identifies a protection domain or execution context. In one implementation of the present invention, a SID is associated with an application instance, which may contain multiple processes. Processes with the same SID have common access to cloaked resources. The address space for a cloaked process is identified by a unique address space identifier (ASID) 472, as shown in
FIG. 10 , that defines its shadow context. Portions of multiple cloaked resources are typically mapped into the guest virtual address space associated with a given ASID. - The VMM maintains a per-ASID cache of resource mappings in its virtual address space, i.e., the metadata
lookaside buffer MLB 474. TheMLB 474 is used to map a virtual address to a resource. An MLB entry has the form (start, end)→(RID, RPN), where start and end denote the virtual address range into which the resource is mapped, RID denotes the resource being mapped, and RPN denotes the first RPN in the mapping. For example, if file “foo.txt” has RID 4, and its third page (starting from 0) is mapped into the first GVPN in the virtual address space, this would be modeled as (0, 4096)→(4, 2). - A
shim program 476 is responsible for keeping a complete list of resource mappings for both cloaked and uncloaked memory and updating theMLB 474 whenever there is a change. Theshim 476 resides in the same guest virtual address space, and interposes on all calls that modify it, such as mmap, munmap, and mremap in Linux. Advantageously, by implementing these functions in the user-mode shim 476, the VMM implementation is OS-neutral. - On an MLB miss, the VMM performs an upcall into the shim to obtain the required mapping, and installs it in the
MLB 474, illustrated by the miss action inFIG. 10 . The mappings for theshim 476 itself are pinned in theMLB 474, preventing recursion. Note that if the MLB has an incorrect mapping, it generally fails-closed. If theMLB 474 maps the wrong range of memory for a RID, or if theMLB 474 maps an uncloaked range as cloaked, then encryption or decryption will fail, or the application will end up accessing ciphertext, also causing it to fail. It is believed that failing closed is a better result than continuing operation on what might be faulty data. - In more detail, referring also to
FIG. 6 , the VMM first pushes the registers of the running cloaked process onto the top of anupcall register stack 604 in a cloaked thread context (CTC) 602 and then changes the guest VM's Instruction Pointer (IP), stack pointer (SP) and othergeneral registers 606 with proper arguments to run the “MLB upcall”. The “MLB upcall” handler installs the entry requested by the VMM through hypercalls and then issues a “return-from-upcall” hypercall to return to the VMM. The VMM then pops the registers from theupcall register stack 604 and resumes cloaked application execution. Note that recursive upcalls can be supported up to the memory limit of the “upcall register stack” in the CTC. - While the user-mode “MLB upcall” handler executes, it may still trap into the guest kernel through guest page faults, system calls and guest hardware interrupts. From the perspective of the guest kernel, it cannot observe that the upcall handler is being executed. In fact, the guest kernel cannot observe any code executed in cloaked mode. From the perspective of the application, it would not detect that the handler has been executed either. This is because the execution of the handler is atomic with respect to user-mode application code execution. This is achieved by delaying all signals delivered to the application thread from the guest kernel until the upcall returns and the application code is resumed. The MLB handler would not touch the memory (including shim's and app's) that would cause the same upcall to be delivered as it would result in an infinite number of upcall deliveries. In this context, the MLB handler would only touch those memory whose VPN−>RPN pairs are “pinned” in the VMM's MLB to avoid another upcall to the MLB handler.
- In another illustrating example, the application makes a system call that requires argument marshalling by the shim. If some arguments of the system call are pointers to invalid addresses, the kernel typically returns an error code instead of delivering a signal SIGSEGV. To correctly produce the same behavior, the shim needs to touch the invalid guest virtual address to know whether the address is really valid. If the address is truly invalid, the OS would nevertheless deliver SIGSEGV. However, the shim would capture it and rollback any side effect caused by the shim's system call marshalling and deliver the correct syscall error code to the application.
- The “VMM to guest user-mode” upcall mechanism can also be applied to use cases outside the scope of protection of cloaked application data as provided by embodiments of the present invention described herein. For example, traditionally a divide-by-zero exception caused by an application is delivered to the kernel. The kernel then delivers a signal to a user-mode handler in the application. With the above-described user-mode upcall mechanism, the CPU can directly invoke the user-mode handler for divide-by-zero. As another example, an application that attempts to dereference a NULL pointer typically results in a page fault generated by the hardware MMU and handled by the OS kernel, which in turn generally delivers a signal to a user-level handler in the application. In a virtualized system, the user-mode handler can be directly invoked, without guest OS involvement. User-mode programs could make use of this feature to implement new programming algorithms.
- Other VMM-mediated upcall variants are also possible. For example, in another embodiment of the present invention another upcall mechanism is used to transfer control to the shim when a cloaked application makes a system call. The system call is intercepted by the VMM and execution control is transferred to a user-mode handler routine registered by the shim. As a result, the system calls made by the application may be transparent to the guest kernel. This control transfer is also completely transparent to the application, as the application does not need to know that the system call has been intercepted by the shim. This allows the application to run under protection of embodiments of the present invention without being modified or recompiled.
- In embodiments of the present invention, the ability to redirect a trap to guest user-mode code allows for the redirection of system calls to handlers in the shim without dynamic VMM intervention.
- Page Decryption
- When a process accesses a cloaked page in its shadow context, its ASID and GVPN are known. If the page is unencrypted, then the memory access proceeds normally, without any VMM intervention.
- If the page is encrypted, the access will fault into the VMM because the GVPN is not mapped into the shadow for that ASID. The VMM looks up the faulting address in the
MLB 474, and uses the resulting (RID, RPN) pair to index into theMDC 470 and fetch the (IV, H) pair needed to decrypt and integrity check the page contents, as represented by the find operation inFIG. 10 . The hash, check, and decrypt steps are performed using the protocol described previously. If the decryption succeeds, (RID, RPN) pair is invalidated in theMDC 470. The page is then “zapped,” i.e., removed from all shadows, and mapped into the current shadow for the respective ASID. The original application access request is then allowed to proceed. - There is, however, one special case. Operating systems commonly zero the contents of a page before mapping it into userspace, and applications depend on this initialization. If an access is made to a GVPN that is not mapped in the current shadow, and the (RID, RPN) pair for that page is not in the
MDC 470, then this is construed to be the first application access to the page, and no decryption is necessary. An embodiment of the present invention checks that the page contents are indeed zero-filled, and assuming this succeeds, the page is simply zapped and then mapped into the current shadow, and the original memory access is allowed to proceed. - Finally, the VMM stores the (RID, RPN) pair used for each decryption with the associated GPPN in the existing VMM pmap structure which stores GPPN-to-MPN translations.
- Page Encryption
- When the guest kernel (or any context that does not match the application SID) accesses a cloaked page, its GPPN is known, but its ASID and GVPN may not be known. The access could originate from any guest context, e.g., during a virtual DMA operation. If the page is already encrypted, then the memory access proceeds normally, without any VMM intervention.
- If the page is unencrypted, the access will fault into the VMM because it is not mapped in the current shadow. If the page is writable, the VMM generates a new random IV; for a read-only page, the existing IV is re-used. The VMM then encrypts the page contents, and computes a secure hash H over the encrypted contents. It stores the resulting (IV, H) pair in the
MDC 470, at the (RID, RPN) pair previously associated with the GPPN in the pmap during its last decryption. The page is then zapped and mapped into the current shadow, and the original kernel access is allowed to proceed. - Cloning Metadata
- The
MDC 470 also provides operations to facilitate support for address space cloning, such as clone or fork operations in Linux. As an example for explanatory purposes only, assume a cloaked process forks a child. Immediately after the fork, the parent and child processes share their private memory regions copy-on-write (COW). In operation, the metadata associated with all unmodified COW pages remains accessible and synchronized between the parent and child. - When the fork occurs, each of the parent's private RMD objects is cloned eagerly for the child, by copying all of its existing metadata entries, and assigning it a new RID. This ensures that metadata for any pages encrypted prior to the fork remain available to the child, even if the parent later modifies them.
- In an exemplary situation, meant to aid in explanation but not limit any claims appended hereto, suppose the parent causes an encryption of a COW-shared page after the fork. A subsequent access by the child would not find the metadata required for decryption. One approach is to forcibly encrypt all pages in the parent during the fork, but this could be inefficient because few private pages remain encrypted in practice, unless the system is swapping heavily. Another option is to store a complete backmap for every GPPN, containing all (ASID, GVPN) pairs that map it, but this would be complex and resource-intensive.
- The solution implemented by one embodiment of the present invention is to mirror the application's process tree in the
MDC 470; each RMD object has pointers to its parent, first child, and next sibling RMD objects, if any. TheMDC 470 also maintains a global 64-bit version number that is incremented on every RMD creation and page decryption. A version is stored with each RMD object and set to the global version when it is created. Similarly, a version is stored along with the (RID, RPN) pair in the pmap for each GPPN and set to the global version each time it is decrypted. When a page is encrypted, the (IV, H) pair is stored at the (RID, RPN) pair associated with the GPPN, and also recursively propagated to any child RMD objects with versions greater than the GPPN's version. Thus, metadata is propagated to all children with pages whose contents existed prior to the fork, as desired. It should be noted that when the parent modifies a COW page, it will be encrypted (and its metadata propagated to the child) prior to the modification because the guest OS must first read the page to make a private copy for the parent during the COW fault. - Persisting Metadata
- Resources are either persistent or non-persistent. When a resource is not in use by any process, its respective RMD object is removed from the cache. RMD objects associated with non-persistent memory regions, e.g., application stack, data, or anonymous shared memory, can be discarded when no longer in use. However, RMD objects associated with persistent content, such as file-backed memory regions, must generally be saved to disk. In some embodiments, persistent RMD objects are stored as metadata files in the guest. Metadata file integrity is protected by a message authentication code (MAC), computed using a key derived from the VMM's secret key KVMM, and stored in the file. One implementation uses HMAC (Hash Message Authentication Code) with SHA-256.
- When a process opens a cloaked file, if there is no existing entry in the
MDC 470 for that file's RID, the shim loads the RMD object from its associated metadata file, as illustrated by the load action inFIG. 10 . Frequently reloading the RMD object or recomputing its MAC might raise efficiency concerns. The efficiency, however, can be optimized by keeping RMD objects cached longer in theMDC 470, instead of evicting them eagerly after they have been committed to disk. Another option would be to store MACs in a Merkle hash tree, allowing for more efficient verification and updates. - As set forth above, each allocated resource has an associated RID that the shim uses to refer to the object. The shim attempts to maintain a one-to-one correspondence between the metadata address space of the resource, by RID/offset, and the in-memory data in an application address space to be able to offer the appropriate virtual to resource address translations for use by the VMM. Advantageously, the shim does not need to track (IV, H/MAC) pairs as it manages a per-application mapping of VPN to RPN.
- To ensure freshness, a 128-bit generation number is also written to the metadata file, and protected by the MAC. The VMM checks this number against a master list of valid generations when the file is loaded. This number is stored in the
MDC 470 as part of the RMD object. Just prior to eviction, it is incremented in both the RMD and master list. The master list is stored in the guest, protected by a MAC and its own counter which is stored outside of the guest by the VMM. - RMD objects are written to metadata files by a
file daemon 478. Thedaemon 478 communicates with the VMM via a hypercall interface, polling for metadata that should be evicted from theMDC 470 and persisted to disk. The daemon extracts the metadata for all of its valid RPNs, obtains their respective MAC as generated by the VMM, commits everything to disk, and finally evicts the RID from theMDC 470; refer to the evict action inFIG. 10 . It should be noted that thedaemon 478 is not trusted and all data it handles is protected cryptographically. Advantageously, if thedaemon 478 were compromised, only system availability would be lost but data privacy and integrity would be maintained. - As above, a main task of the daemon is to provide access to the guest file system by the VMM. Thus, the VMM may update the contents of the protection metadata files. The daemon may periodically poll the VMM to determine if there are any updates that are needed and, if so, the daemon will read a complete metadata file from the VMM and then write the data to the file associated with that RID. In one embodiment of the present invention, the metadata files are updated when metadata has been modified and that file is no longer being used or by virtue of periodic writebacks implemented to improve system consistency.
- Key Management and Access Control
- In accordance with the architecture of embodiments of the present invention, a range of access control policies is supported, as SIDs provide a basic primitive for identifying subjects, and RIDs provide a basic primitive for identifying objects. One implementation may start with a model that assumes mutual trust between all parts of an application and dynamically assigns SIDs at startup.
- In one implementation, all encryption is performed using a single set of encryption and MAC keys. It should be noted that key management and access control in embodiments of the present invention are orthogonal. The VMM arbitrates who is allowed to access what resources, regardless of the key with which it was encrypted. Additional keys could be added to support delegation of administrative tasks, e.g., one key per RID would allow different parties to package its own sets of encrypted files outside of the VM.
- As referenced above, embodiments of the present invention provide several abstractions. First, a way of naming objects, by assigning each cloaked object a unique resource identifier (RID) is provided. Next, a model of where a given protected object is in memory, using a collection of objects referred to as a virtual memory area (VMA) is kept. Finally, a record of what cryptographic metadata is associated with a given object, e.g., the hash H, and IV previously discussed, is kept in an object referred to as a resource metadata (RMD) object.
- Embodiments of the present invention keep an identifier for each protection domain known as a security identifier (SID) and each shadow context, i.e., address space, has a corresponding ASID.
- OS Integration with Cloaking
- The VMM interposes on transitions between the cloaked user-mode application and the guest kernel, using distinct shadow page tables for each. Privilege-mode transitions include asynchronous interrupts, faults, and signals, and system calls issued by the cloaked application. Mediating these interactions in a secure, backwards-compatible manner requires adapting the protocols used to interact with the operating system, as well as some system calls. As above, this is facilitated by the shim program that is loaded into a cloaked application's address space on startup.
- In the description to follow, the shim is described in the context of a Linux implementation. This approach could be applied to other operating systems, e.g., Microsoft Windows, by one of ordinary skill in the art with an understanding of the description herein. While the system call interface varies across kernels, low-level mechanisms for system call vectoring, fault handling, and memory sharing, are tied more closely to the processor architecture than to a particular OS.
- Initially, the basic operation of the shim, how it coordinates with the VMM to manage identity, and its interaction with the kernel and VMM to adapt the application for cloaked execution, will be described. Support for handling faults, interrupts, and system calls is presented in detail below.
- Shim Overview
- The shim is responsible for managing transitions between the cloaked application and the operating system. It uses an explicit hypercall interface for interacting with the VMM, i.e., a secure communication mechanism between the guest and the VMM. This arrangement allows relatively complex operations, such as OS-specific system call proxying, to be located in user-mode shim code, instead of the VMM. It also facilitates extensibility, providing a convenient place to add custom functionality without modifying the VMM.
- Shim Memory
- In memory, referring back to
FIG. 6 , each of the uncloakedshim 610 and the cloakedshim 600 consists of its own distinct code, data and stack space. Each application thread has its own shim instance, and all thread-specific data used by the shim is kept in thread-local storage, preventing conflicts between different instances. - The cloaked
shim 600 is multi-shadowed like the rest of the applications. It is responsible for tasks where trust is required to maintain protection, such as providing well-defined entry and exit points for control transfers, and securely moving data between cloaked and uncloaked memory. As shown inFIG. 6 , the cloakedshim 600 also includes the cloaked threadcontext CTC page 602, which is set aside for theVMM 250 to store sensitive data used for control transfers. TheCTC page 602 includes areas for savingregister contents 604, the table of entry points 606 to shim functions, and a shadow context identity 608 for the shadow context containing theshim 600. - The uncloaked
shim 610, as represented inFIG. 6 , containsbuffer space 612 that provides a neutral area for the kernel and application to exchange uncloaked data.Trampoline code 614 facilitates transitions from the guest OS to cloaked code. Nothing in the uncloakedshim 610 is trusted or necessary for protection. As a worst case result, the application will crash if either the uncloaked shim code or data becomes corrupted and will have to be restarted. - Hypercall Interface
- The VMM exports a small hypercall interface to the cloaked shim. Uncloaked code is allowed to invoke operations to initialize a new cloaked context (used to bootstrap). It can also make calls to enter and resume cloaked execution. As control can be transferred only to a cloaked context, these calls can be initiated safely by untrusted code. Cloaked code can make hypercalls to cloak new memory regions, unseal existing cloaked data, and access other useful interfaces, such as metadata cache operations.
- Loading Cloaked Applications
- To start a cloaked application, a minimal loader program is run with the shim linked into a distinct portion of its address space. The actual loader is part of the shim; before taking steps to load the program, the shim must bootstrap into a cloaked context.
- To create a new shadow context, the shim issues a hypercall with a pointer to itself and protection metadata containing hashes for all pages associated with cloaked code and data as described above. The VMM uses this metadata to verify its integrity, as the cloaked shim will have access to the address space of the cloaked application. Thus, to bootstrap a secure protection domain for the application, the shim must be trusted, i.e., not malicious to the application. The call to create a new context also takes a pointer to a portion of thread-local storage in which the VMM can setup a new CTC. Once this setup is complete, the VMM transfers control to start execution in the cloaked shim.
- The cloaked shim then runs its loading routine, which reads an executable and loadable format (ELF) binary, and maps appropriate sections into memory. When creating anonymous memory regions or memory-mapping protected files, the shim performs hypercalls to cloak their corresponding virtual memory ranges. On a subsequent execve, if the target program is cloaked, the loader program is prepended to the exec call so that the new program will also be cloaked.
- Identity Management
- The VMM needs a reliable procedure for identifying each cloaked process uniquely and precisely in order to locate the resources associated with the process inside the VMM. Such identification is difficult without the assistance or knowledge of the guest OS, even though the VMM can observe all instructions executed and the contents of all guest registers and memory.
- To switch between shadow page tables, the VMM employs a procedure for identifying shadow contexts uniquely. Correct identification requires accounting for the fact that contexts are associated with guest-level process abstractions, and scheduling is controlled by the OS, not the VMM. For example, the guest kernel may switch contexts while handling a fault or system call.
- Known approaches for VMM tracking of guest-level processes, such as monitoring assignments to the current page table root work fairly well, but are not foolproof. Other approaches, such as accessing a guest OS state at fixed kernel addresses, e.g., the Linux current pointer, is a fragile approach, however, as it assumes knowledge of kernel internals and address space layout, which may differ between OS releases. The VMM could store identifying information, e.g., a context identifier, at some user-level fixed virtual address. Unfortunately, this approach is fragile in a situation where the virtual page containing the identifier is not pinned in physical memory as the guest kernel may page it out, and the VMM cannot then page it back in without guest kernel cooperation. Address space layout conflicts and potential aliasing between identifier values and data in uncloaked applications present additional problems. Still further, these approaches cannot be guaranteed to work in the presence of an adversarial OS.
- Embodiments of the present invention use a shim-based technique for managing identity that does not depend on information about kernel internals, and does not require the use of pinned memory. As the shim resides within the application virtual address space, its memory is managed normally by the kernel, and is reclaimed automatically when the application terminates.
- The VMM detects when the execution control transfers from the cloaked process to the guest kernel, and the VMM saves the original instruction pointer IP and other registers in the context structure. Then the VMM changes the IP and registers so that the cloaked process resumes execution from a “self identifying” hypercall. The hypercall then identifies the cloaked process to the VMM and the VMM restores the original IP and other registers.
- The VMM maintains a separate shadow context for each application address space, for which it assigns a unique ASID. Each address space may contain multiple threads, each with its own distinct CTC. When the shim begins execution, it makes a hypercall to initialize its CTC. During this initialization, the VMM writes the ASID and a random value into the CTC, and returns the ASID to the caller. The ASID value is not protected, and can be used by the uncloaked shim. However, since the CTC is cloaked, the random value is protected, and cannot be read by the uncloaked shim.
- Shim hypercalls that transition from uncloaked to cloaked execution are self-identifying. The uncloaked shim passes arguments to the VMM containing its ASID, and the address of its CTC. The hypercall handler verifies that the CTC contains the expected random value, and also that its ASID matches the specified value. Note that the CTC resides in ordinary, unpinned application virtual memory. If the hypercall handler finds that the GVPN for the CTC is not currently mapped, it returns a failure code to the uncloaked shim, which simply touches the page to fault it back into physical memory, and then retries the hypercall.
- Faults and Interrupts
- While a cloaked application is executing, OS intervention is required to service faults or interrupts, such as application page faults and virtual timer interrupts.
FIG. 11 illustrates the flow of control for handling a fault from a cloaked application, involving the application, its associated shim, the guest kernel, and the VMM. The procedure for handling a virtual interrupt is essentially identical. - For purposes of explanation, the fault occurs in
step 1, and control is transferred to the VMM. Instep 2, the VMM saves the contents of all application registers to the CTC in the cloaked shim. The VMM then zeros out the application's general-purpose registers to prevent their contents from being leaked to the OS. Next, the return instruction pointer IP and stack pointer SP registers are modified to point to addresses in the uncloaked shim, setting up a simple trampoline handler to which the kernel will return after servicing the fault. Finally, the VMM transfers control to the kernel. - The kernel handles the fault as usual in
step 3, and then returns to the trampoline handler in the uncloaked shim set up instep 2. Instep 4, this trampoline handler performs a self-identifying hypercall into the VMM to resume cloaked execution. Instep 5, the VMM restores the registers saved instep 2, and returns control to the faulting instruction in the cloaked application. - Note that the active shadow page table is switched when transitioning between uncloaked and cloaked contexts. Two shadow page table switches are used to handle a fault in each of
steps step 2. The second switch, from the kernel shadow to the application shadow, is performed when the VMM transitions back to the cloaked application instep 5. - System Call Redirection
- The VMM does not manage the shim when it is running in the uncloaked mode as the shim does not need to access the resources maintained by the VMM. The VMM treats the shim in the same manner as any other process. In embodiments of the present invention, the CTC prevents the guest kernel from misrepresenting identity. When a process identifies itself, the VMM verifies the identity by comparing the value located in the CTC against the value saved or stored in the VMM for the corresponding process. Once verified, the cloaked application is able to access existing pages mapped by the shadow page table that correspond to the process. In other applications, if the guest kernel is trusted, the CTC is not needed. The identification mechanism, however, can still be used to identify execution in the process.
- Unlike faults and interrupts, which are intended to be transparent to the application, system calls represent an explicit interaction between the cloaked application and the kernel. A system call is issued by the application using the standard OS calling convention.
FIG. 12 depicts the flow of control for handling a system call from a cloaked application, involving the application, its associated shim, the guest kernel, and the VMM. The transitions involved in performing a system call are a superset of the transitions presented for handling a fault as presented inFIG. 11 . - The cloaked application performs a system call,
step 1, and control is transferred to the VMM. The VMM saves,step 2, the contents of all application registers to the CTC in the cloaked shim. The IP is set to an entry point in the cloaked shim corresponding to a system call dispatch handler; similarly, the SP is set to a private stack in the cloaked shim for executing this handler. The VMM then redirects control to the dispatch handler in the cloaked shim. The cloaked dispatch handler performs,step 3, any operations required to proxy the system call on behalf of the application. For some system calls, this may involve marshalling arguments, copying them to a buffer in the uncloaked shim. The dispatch handler then reissues the system call, substituting the marshalled arguments in place of the original application-specified values. As before, the VMM again intercepts the system call. - Continuing, the VMM saves,
step 4, the contents of all application registers in the CTC. Note that the CTC contains two distinct register save areas: one for the application registers saved previously instep 2, and one for the shim registers saved in this step. The VMM then scrubs the contents of any application registers that are not required by the kernel system call interface. The return IP and SP are modified to point to addresses in the uncloaked shim, setting up a simple trampoline handler to which the kernel will return after executing the system call. Finally, the VMM transfers control to the kernel. - The kernel executes the system call as usual in
step 5, and then returns to the trampoline handler in the uncloaked shim set up instep 4. The trampoline handler performs,step 6, a self-identifying hypercall into the VMM to enter cloaked execution. Instep 7, the VMM restores the shim registers saved instep 4, and resumes execution in the cloaked dispatch handler. - The cloaked dispatch handler continues execution,
step 8, performing any operations required to finish proxying the system call. For some calls, this may involve unmarshalling result values, and copying them into cloaked application memory. The dispatch handler then performs a hypercall into the VMM, requesting resumption of the cloaked application. The VMM restores,step 9, the application registers saved instep 2, and returns control to the instruction after the original system call in the application. - As in the case of fault handling, only two transitions require shadow page table switches between uncloaked and cloaked contexts, i.e., during
steps - VMM Access of Guest Virtual Memory
- The VMM can generally access the guest's physical memory without involving either the guest OS or applications. If the VMM needs to access the virtual memory of a user-level process and this virtual memory is not mapped into the physical address space, however, the VMM will not be able to access it. In one embodiment of the present invention, this issue is addressed by providing the hypercall interface with the ability to force the guest OS to page in required virtual memory pages and atomically transition into a mode such that subsequent accesses from the VMM will succeed.
- In an example for purposes of explanation, consider the situation where the hypercall protocol for the user-level code in a VM receives an error indicating that a particular page is not currently mapped in the virtual address of the application. Upon receiving the error, the application may access the virtual address to force it to be paged in by the guest OS and then it can retry the hypercall. Multiple retries of the hypercall are possible if multiple virtual pages are needed to be paged in and the VMM will only process the hypercall if all pages are mapped in the page table. In embodiments of the present invention, the hypercall protocol is only visible to the shim library code, and thus is transparent to the application.
- The traditional system call interface between an application and an OS kernel accepts virtual addresses from the application as arguments, and pages in the application memory if it is not currently backed by machine memory. It would only return an error if the virtual address passed in from the application is not valid.
- In a VMM, the VMM can access a guest virtual address if the virtual address is mapped to a guest physical address as specified in the guest page table or cached in the virtual TLB. If the virtual address is not mapped, it will not have access to it. If the virtual address access by the VMM is for emulating a guest instruction, it would generate a virtual hardware fault and transition the guest execution to the fault handler.
- In embodiments of the present invention, the shim application communicates with the VMM through this hypercall interface. Some hypercalls pass in memory buffer arguments to the VMM, with the intent that the VMM will read from the specified memory buffer, and/or write to it. The hypercall that launches the cloaked mode always passes in the CTC as an argument, therefore, as long as the application is executing in the cloaked mode, the CTC is always accessible by the VMM so that the VMM can write the VCPU context to the CTC when a virtual interrupt or fault occurs.
- Referring now to the flowchart of
FIG. 13 , one embodiment of the present invention provides a method for assuring that a memory buffer needed by a guest application is currently mapped. In this method, when a hypercall is invoked (step 550) by the application, the VMM handles the hypercall by intercepting (step 552) the hypercall instruction and examining (step 554) the VCPU registers to determine the hypercall command and arguments. If (step 556) one or more of the arguments is a virtual address indicating a location of the memory buffer, the VMM checks (step 558) whether or not the memory buffer is mapped in the guest page table. Here, an argument may be a pointer, i.e., a virtual address, to a parameter in memory, not necessarily a specific memory buffer, and the VMM reads the contents of that parameter in memory. Further, the VMM knows which arguments are pointers based on the hypercall command, i.e., the VMM does not depend on the particular value that is passed. There are several possible ways of checking this, for example, the VMM may walk the guest's page table to determine whether an application virtual address is mapped into guest physical memory. With hardware support for nested page tables (NPT), e.g., AMD “NPT” (as known as RVI or Rapid Virtualization Indexing) or Intel “EPT” (Extended Page Tables), the hardware may generate a fault if the guest page table does not have the page mapped. Alternatively, the VMM may try to access the guest virtual address directly using the shadow page table that partially contains guest virtual address mappings to avoid a page walk. In NPT or EPT, such optimization is not possible. - If, at
step 558, the VMM finds that the memory buffer is not currently mapped or it does not have the correct permissions to access the memory, the VMM returns an error and the faulting address (step 560) to the hypercall caller through registers, without actually performing the hypercall. The application receiving the error return value then attempts to access(step 562) the memory, which causes a page fault to be delivered to the guest OS. The guest OS resolves the page fault by paging in the page or changing the permission on the page. For example, if the memory was mapped read-only, such as if the memory is copy-on-write, and the VMM needs to write to it, the application would need to write to the memory buffer so that the guest kernel would make the page writeable. Then the application asserts the hypercall to the VMM again (step 550). - Returning now to step 558, if the memory buffer is mapped into a guest page table then control passes to step 564 where it is determined whether or not there are any unexamined virtual address arguments that remain to be processed. If there are, control passes back to step 554, and if not, then the hypercall is executed,
step 566. - If, at
step 556, an argument is not a virtual address of the memory buffer then control passes to step 564 for processing of the hypercall. - It is possible that a memory buffer may span several pages, or several memory buffers are needed for the hypercall, as passed in arguments either explicitly or pointed to, by elements of data structures in another memory buffer. In such cases, each unmapped page or page without the correct permission would cause the VMM to return an error and the faulting address. After the application resolves all mapping errors, the VMM proceeds to executing the hypercall.
- As an alternate approach, according to one embodiment of the present invention, the application may touch each page of a memory buffer immediately before issuing the hypercall to the VMM. Having the application touch each page prior to the hypercall provides some efficiency because doing so may avoid the need to return an error and retry the hypercall. As a virtual interrupt may occur between any two instructions in user-level, however, there is no guarantee that the memory buffer would still be mapped when the hypercall instruction is executed because the guest OS may have swapped it out before resuming execution of the application. Thus, although unlikely, it is possible that multiple faults may be generated on the same address.
- In embodiments of the present invention, the CTC is accessible by the VMM while the application is running in the cloaked mode. There is a hypercall that transitions from the uncloaked to cloaked mode, and in executing the hypercall, the VMM makes sure that the CTC is mapped in the current page table, and the VMM caches the translation in the virtual TLB. Caching this translation allows the CTC to continue to be accessible to the VMM as long as the application is running under cloaked mode because, for x86-based systems, the guest cannot flush the virtual TLB on the VCPU without executing a privileged instruction on the same VCPU. If this were to happen, the VMM would either intercept the execution of such a privileged instruction or detect the change to the TLB as the result of, e.g., a guest TLB flush or invalidation operation. In either event, the VMM is able to determine whether or not a page is still mapped. On a virtual hardware interrupt or fault, the VMM writes the cloaked register states into the CTC and transitions out of the cloaked mode. As a result, the VMM can have multiple accesses, i.e., continue to access the virtual memory while interleaving with the execution of other guest programs, which may or may not touch the same virtual memory. In other words, other programs may execute and such execution will not prevent the VMM from accessing the virtual memory of the cloaked program.
- In yet another embodiment, rather than the VMM monitoring TLB activities, the VMM could “pin” a page table entry, for example, the CTC, in the VMM for the virtual address it wants to access. This is a further step because the shadow page table is a cache and, therefore, the translation could be lost, i.e., the translation could be evicted from this cache. The loss of the translation could be problematic in a situation where, for example, operation of another VCPU invalidates the underlying page table entry that maps that virtual address.
- Adapting System Calls
- Cloaking necessarily changes the way the OS can manage process memory—it cannot modify it or introduce sharing without application help. It also changes the way the OS transfers control—it can only branch to well-defined entry and exit points within the application. Accommodating these changes requires adapting the semantics of a variety of system calls.
- Pass-Through and Marshalling
- A majority of system calls can be passed through to the OS with no special handling. These include calls with scalar arguments that have no interesting side effects, such as, e.g., getpid, nice, and sync. The shim need not alter arguments to these system calls, so the cloaked shim is bypassed altogether, resulting in control flow as shown in
FIG. 11 . Note that the VMM itself is not aware of system call semantics; during initialization, the shim indicates which system call numbers can be bypassed. - Many other calls have non-scalar arguments that normally require the OS to read or modify data in the cloaked application's address space, for example, path names and “struct sockaddrs.” Such arguments are marshalled into a buffer in the uncloaked shim, and registers are modified so the system call uses this buffer as the new source (or destination) for non-scalar data. After the system call completes, results are copied back into the cloaked application, if necessary.
- More Complex Examples
- Several system calls require changes to resolve incompatibilities between cloaked semantics and normal OS semantics. There are system calls that require non-trivial emulation which, along with thread creation and signal handling, will be described below.
- Emulation
- The semantics of several system calls are emulated. For example, the pipe command normally creates a queue in the kernel for communicating bytes. As this command is not easily protected, it is instead emulated with a queue in cloaked shared memory. To preserve the normal blocking semantics of calls such as read, write, and poll, reads and writes are implemented over the pipe as normal, however, with a modification. For the sender, a write sends zeros instead of actual data. For the receiver, zeros are read, then actual data is copied from the protected queue. Emulation is required to support futex (Linux fast mutex), as the normal OS implementation involves direct modification of process memory.
- For example, sendfile typically takes two descriptors, one for a file, and the other for a socket, and writes the contents of the former to the latter. This, however, will not work if a file is cloaked in accordance with teachings of the present invention. Instead, the cloaked file is read first, then its contents are written to the socket using normal send calls.
- Thread Creation
- Handling the clone and fork system calls is related to how the shim manages resources. A “clone” call begins by allocating thread-local storage for the new thread. Next, the child's cloaked thread context CTC is set up by making a copy of the parent's CTC, and fixing all thread-local pointers for the child. Finally, the IP and SP for entering cloaked mode in the child's CTC are changed, arranging for the child to start executing in a “child_start” function located in the child's shim, which will complete its initialization.
- Normally, the CTC would be modified by the VMM on a switch from cloaked to uncloaked mode. In this case, however, the child's CTC is not currently being used. Thus, on a clone system call, only the parent's CTC is modified. The uncloaked stack that will be used by the cloned thread, when returning from the system call, is set up so that it will start running the new cloaked context. After returning from the system call, the parent thread returns to the original execution context. The child thread begins execution in child_start, as described above.
- Signal Handling
- Normal Unix signal-handling semantics are incompatible with cloaking, as the operating system cannot be allowed to transfer control into an arbitrary section of cloaked code. Keeping portions of the shim non-preemptable also simplifies its implementation.
- When the application registers a signal handler with signal, the shim emulates it, registering the handler in its own table. All actual signal handlers (those registered with the kernel) use a single handler located in the uncloaked shim. This signal handler makes a hypercall to the VMM immediately upon receiving a signal, indicating which shadow context received the signal, the signal that occurred, and any additional signal parameters.
- The VMM examines the cloaked context and checks the signal status to determine in which context the signal occurred: the cloaked shim, uncloaked shim, cloaked application, or other uncloaked code. If the signal occurred when the cloaked application was executing, the VMM transfers control to a well-defined signal entry point in the shim, with relevant signal information. If the signal occurred while the shim was executing, the VMM further checks a flag in the CTC to determine whether to safely rollback execution to the last application system call entry point, or to defer the signal delivery until shim exit, when execution has effectively returned to the application.
- File I/O
- Files used by cloaked applications, i.e., cloaked files, are encrypted from the view of the guest kernel. As a result, therefore, the kernel file cache contains only encrypted blocks from these cloaked files. Read or write operations to a partial file block cannot be performed inside the guest kernel because a partial encrypted block cannot be decrypted with the exception of using a stream cipher. To provide the level of security that is provided by embodiments of the present invention, however, it would be very difficult to use a strong stream cipher.
- Alternatively, an application may access the same file using read and write system calls or through file-backed memory-mapped “mmap regions.” Each mmap region is a contiguous portion of the application's virtual address space created via the mmap system call (in Linux) to map memory for application use. The synchronization between encrypted and decrypted views, however, would be expensive if the kernel implements read and write system calls using its encrypted view and the application accesses the file using virtual memory using its decrypted view.
- Embodiments of the present invention provide operations for securely processing cloaked file I/O operations—including read and write system calls, as well as some inter-process communication (IPC) operations, such as pipes, by emulating the file I/O semantics in the shim layer with memory-mapped regions using the mmap system call.
- Unprotected, i.e., “uncloaked” files, are handled using argument marshalling, while protected files must be adapted to utilize cloaking. Each cloaked file has an associated metadata file, as explained above. On an open call, the shim makes a hypercall to determine if the metadata for its RID is in the VMM's metadata cache MDC. If the metadata is not found, the shim makes a hypercall to allocate an RMD object in the MDC for that RID, reads the entire metadata file and passes its contents to the VMM, which verifies its integrity.
- The shim interposes on all I/O-related system calls. Encrypted file I/O for cloaked applications is implemented in the shim using mmap. For example, read and write system calls are emulated by copying data to/from memory-mapped buffers. File data is mapped using the MMAP_SHARED flag, to ensure that other processes that may open the same file obtain a consistent view. By transforming all file I/O into memory-mapped I/O, file data is decrypted automatically when it is read by a cloaked application, and encrypted automatically when it is flushed to disk by the kernel. For efficiency, the shim maintains a cache of mapped file regions; one implementation of the present invention maps regions using 1 MB chunks to amortize the cost of the underlying mmap and munmap calls.
- Using mmap for file I/O obviates the need to implement any cryptography in the shim and allows keys and metadata to be managed, in one embodiment of the present invention, solely by the VMM. This implementation avoids the need for maintaining consistency between different views of the same file. Further, with mmap encryption and decryption need only be performed when necessary. In one non-limiting example, the application can read portions of a file repeatedly without causing any additional decryptions. This embodiment of the present invention provides an advantage over an implementation based on the read operation, as data would then need to be decrypted each time it was passed to the application. Similarly, for a write operation, data need only be encrypted when the OS actually flushes it to disk.
- It should be noted that even after a cloaked application terminates, some unencrypted file pages may remain in the OS buffer cache, and can be used by other cloaked applications from the same SID.
- In one embodiment of the present invention, a single-page header is prepended to each cloaked file. This header contains the actual file size, which may differ from the current on-disk size due to the 1 MB mapping granularity. Each shim using the file maps its header using a shared mmap, to emulate operations such as fstat and lseek. The shim also tracks operations that create or manipulate file descriptors, such as dup, and maintains a table of all open files, their offsets, and whether they are cloaked. This table is kept in a shared anonymous region to properly track and share descriptors across process forks.
- It should be noted that certain files may require special treatment. For example, applications need a secure source of randomness for cryptographic purposes, which cannot come from the untrusted OS. This is addressed by transforming accesses to /dev/random with hypercalls for secure randomness.
- An implementation of a system in accordance with one or more of the embodiments of the present invention described above supports cloaking for all application memory regions—private and shared, anonymous and file-backed.
- An implementation of an embodiment of the present invention can be based on a version of the VMware VMM for 32-bit x86 processors that uses binary translation for guest kernel code. The modified VMM can be built as a VMware Workstation binary running in a “hosted” configuration on top of an existing Linux host OS. Of course, as multi-shadowed memory cloaking does not depend on specific features of the VMware VMM, embodiments of the present invention as described herein could also be realized in other virtualization platforms as is apparent to those of ordinary skill in the art.
- One of ordinary skill in the art will understand that minor modifications would be necessary to enable hardware-assist for x86 virtualization, such as Intel VT and AMD SVM. For example, system call transitions between guest user-mode and kernel-mode are trapped by a binary-translating VMM, but are not typically trapped by a hardware-assisted VMM. It is envisioned that hardware support for nested page tables will accelerate many of the operations, improving overall performance. Reducing the cost of hardware context switches is also desirable. For some embodiments of the present invention, the ability to redirect a trap to guest user-mode code makes it possible to redirect system calls to handlers in the shim without dynamic VMM intervention.
- Applications
- A variety of applications have been run in a system implementing embodiments of the present invention. Cloaking a standard shell like bash or tcsh provides a convenient way to launch other cloaked applications. Most common commands, e.g., ls, ps, df, rm, have been implemented this way as have more complicated console-based tools like mail and traceroute. Shell scripts using simple tools like sed, awk, and grep have been protected, as have scripts in more complicated languages such as Perl and ruby. A variety of web and mail servers have been run with embodiments of the present invention, including Apache, exim and postfix.
- Embodiments of the present invention are also able to run a variety of small and large applications; from modest programs like xterm and konsole to larger clients such as Konqueror and Firefox.
- Embodiments of the present invention are directed primarily toward software attacks; however, compared to architecture-level approaches, embodiments of the present invention provide substantial flexibility by being software-based and do not require applications and/or the OS to be substantially modified or rewritten. Embodiments of the present invention make integration with unmodified operating systems feasible, and enable sharing between protection domains. Nevertheless, embodiments of the present invention's software mechanisms could be combined with more hardware-centric approaches to provide similar benefits.
- According to embodiments of the present invention as described above, a system cryptographically isolates an application inside a virtual machine from the operating system it is running on, offering another layer of protection for application data, even in the face of total OS compromise.
- This capability is enabled by multi-shadowing, a novel technique for presenting different views of “physical” memory in virtualized systems. This allows memory to be cloaked, so that it appears normal to an application, but encrypted to the operating system. Cloaking supports a separation of responsibilities for isolation and resource management, allowing the use of complex commodity operating systems to manage application virtual memory and other resources, while relying on a simpler hypervisor to ensure data privacy and integrity.
- Design
- Embodiments of the present invention target whole-application protection, and the threats that may be directed toward it.
- Whole-Application Protection
- Embodiments of the present invention implement a system that can be deployed incrementally, and used for diverse applications. Embodiments of the present invention protect entire existing applications in situ in existing commodity operating systems. This approach has several advantages:
- Ease of adoption. Previous work on protecting applications required partitioning an application into protected and unprotected parts—forcing developers to modify their applications or port to a new OS. Further, changes to how software is packaged and used may also be required by previous methods.
- Support for diverse applications. Solutions for providing higher assurance are often restricted to a limited set of applications or data, such as passwords. Sensitive data, however, is remarkably diverse, from databases of credit card numbers, to files containing medical patient information. Sensitive data in real applications frequently does not lend itself to being placed in a separate container, and restructuring applications is often impractical.
- Incremental path to higher assurance. Even after taking the operating system out of the application's trusted computing base, large, complex applications will still have significant assurance concerns. Refactoring applications into more-critical and less-critical pieces running in separate protection domains is ultimately a compelling goal. Embodiments of the present invention provide an incremental path to achieving this, as cloaking can be used for whole application protection as well as fine-grained compartmentalization.
- Threat Model
- Embodiments of the present invention prevent the guest operating system from reading or modifying application code, data and registers. All non-application access to cloaked data, including DMA from virtual I/O devices, only reveals the data in encrypted form. Data secrecy, integrity, ordering and freshness are protected up to the strength of the cryptography used. If the OS or other hostile code tries to modify encrypted data, the application will fail-stop.
- Most applications are not designed with the expectation that the OS is or becomes hostile. Embodiments of the present invention may be used to implement a “trusted path” for user interface devices, as this would provide protection for many applications, including web, email, and VOIP clients. In accordance with teachings of the present invention, user interaction could be protected if the application uses a remote display system that renders to software frame buffers.
- Protecting Device Memory.
- Many I/O devices present a memory mapped interface to software. For some devices, embodiments of the present invention can be employed to protect the contents of “physical” device memory from being inspected or modified by untrusted software. For example, an interactive VM typically provides a virtual high resolution graphics display that uses a memory-mapped frame buffer. A multi-shadowed frame buffer, in accordance with one or more embodiments of the present invention could implement a trusted path, by ensuring that a cloaked application's output remains private. This approach can be used to prevent the OS from observing raw device memory, and to cloak off-screen display images and other memory used by window managers and graphics subsystems.
- Fine-Grained Cloaking.
- Further, in accordance with embodiment s of the present invention. Applications can be modified to apply multi-shadowing selectively, i.e., cloaking only sensitive pages. For example, two shadow contexts could be defined for each application: a protected shadow containing cloaked code and data, and an unprotected shadow for uncloaked code and data. In this model, cloaked memory can be accessed only by cloaked code. A shadow context would then be identified by the virtual address of the current instruction pointer.
- In order to interpose on transitions between these shadow contexts, a VMM can change the execute permission of pages in the shadow page tables (independent of guest PTE permissions). In the unprotected shadow, all protected pages are marked nonexecutable; similarly, in the protected shadow, all unprotected pages are marked non-executable. When the application branches between protected and unprotected code, the resulting permissions based page fault will trap into the VMM, allowing it to switch between shadow page tables.
- Additionally, as provided by embodiments of the present invention, control transfers to and from a cloaked application are only permitted at well-defined entry and exit points through mechanisms such as system calls and signal delivery. Application registers are also protected from the OS, and are securely saved and restored upon entry and exit from an application's execution context. Embodiments of the present invention can also protect information shared between cloaked applications via the file system, shared memory, or other forms of IPC.
- The embodiments of the present invention may be implemented on one or more of the VMM products available from VMware of Palo Alto, Calif. Embodiments of the present invention offer an additional layer of defense-in-depth. Advantageously, as its protection model is orthogonal to that of the guest OS, protected applications require no additional privileges.
- Embodiments of the above-described invention may be implemented in all software, all hardware, or a combination of hardware and software, including program code stored in a firmware format to support dedicated hardware. A software implementation of the above described embodiment(s) may comprise a series of computer instructions either fixed on a tangible medium, such as a computer readable media, e.g. diskette, CD-ROM, ROM, or fixed disk or transmittable to a computer system in a carrier wave, via a modem or other interface device. The medium can be either a tangible medium, including but not limited to optical or analog communications lines, or may be implemented with wireless techniques, including but not limited to radio, microwave, infrared or other transmission techniques. The series of computer instructions whether contained in a tangible medium or a carrier wave embodies all or part of the functionality previously described herein with respect to the invention. Those skilled in the art will appreciate that such computer instructions can be written in a number of programming languages for use with many computer architectures or operating systems and may exist in machine executable format. It is contemplated that such a computer program product may be distributed as a removable media with accompanying printed or electronic documentation, e.g., shrink wrapped software, preloaded with a computer system, e.g., on system ROM or fixed disk, or distributed from a server over a network, e.g., the Internet or World Wide Web.
- Although various exemplary embodiments of the present invention have been disclosed, it will be apparent to those skilled in the art that changes and modifications can be made which will achieve some of the advantages of the invention without departing from the general concepts of the invention. It will be apparent to those reasonably skilled in the art that other components performing the same functions may be suitably substituted. Further, the methods of the invention may be achieved in either all software implementations, using the appropriate processor instructions, or in hybrid implementations that utilize a combination of hardware logic and software logic to achieve the same results.
Claims (66)
1. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM), a method of establishing an identity of a first execution context running in the VM comprising:
providing a shim program in a virtual address space of the first execution context;
the shim program, upon initialization, associating a first page, having a first page address, with the first execution context and passing the first page address to the VMM;
the VMM, upon receipt of the first page address from the shim program, assigning a unique identifier (ASID) for the first execution context, generating a second identifier value and writing the second identifier value and the ASID at the first page address; and
the VMM returning the ASID to the shim program.
2. The method of claim 1 , wherein a plurality of execution contexts are running in the VM, the method further comprising:
the VMM maintaining a separate shadow context for each execution context; and
assigning a unique ASID to each execution context.
3. The method of claim 2 , wherein at least one execution context comprises a plurality of threads, the method further comprising:
associating a distinct page for each thread.
4. The method of claim 1 , wherein the VMM generates a random number for the second identifier value.
5. The method of claim 1 , wherein the VMM writing to the first page address comprises:
the VMM determining if the first page address is mapped in a page table; and
if the VMM determines that the first page address is not mapped in a page table, the VMM returning an error indication to the shim program.
6. The method of claim 5 , further comprising:
the shim program, upon receiving the error indication from the VMM that the first address is not mapped in a page table, accessing the first page address to cause the first page address to be paged back into physical memory.
7. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM), a method of confirming an identity of a first execution context running in the VM comprising:
the VMM receiving first identifying data corresponding to the first execution context;
the VMM retrieving second data as a function of the received first identifying data;
the VMM retrieving third data as a function of the received first identifying data; and
the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
8. The method of claim 7 , further comprising a shim program associated with the first execution context, the method further comprising:
the shim program passing the first identifying data to the VMM.
9. The method of claim 7 , further comprising:
the VMM associating a predetermined page table with the first execution context when the identity of the first execution context is confirmed.
10. The method of claim 7 , further comprising:
the VMM storing the third data with a correspondence to the first execution context.
11. The method of claim 7 , further comprising:
retrieving the second data from an address space corresponding to the first execution context; and
retrieving the third data from an address space corresponding to the VMM.
12. The method of claim 11 , wherein retrieving the second data comprises accessing a page table corresponding to the first execution context.
13. The method of claim 7 , wherein the first identifying data comprises a first identifier value and a first memory address associated with the first execution context, the method further comprising:
the VMM retrieving the second data as a function of the first memory address.
14. The method of claim 13 , further comprising:
the VMM retrieving the third data as a function of the first identifier value.
15. The method of claim 14 , further comprising:
the VMM retrieving the third data from an address space corresponding to the VMM; and
the VMM retrieving the second data from an address space corresponding to the first execution context.
16. The method of claim 14 , wherein the third data comprises an expected context identifier and the second data comprises a stored context identifier, the method further comprising:
the VMM confirming the identity of the first execution context by comparing the expected context identifier to the stored context identifier,
wherein the identity of the first execution context is confirmed when the expected context identifier is the same as the stored context identifier.
17. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein, a method of facilitating a guest operating system (OS) running in the VM to perform at least one function for the first execution context comprising:
the VMM intercepting a first event from the first execution context to the guest OS;
the VMM confirming an identity of the first execution context;
if the identity is confirmed:
the VMM saving a state of the first execution context in a memory space provided for the identified first execution context and passing a second event to the guest OS, the second event being a function of the first event and comprising control return location information;
the guest OS processing the second event and returning control as a function of the control return location information;
the VMM receiving a request to resume the first execution context;
the VMM determining if the request to resume the first execution context is valid; and
if the request to resume is valid, the VMM restoring the saved state of the first execution context; and
the first execution context resuming operation.
18. The method of claim 17 , wherein the first event comprises at least one of:
a virtual hardware interrupt;
a virtual software interrupt;
a virtual hardware fault; and
a control transfer instruction.
19. The method of claim 17 , wherein at least one of: the VMM confirming the identity of the first execution context and determining if the request to resume the first execution context is valid comprises:
the VMM receiving first identifying data corresponding to the first execution context;
the VMM retrieving second data as a function of the received first identifying data;
the VMM retrieving third data as a function of the received first identifying data; and
the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
20. The method of claim 19 , further comprising:
retrieving the second data from an address space corresponding to the first execution context; and
retrieving the third data from an address space corresponding to the VMM.
21. The method of claim 19 , wherein the first identifying data comprises a first identifier value and a first memory address associated with the first execution context, the method further comprising:
the VMM retrieving the second data as a function of the first memory address.
22. The method of claim 21 , further comprising:
the VMM retrieving the third data as a function of the first identifier value.
23. The method of claim 22 , further comprising:
the VMM retrieving the third data from an address space corresponding to the VMM; and
the VMM retrieving the second data from an address space corresponding to the first execution context.
24. The method of claim 17 , wherein the VMM saving a state of the identified first execution context comprises:
saving contents of registers associated with the identified first execution context at predetermined locations associated with the identified first execution context; and
clearing one or more registers associated with the identified first execution context.
25. The method of claim 24 , further comprising:
modifying a return instruction pointer (IP) register and a stack pointer (SP) register and providing the modified IP and SP information to the guest OS as the control return location information.
26. The method of claim 25 , further comprising:
modifying the IP and SP information with values in locations that are not associated with the identified first execution context.
27. The method of claim 24 , further comprising:
modifying one or more registers to identify control return instructions to the guest OS.
28. The method of claim 17 , further comprising:
the VMM providing the guest OS with access to first data associated with the identified first execution context in a format different from a format in which the identified first execution context accesses the first data.
29. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein, a method of facilitating a guest operating system (OS) running in the VM to respond to a first event occurrence issued from the first execution context comprising:
(1) the VMM intercepting the first event occurrence and taking control from the first execution context;
(2) the VMM saving a state of the first execution context in a first memory space provided for the first execution context;
(3) the VMM redirecting control to a dispatch handler program;
(3A) the dispatch handler program creating a second event occurrence as a function of the first event occurrence and issuing the second event occurrence to the guest OS;
(4) the VMM intercepting the second event occurrence, saving a state of the dispatch handler, modifying control return information of the second event occurrence and forwarding the modified second event occurrence to the guest OS;
(5) the guest OS processing the second event occurrence and returning control as a function of the modified control return information;
(6) the VMM restoring the state of the saved dispatch handler and the dispatch handler processing data returned by the guest OS in response to the modified second event occurrence;
(7) the dispatch handler requesting the VMM to resume execution of the first execution context; and
(8) the VMM restoring the state of the first execution context saved in step (2) and returning control to the first execution context.
30. The method of claim 29 , wherein step 2 comprises:
storing contents of one or more registers in an address space associated with the first execution context;
setting an instruction pointer (IP) to an entry point corresponding to the dispatch handler; and
setting a stack pointer to execute the dispatch handler.
31. The method of claim 29 , wherein step 3 comprises at least one of:
marshalling arguments; and
copying the marshalled arguments to a buffer.
32. The method of claim 29 , wherein:
the first memory space in which the VMM saves the state of the first execution context is different from a second memory space in which the VMM saves the state of the dispatch handler.
33. The method of claim 29 , wherein the first event occurrence is one of:
a system call;
a control transfer instruction between an application running in the VM and the guest OS; and
a control transfer between first and second applications running in the VM.
34. A computer program product for use with a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM), the computer program product comprising a computer readable medium having computer readable program code embodied thereon for performing a method of establishing an identity of a first execution context running in the VM, the method comprising:
providing a shim program in a virtual address space of the first execution context;
the shim program, upon initialization, associating a first page, having a first page address, with the first execution context and passing the first page address to the VMM;
the VMM, upon receipt of the first page address from the shim program, assigning a unique identifier (ASID) for the first execution context, generating a second identifier value and writing the second identifier value and the ASID at the first page address; and
the VMM returning the ASID to the shim program.
35. The computer program product of claim 34 , wherein a plurality of execution contexts are running in the VM, the method further comprising:
the VMM maintaining a separate shadow context for each execution context; and
assigning a unique ASID to each execution context.
36. The computer program product of claim 35 , wherein at least one execution context comprises a plurality of threads, the method further comprising:
associating a distinct page for each thread.
37. The computer program product of claim 34 , wherein the VMM generates a random number for the second identifier value.
38. The computer program product of claim 34 , wherein the VMM writing to the first page address comprises:
the VMM determining if the first page address is mapped in a page table; and
if the VMM determines that the first page address is not mapped in a page table, the VMM returning an error indication to the shim program.
39. The computer program product of claim 38 , the method further comprising:
the shim program, upon receiving the error indication from the VMM that the first address is not mapped in a page table, accessing the first page address to cause the first page address to be paged back into physical memory.
40. A computer program product for use with a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM), the computer program product comprising a computer readable medium having computer readable program code embodied thereon for performing a method of confirming an identity of a first execution context running in the VM, the method comprising:
the VMM receiving first identifying data corresponding to the first execution context;
the VMM retrieving second data as a function of the received first identifying data;
the VMM retrieving third data as a function of the received first identifying data; and
the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
41. The computer program product of claim 40 , further comprising a shim program associated with the first execution context, the method further comprising:
the shim program passing the first identifying data to the VMM.
42. The computer program product of claim 40 , the method further comprising:
the VMM associating a predetermined page table with the first execution context when the identity of the first execution context is confirmed.
43. The computer program product of claim 40 , the method further comprising:
the VMM storing the third data with a correspondence to the first execution context.
44. The computer program product of claim 40 , the method further comprising:
retrieving the second data from an address space corresponding to the first execution context; and
retrieving the third data from an address space corresponding to the VMM.
45. The computer program product of claim 44 , wherein retrieving the second data comprises accessing a page table corresponding to the first execution context.
46. The computer program product of claim 40 , wherein the first identifying data comprises a first identifier value and a first memory address associated with the first execution context, the method further comprising:
the VMM retrieving the second data as a function of the first memory address.
47. The computer program product of claim 46 , the method further comprising:
the VMM retrieving the third data as a function of the first identifier value.
48. The computer program product of claim 47 , the method further comprising:
the VMM retrieving the third data from an address space corresponding to the VMM; and
the VMM retrieving the second data from an address space corresponding to the first execution context.
49. The computer program product of claim 47 , wherein the third data comprises an expected context identifier and the second data comprises a stored context identifier, the method further comprising:
the VMM confirming the identity of the first execution context by comparing the expected context identifier to the stored context identifier,
wherein the identity of the first execution context is confirmed when the expected context identifier is the same as the stored context identifier.
50. A computer program product for use with a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein, the computer program product comprising a computer readable medium having computer readable program code embodied thereon for performing a method of facilitating a guest operating system (OS) running in the VM to perform at least one function for the first execution context, the method comprising:
the VMM intercepting a first event from the first execution context to the guest OS;
the VMM confirming an identity of the first execution context;
if the identity is confirmed:
the VMM saving a state of the first execution context in a memory space provided for the identified first execution context and passing a second event to the guest OS, the second event being a function of the first event and comprising control return location information;
the guest OS processing the second event and returning control as a function of the control return location information;
the VMM receiving a request to resume the first execution context;
the VMM determining if the request to resume the first execution context is valid; and
if the request to resume is valid, the VMM restoring the saved state of the first execution context; and
the first execution context resuming operation.
51. The computer program product of claim 50 , wherein the first event comprises at least one of:
a virtual hardware interrupt;
a virtual software interrupt;
a virtual hardware fault; and
a control transfer instruction.
52. The computer program product of claim 50 , wherein at least one of: the VMM confirming the identity of the first execution context and determining if the request to resume the first execution context is valid comprises:
the VMM receiving first identifying data corresponding to the first execution context;
the VMM retrieving second data as a function of the received first identifying data;
the VMM retrieving third data as a function of the received first identifying data; and
the VMM confirming the identity of the first execution context as a function of the retrieved second and third data.
53. The computer program product of claim 52 , the method further comprising:
retrieving the second data from an address space corresponding to the first execution context; and
retrieving the third data from an address space corresponding to the VMM.
54. The computer program product of claim 52 , wherein the first identifying data comprises a first identifier value and a first memory address associated with the first execution context, the method further comprising:
the VMM retrieving the second data as a function of the first memory address.
55. The computer program product of claim 54 , the method further comprising:
the VMM retrieving the third data as a function of the first identifier value.
56. The computer program product of claim 55 , the method further comprising:
the VMM retrieving the third data from an address space corresponding to the VMM; and
the VMM retrieving the second data from an address space corresponding to the first execution context.
57. The computer program product of claim 50 , wherein the VMM saving a state of the identified first execution context comprises:
saving contents of registers associated with the identified first execution context at predetermined locations associated with the identified first execution context; and
clearing one or more registers associated with the identified first execution context.
58. The computer program product of claim 57 , the method further comprising:
modifying a return instruction pointer (IP) register and a stack pointer (SP) register and providing the modified IP and SP information to the guest OS as the control return location information.
59. The computer program product of claim 58 , the method further comprising:
modifying the IP and SP information with values in locations that are not associated with the identified first execution context.
60. The computer program product of claim 57 , the method further comprising:
modifying one or more registers to identify control return instructions to the guest OS.
61. The computer program product of claim 50 , the method further comprising:
the VMM providing the guest OS with access to first data associated with the identified first execution context in a format different from a format in which the identified first execution context accesses the first data.
62. A computer program product for use with a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein, the computer program product comprising a computer readable medium having computer readable program code embodied thereon for performing a method of facilitating a guest operating system (OS) running in the VM to respond to a first event occurrence issued from the first execution context, the method comprising:
(1) the VMM intercepting the first event occurrence and taking control from the first execution context;
(2) the VMM saving a state of the first execution context in a first memory space provided for the first execution context;
(3) the VMM redirecting control to a dispatch handler program;
(3A) the dispatch handler program creating a second event occurrence as a function of the first event occurrence and issuing the second event occurrence to the guest OS;
(4) the VMM intercepting the second event occurrence, saving a state of the dispatch handler, modifying control return information of the second event occurrence and forwarding the modified second event occurrence to the guest OS;
(5) the guest OS processing the second event occurrence and returning control as a function of the modified control return information;
(6) the VMM restoring the state of the saved dispatch handler and the dispatch handler processing data returned by the guest OS in response to the modified second event occurrence;
(7) the dispatch handler requesting the VMM to resume execution of the first execution context; and
(8) the VMM restoring the state of the first execution context saved in step (2) and returning control to the first execution context.
63. The computer program product of claim 62 , wherein step 2 comprises:
storing contents of one or more registers in an address space associated with the first execution context;
setting an instruction pointer (IP) to an entry point corresponding to the dispatch handler; and
setting a stack pointer to execute the dispatch handler.
64. The computer program product of claim 62 , wherein step 3 comprises at least one of:
marshalling arguments; and
copying the marshalled arguments to a buffer.
65. The computer program product of claim 62 , wherein:
the first memory space in which the VMM saves the state of the first execution context is different from a second memory space in which the VMM saves the state of the dispatch handler.
66. The computer program product of claim 62 , wherein the first event occurrence is one of:
a system call;
a control transfer instruction between an application running in the VM and the guest OS; and
a control transfer between first and second applications running in the VM.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/261,159 US20090113111A1 (en) | 2007-10-30 | 2008-10-30 | Secure identification of execution contexts |
US14/071,455 US9336033B2 (en) | 2007-10-30 | 2013-11-04 | Secure identification of execution contexts |
US15/138,136 US10048982B2 (en) | 2007-10-30 | 2016-04-25 | Method for performing control transfers in a system with cloaked pages |
US16/102,411 US10977074B2 (en) | 2007-10-30 | 2018-08-13 | Secure identification of execution contexts |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US98379707P | 2007-10-30 | 2007-10-30 | |
US12/261,159 US20090113111A1 (en) | 2007-10-30 | 2008-10-30 | Secure identification of execution contexts |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/071,455 Continuation US9336033B2 (en) | 2007-10-30 | 2013-11-04 | Secure identification of execution contexts |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090113111A1 true US20090113111A1 (en) | 2009-04-30 |
Family
ID=40584371
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/261,623 Active 2031-05-28 US8261265B2 (en) | 2007-10-30 | 2008-10-30 | Transparent VMM-assisted user-mode execution control transfer |
US12/261,722 Active 2032-04-21 US8819676B2 (en) | 2007-10-30 | 2008-10-30 | Transparent memory-mapped emulation of I/O calls |
US12/261,147 Active 2032-07-11 US8607013B2 (en) | 2007-10-30 | 2008-10-30 | Providing VMM access to guest virtual memory |
US12/261,194 Active 2030-12-14 US8555081B2 (en) | 2007-10-30 | 2008-10-30 | Cryptographic multi-shadowing with integrity verification |
US12/261,159 Abandoned US20090113111A1 (en) | 2007-10-30 | 2008-10-30 | Secure identification of execution contexts |
US14/071,455 Active 2029-05-17 US9336033B2 (en) | 2007-10-30 | 2013-11-04 | Secure identification of execution contexts |
US14/467,974 Active 2030-01-23 US9658878B2 (en) | 2007-10-30 | 2014-08-25 | Transparent memory-mapped emulation of I/O calls |
US15/138,136 Active 2029-03-10 US10048982B2 (en) | 2007-10-30 | 2016-04-25 | Method for performing control transfers in a system with cloaked pages |
US16/102,411 Active 2029-07-14 US10977074B2 (en) | 2007-10-30 | 2018-08-13 | Secure identification of execution contexts |
Family Applications Before (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/261,623 Active 2031-05-28 US8261265B2 (en) | 2007-10-30 | 2008-10-30 | Transparent VMM-assisted user-mode execution control transfer |
US12/261,722 Active 2032-04-21 US8819676B2 (en) | 2007-10-30 | 2008-10-30 | Transparent memory-mapped emulation of I/O calls |
US12/261,147 Active 2032-07-11 US8607013B2 (en) | 2007-10-30 | 2008-10-30 | Providing VMM access to guest virtual memory |
US12/261,194 Active 2030-12-14 US8555081B2 (en) | 2007-10-30 | 2008-10-30 | Cryptographic multi-shadowing with integrity verification |
Family Applications After (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/071,455 Active 2029-05-17 US9336033B2 (en) | 2007-10-30 | 2013-11-04 | Secure identification of execution contexts |
US14/467,974 Active 2030-01-23 US9658878B2 (en) | 2007-10-30 | 2014-08-25 | Transparent memory-mapped emulation of I/O calls |
US15/138,136 Active 2029-03-10 US10048982B2 (en) | 2007-10-30 | 2016-04-25 | Method for performing control transfers in a system with cloaked pages |
US16/102,411 Active 2029-07-14 US10977074B2 (en) | 2007-10-30 | 2018-08-13 | Secure identification of execution contexts |
Country Status (1)
Country | Link |
---|---|
US (9) | US8261265B2 (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080271014A1 (en) * | 2007-04-26 | 2008-10-30 | Serebrin Benjamin C | Lightweight World Switch |
US20090113110A1 (en) * | 2007-10-30 | 2009-04-30 | Vmware, Inc. | Providing VMM Access to Guest Virtual Memory |
US20090187729A1 (en) * | 2008-01-22 | 2009-07-23 | Serebrin Benjamin C | Separate Page Table Base Address for Minivisor |
US20100023941A1 (en) * | 2008-07-28 | 2010-01-28 | Fujitsu Limted | Virtual machine monitor |
US20100257318A1 (en) * | 2009-04-03 | 2010-10-07 | Samsung Electronics Co., Ltd. | Evicting code sections from secondary memory to improve the security of computing systems |
US20100257514A1 (en) * | 2009-04-03 | 2010-10-07 | Samsung Electronics Co., Ltd. | Effective mapping of code sections to the same section of secondary memory to improve the security of computing systems |
US20110047545A1 (en) * | 2009-08-24 | 2011-02-24 | Microsoft Corporation | Entropy Pools for Virtual Machines |
US20120117644A1 (en) * | 2010-11-04 | 2012-05-10 | Ridgeway Internet Security, Llc | System and Method for Internet Security |
US20120173497A1 (en) * | 2011-01-02 | 2012-07-05 | Cisco Technology, Inc. | Defense-in-depth security for bytecode executables |
WO2013025323A1 (en) * | 2011-08-17 | 2013-02-21 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
US20130318508A1 (en) * | 2012-05-24 | 2013-11-28 | International Business Machines Corporation | Remote card content management using synchronous server-side scripting |
US8739189B2 (en) | 2008-01-24 | 2014-05-27 | Mcafee, Inc. | System, method, and computer program product for invoking an application program interface within an interception of another application program interface |
US8955121B2 (en) | 2008-04-29 | 2015-02-10 | Mcafee, Inc. | System, method, and computer program product for dynamically adjusting a level of security applied to a system |
US9027132B2 (en) | 2007-01-24 | 2015-05-05 | Mcafee, Inc. | System, method and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface |
US9176763B2 (en) | 2011-11-28 | 2015-11-03 | Ravello Systems Ltd. | Apparatus and method thereof for efficient execution of a guest in a virtualized environment |
US9274974B1 (en) | 2005-10-21 | 2016-03-01 | Vmware, Inc. | Isolating data within a computer system using private shadow mappings |
US9483645B2 (en) | 2008-03-05 | 2016-11-01 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code |
US9740637B2 (en) | 2007-10-30 | 2017-08-22 | Vmware, Inc. | Cryptographic multi-shadowing with integrity verification |
US9916256B1 (en) * | 2016-09-12 | 2018-03-13 | Toshiba Memory Corporation | DDR storage adapter |
US10963280B2 (en) | 2016-02-03 | 2021-03-30 | Advanced Micro Devices, Inc. | Hypervisor post-write notification of control and debug register updates |
US11281495B2 (en) | 2017-10-26 | 2022-03-22 | Advanced Micro Devices, Inc. | Trusted memory zone |
US11614972B2 (en) * | 2012-06-26 | 2023-03-28 | Juniper Networks, Inc. | Distributed processing of network device tasks |
Families Citing this family (449)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU6104800A (en) | 1999-07-16 | 2001-02-05 | Intertrust Technologies Corp. | Trusted storage systems and methods |
US8539063B1 (en) | 2003-08-29 | 2013-09-17 | Mcafee, Inc. | Method and system for containment of networked application client software by explicit human input |
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US7562179B2 (en) * | 2004-07-30 | 2009-07-14 | Intel Corporation | Maintaining processor resources during architectural events |
US7873955B1 (en) * | 2004-09-07 | 2011-01-18 | Mcafee, Inc. | Solidifying the executable software set of a computer |
CN101375284B (en) | 2004-10-25 | 2012-02-22 | 安全第一公司 | Secure data parser method and system |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
CN105978683A (en) | 2005-11-18 | 2016-09-28 | 安全第公司 | Secure data parser method and system |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US8555404B1 (en) | 2006-05-18 | 2013-10-08 | Mcafee, Inc. | Connectivity-based authorization |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US9424154B2 (en) | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
US8527982B1 (en) * | 2007-01-12 | 2013-09-03 | moka5. Inc. | Auto install virtual machine monitor |
US8607324B2 (en) * | 2008-01-15 | 2013-12-10 | Microsoft Corporation | Untrusted gaming system access to online gaming service |
US8839225B2 (en) | 2008-01-23 | 2014-09-16 | International Business Machines Corporation | Generating and applying patches to a computer program code concurrently with its execution |
US8515075B1 (en) | 2008-01-31 | 2013-08-20 | Mcafee, Inc. | Method of and system for malicious software detection using critical address space protection |
EP2651100A1 (en) | 2008-02-22 | 2013-10-16 | Security First Corporation | Systems and methods for secure workgroup management and communication |
US8615502B2 (en) | 2008-04-18 | 2013-12-24 | Mcafee, Inc. | Method of and system for reverse mapping vnode pointers |
US8667504B2 (en) | 2008-06-20 | 2014-03-04 | Netapp, Inc. | System and method for achieving high performance data flow among user space processes in storage system |
KR101506683B1 (en) * | 2008-08-06 | 2015-03-30 | 삼성전자 주식회사 | Apparatus and method for supporting multiple operating systems |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8544003B1 (en) | 2008-12-11 | 2013-09-24 | Mcafee, Inc. | System and method for managing virtual machine configurations |
US8892789B2 (en) * | 2008-12-19 | 2014-11-18 | Netapp, Inc. | Accelerating internet small computer system interface (iSCSI) proxy input/output (I/O) |
US8190839B2 (en) * | 2009-03-11 | 2012-05-29 | Applied Micro Circuits Corporation | Using domains for physical address management in a multiprocessor system |
US8176282B2 (en) * | 2009-03-11 | 2012-05-08 | Applied Micro Circuits Corporation | Multi-domain management of a cache in a processor system |
US20100262722A1 (en) * | 2009-04-10 | 2010-10-14 | Christophe Vauthier | Dynamic Assignment of Graphics Processing Unit to a Virtual Machine |
US8850601B2 (en) * | 2009-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Systems and methods of determining a trust level from system management mode |
BRPI1013062A2 (en) | 2009-05-19 | 2016-04-05 | Security First Corp | systems and methods to protect cloud data |
US9141412B2 (en) * | 2009-06-16 | 2015-09-22 | Microsoft Technology Licensing, Llc | Terminal services application virtualization for compatibility |
US8989705B1 (en) | 2009-06-18 | 2015-03-24 | Sprint Communications Company L.P. | Secure placement of centralized media controller application in mobile access terminal |
WO2011002437A1 (en) * | 2009-06-29 | 2011-01-06 | Hewlett-Packard Development Company, L.P. | Memory agent to access memory blade as part of the cache coherency domain |
US8352941B1 (en) * | 2009-06-29 | 2013-01-08 | Emc Corporation | Scalable and secure high-level storage access for cloud computing platforms |
US8943203B1 (en) | 2009-07-10 | 2015-01-27 | Netapp, Inc. | System and method for storage and deployment of virtual machines in a virtual server environment |
US8386745B2 (en) * | 2009-07-24 | 2013-02-26 | Advanced Micro Devices, Inc. | I/O memory management unit including multilevel address translation for I/O and computation offload |
FR2948789B1 (en) * | 2009-07-28 | 2016-12-09 | Airbus | SOFTWARE COMPONENT AND DEVICE FOR THE AUTOMATED PROCESSING OF MULTI-PURPOSE DATA, IMPLEMENTING FUNCTIONS REQUIRING DIFFERENT LEVELS OF SAFETY OR LIMITS OF LIABILITY |
CN101989212B (en) * | 2009-07-31 | 2015-01-07 | 国际商业机器公司 | Method and device for providing virtual machine management program for starting blade server |
US8832778B2 (en) * | 2009-08-04 | 2014-09-09 | Carnegie Mellon University | Methods and apparatuses for user-verifiable trusted path in the presence of malware |
US8286164B2 (en) * | 2009-08-07 | 2012-10-09 | International Business Machines Corporation | Secure recursive virtualization |
US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
US8090744B1 (en) * | 2009-08-26 | 2012-01-03 | Symantec Operating Corporation | Method and apparatus for determining compatibility between a virtualized application and a base environment |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US9552497B2 (en) * | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
AU2010326248B2 (en) * | 2009-11-25 | 2015-08-27 | Security First Corp. | Systems and methods for securing data in motion |
US8443261B2 (en) * | 2009-12-11 | 2013-05-14 | Vmware, Inc. | Transparent recovery from hardware memory errors |
KR101651202B1 (en) * | 2009-12-21 | 2016-08-26 | 삼성전자주식회사 | Virtualization apparatus and method of operating thereof |
US8996866B2 (en) * | 2009-12-22 | 2015-03-31 | Microsoft Technology Licensing, Llc | Unobtrusive assurance of authentic user intent |
US8799673B2 (en) * | 2009-12-31 | 2014-08-05 | Intel Corporation | Seamlessly encrypting memory regions to protect against hardware-based attacks |
US8627112B2 (en) * | 2010-03-30 | 2014-01-07 | Novell, Inc. | Secure virtual machine memory |
US8612633B2 (en) | 2010-03-31 | 2013-12-17 | Microsoft Corporation | Virtual machine fast emulation assist |
EP2553904A2 (en) | 2010-03-31 | 2013-02-06 | Rick L. Orsini | Systems and methods for securing data in motion |
WO2011150346A2 (en) | 2010-05-28 | 2011-12-01 | Laurich Lawrence A | Accelerator system for use with secure data storage |
US8863117B2 (en) * | 2010-07-19 | 2014-10-14 | International Business Machines Corporation | Optimizing a file system interface in a virtualized computing environment |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
EP2606448B1 (en) | 2010-08-18 | 2016-02-10 | Security First Corp. | Systems and methods for securing virtual machine computing environments |
US8700896B1 (en) * | 2010-08-25 | 2014-04-15 | Symantec Corporation | Techniques for automatic management of file system encryption drivers |
US8549003B1 (en) | 2010-09-12 | 2013-10-01 | Mcafee, Inc. | System and method for clustering host inventories |
US20120072638A1 (en) * | 2010-09-16 | 2012-03-22 | Unisys Corp. | Single step processing of memory mapped accesses in a hypervisor |
EP2651072A3 (en) | 2010-09-20 | 2013-10-23 | Security First Corp. | Systems and methods for secure data sharing |
US8789042B2 (en) * | 2010-09-27 | 2014-07-22 | Mips Technologies, Inc. | Microprocessor system for virtual machine execution |
US8448022B1 (en) * | 2010-10-26 | 2013-05-21 | Vmware, Inc. | Fault recovery to a call stack position stored in thread local storage |
US8819766B2 (en) * | 2010-12-10 | 2014-08-26 | International Business Machines Corporation | Domain-based isolation and access control on dynamic objects |
US9075993B2 (en) | 2011-01-24 | 2015-07-07 | Mcafee, Inc. | System and method for selectively grouping and managing program files |
US20120198431A1 (en) * | 2011-01-30 | 2012-08-02 | Lin Qiangmin | Method for upgrading hypervisor component and computer system |
US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US8966477B2 (en) * | 2011-04-18 | 2015-02-24 | Intel Corporation | Combined virtual graphics device |
US9015027B2 (en) * | 2011-04-21 | 2015-04-21 | International Business Machines Corporation | Fast emulation of virtually addressed control flow |
US8621238B1 (en) * | 2011-07-26 | 2013-12-31 | The United States Of America As Represented By The Secretary Of The Air Force | Using software-based decision procedures to control instruction-level execution |
US8973136B2 (en) * | 2011-08-02 | 2015-03-03 | Quick Heal Technologies Private Limited | System and method for protecting computer systems from malware attacks |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US8751819B1 (en) * | 2011-09-22 | 2014-06-10 | Symantec Corporation | Systems and methods for encoding data |
US9268712B2 (en) | 2011-09-30 | 2016-02-23 | Intel Corporation | Method, system and apparatus for region access control |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US9904564B2 (en) * | 2011-11-15 | 2018-02-27 | Red Hat Israel, Ltd. | Policy enforcement by hypervisor paravirtualized ring copying |
US8893261B2 (en) | 2011-11-22 | 2014-11-18 | Vmware, Inc. | Method and system for VPN isolation using network namespaces |
US20130136060A1 (en) * | 2011-11-29 | 2013-05-30 | Electronics And Telecommunications Research Institute | Metadata based id interpretation apparatus and method |
KR101751936B1 (en) * | 2011-12-15 | 2017-07-12 | 한국전자통신연구원 | Apparatus and method for virtualization of i/o device using shared memory in host-based terminal virtualization environment |
US10467033B2 (en) | 2011-12-22 | 2019-11-05 | Intel Corporation | Enabling efficient nested virtualization |
US20130326519A1 (en) * | 2011-12-30 | 2013-12-05 | Andrew V. Anderson | Virtual machine control structure shadowing |
US9405570B2 (en) * | 2011-12-30 | 2016-08-02 | Intel Corporation | Low latency virtual machine page table management |
EP2801026A4 (en) * | 2012-01-04 | 2015-08-12 | Intel Corp | Substitute virtualized-memory page tables |
US9027076B2 (en) * | 2012-03-23 | 2015-05-05 | Lockheed Martin Corporation | Method and apparatus for context aware mobile security |
WO2013142948A1 (en) * | 2012-03-30 | 2013-10-03 | Irdeto Canada Corporation | Method and system for preventing and detecting security threats |
US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US8712407B1 (en) | 2012-04-05 | 2014-04-29 | Sprint Communications Company L.P. | Multiple secure elements in mobile electronic device with near field communication capability |
US20130268774A1 (en) | 2012-04-06 | 2013-10-10 | Security First Corp. | Systems and methods for securing and restoring virtual machines |
US9152784B2 (en) | 2012-04-18 | 2015-10-06 | Mcafee, Inc. | Detection and prevention of installation of malicious mobile applications |
US20130283263A1 (en) * | 2012-04-19 | 2013-10-24 | Dincloud, Inc. | System and method for managing resources in a virtual machine environment |
US8819090B2 (en) * | 2012-04-23 | 2014-08-26 | Citrix Systems, Inc. | Trusted file indirection |
US9805439B2 (en) * | 2012-05-02 | 2017-10-31 | Nvidia Corporation | Memory space mapping techniques for server based graphics processing |
US9613390B2 (en) | 2012-05-02 | 2017-04-04 | Nvidia Corporation | Host context techniques for server based graphics processing |
US9542715B2 (en) * | 2012-05-02 | 2017-01-10 | Nvidia Corporation | Memory space mapping techniques for server based graphics processing |
US9311169B2 (en) | 2012-05-02 | 2016-04-12 | Nvidia Corporation | Server based graphics processing techniques |
US9027102B2 (en) | 2012-05-11 | 2015-05-05 | Sprint Communications Company L.P. | Web server bypass of backend process on near field communications and secure element chips |
US8862181B1 (en) | 2012-05-29 | 2014-10-14 | Sprint Communications Company L.P. | Electronic purchase transaction trust infrastructure |
US8924684B1 (en) * | 2012-06-13 | 2014-12-30 | Amazon Technologies, Inc. | Virtual memory management to reduce address cache flushing during I/O operations |
US10140139B1 (en) | 2012-06-19 | 2018-11-27 | Bromium, Inc. | Ensuring the privacy and integrity of a hypervisor |
US9135046B1 (en) | 2012-06-19 | 2015-09-15 | Bromium, Inc. | Preventing host operating system from inspecting or modifying data received by hardware controller by moving host operating system into a virtual machine after boot up |
US9021476B1 (en) * | 2012-06-19 | 2015-04-28 | Bromium, Inc. | Ensuring the privacy and integrity of a hypervisor |
US9282898B2 (en) | 2012-06-25 | 2016-03-15 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9066230B1 (en) | 2012-06-27 | 2015-06-23 | Sprint Communications Company L.P. | Trusted policy and charging enforcement function |
US8924944B2 (en) | 2012-06-29 | 2014-12-30 | Microsoft Corporation | Implementation of distributed methods that support generic functions |
US9176769B2 (en) | 2012-06-29 | 2015-11-03 | Microsoft Technology Licensing, Llc | Partitioned array objects in a distributed runtime |
US8649770B1 (en) * | 2012-07-02 | 2014-02-11 | Sprint Communications Company, L.P. | Extended trusted security zone radio modem |
US8667607B2 (en) | 2012-07-24 | 2014-03-04 | Sprint Communications Company L.P. | Trusted security zone access to peripheral devices |
US8863252B1 (en) | 2012-07-25 | 2014-10-14 | Sprint Communications Company L.P. | Trusted access to third party applications systems and methods |
US9183412B2 (en) | 2012-08-10 | 2015-11-10 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US9471514B1 (en) * | 2012-08-23 | 2016-10-18 | Palo Alto Networks, Inc. | Mitigation of cyber attacks by pointer obfuscation |
US9215180B1 (en) | 2012-08-25 | 2015-12-15 | Sprint Communications Company L.P. | File retrieval in real-time brokering of digital content |
US8954588B1 (en) | 2012-08-25 | 2015-02-10 | Sprint Communications Company L.P. | Reservations in real-time brokering of digital content delivery |
US9015068B1 (en) | 2012-08-25 | 2015-04-21 | Sprint Communications Company L.P. | Framework for real-time brokering of digital content delivery |
US9454487B2 (en) | 2012-08-27 | 2016-09-27 | Vmware, Inc. | Transparent host-side caching of virtual disks located on shared storage |
US9769123B2 (en) * | 2012-09-06 | 2017-09-19 | Intel Corporation | Mitigating unauthorized access to data traffic |
US9774516B2 (en) * | 2012-09-06 | 2017-09-26 | Unisys Corporation | Trace route command execution from a virtualized environment |
US8752140B1 (en) | 2012-09-11 | 2014-06-10 | Sprint Communications Company L.P. | System and methods for trusted internet domain networking |
US9836316B2 (en) * | 2012-09-28 | 2017-12-05 | Intel Corporation | Flexible acceleration of code execution |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9578664B1 (en) | 2013-02-07 | 2017-02-21 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9161227B1 (en) | 2013-02-07 | 2015-10-13 | Sprint Communications Company L.P. | Trusted signaling in long term evolution (LTE) 4G wireless communication |
US9569223B2 (en) * | 2013-02-13 | 2017-02-14 | Red Hat Israel, Ltd. | Mixed shared/non-shared memory transport for virtual machines |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9009823B1 (en) * | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9223795B2 (en) | 2013-03-05 | 2015-12-29 | Xiaofeng Guo | Managing network storage with a user-level file system |
US9104840B1 (en) | 2013-03-05 | 2015-08-11 | Sprint Communications Company L.P. | Trusted security zone watermark |
US20140258595A1 (en) * | 2013-03-11 | 2014-09-11 | Lsi Corporation | System, method and computer-readable medium for dynamic cache sharing in a flash-based caching solution supporting virtual machines |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US8881977B1 (en) | 2013-03-13 | 2014-11-11 | Sprint Communications Company L.P. | Point-of-sale and automated teller machine transactions using trusted mobile access device |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9613208B1 (en) | 2013-03-13 | 2017-04-04 | Sprint Communications Company L.P. | Trusted security zone enhanced with trusted hardware drivers |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US8893155B2 (en) | 2013-03-14 | 2014-11-18 | Microsoft Corporation | Providing distributed array containers for programming objects |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9049013B2 (en) | 2013-03-14 | 2015-06-02 | Sprint Communications Company L.P. | Trusted security zone containers for the protection and confidentiality of trusted service manager data |
US9049186B1 (en) | 2013-03-14 | 2015-06-02 | Sprint Communications Company L.P. | Trusted security zone re-provisioning and re-use capability for refurbished mobile devices |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
WO2014145805A1 (en) | 2013-03-15 | 2014-09-18 | Mandiant, Llc | System and method employing structured intelligence to verify and contain threats at endpoints |
US9021585B1 (en) | 2013-03-15 | 2015-04-28 | Sprint Communications Company L.P. | JTAG fuse vulnerability determination and protection using a trusted execution environment |
US9342343B2 (en) * | 2013-03-15 | 2016-05-17 | Adventium Enterprises, Llc | Wrapped nested virtualization |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US8984592B1 (en) | 2013-03-15 | 2015-03-17 | Sprint Communications Company L.P. | Enablement of a trusted security zone authentication for remote mobile device management systems and methods |
US9191388B1 (en) | 2013-03-15 | 2015-11-17 | Sprint Communications Company L.P. | Trusted security zone communication addressing on an electronic device |
US9292331B2 (en) * | 2013-03-15 | 2016-03-22 | Bracket Computing, Inc. | Expansion of services for a virtual data center guest |
US9374363B1 (en) | 2013-03-15 | 2016-06-21 | Sprint Communications Company L.P. | Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device |
US9454723B1 (en) | 2013-04-04 | 2016-09-27 | Sprint Communications Company L.P. | Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device |
US9324016B1 (en) | 2013-04-04 | 2016-04-26 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9171243B1 (en) | 2013-04-04 | 2015-10-27 | Sprint Communications Company L.P. | System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device |
US9838869B1 (en) | 2013-04-10 | 2017-12-05 | Sprint Communications Company L.P. | Delivering digital content to a mobile device via a digital rights clearing house |
US9443088B1 (en) | 2013-04-15 | 2016-09-13 | Sprint Communications Company L.P. | Protection for multimedia files pre-downloaded to a mobile device |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
CN104166624B (en) * | 2013-05-15 | 2017-07-07 | 上海贝尔股份有限公司 | Memory Optimize Method and device based on physical memory under virtual environment |
US9069952B1 (en) | 2013-05-20 | 2015-06-30 | Sprint Communications Company L.P. | Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory |
US9658867B2 (en) * | 2013-05-30 | 2017-05-23 | Hewlett Packard Enterprise Development Lp | Preserving object code translations of a library for future reuse by an emulator |
US9560519B1 (en) | 2013-06-06 | 2017-01-31 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US9858097B2 (en) | 2013-06-07 | 2018-01-02 | American Megatrends, Inc. | Methods, devices and computer readable storage devices for emulating rotation events in a guest operating system from a host operating system |
US20140366024A1 (en) * | 2013-06-07 | 2014-12-11 | American Megatrends, Inc. | Methods, Devices and Computer Readable Storage Devices for Emulating a Light Sensor in a Guest Operating System from a Host Operating System |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
GB2515536A (en) * | 2013-06-27 | 2014-12-31 | Ibm | Processing a guest event in a hypervisor-controlled system |
US9990216B2 (en) | 2013-06-27 | 2018-06-05 | Red Hat Israel, Ltd. | Providing hypercall interface for virtual machines |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9183606B1 (en) | 2013-07-10 | 2015-11-10 | Sprint Communications Company L.P. | Trusted processing location within a graphics processing unit |
US9507727B2 (en) | 2013-07-17 | 2016-11-29 | Bitdefender IPR Management Ltd. | Page fault injection in virtual machines |
US9311011B2 (en) | 2013-08-07 | 2016-04-12 | Qualcomm Incorporated | Dynamic address negotiation for shared memory regions in heterogenous multiprocessor systems |
US9208339B1 (en) | 2013-08-12 | 2015-12-08 | Sprint Communications Company L.P. | Verifying Applications in Virtual Environments Using a Trusted Security Zone |
KR102033009B1 (en) * | 2013-09-13 | 2019-10-16 | 한국전자통신연구원 | Cyber physical system and virtual machine monitoring method thereof |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9983893B2 (en) | 2013-10-01 | 2018-05-29 | Red Hat Israel, Ltd. | Handling memory-mapped input-output (MMIO) based instructions using fast access addresses |
US10127062B2 (en) * | 2013-10-22 | 2018-11-13 | Citrix Systems, Inc. | Displaying graphics for local virtual machine by allocating textual buffer |
CN105580023B (en) | 2013-10-24 | 2019-08-16 | 迈克菲股份有限公司 | The malicious application of agency's auxiliary in network environment prevents |
US9185626B1 (en) | 2013-10-29 | 2015-11-10 | Sprint Communications Company L.P. | Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning |
US9191522B1 (en) | 2013-11-08 | 2015-11-17 | Sprint Communications Company L.P. | Billing varied service based on tier |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9161325B1 (en) | 2013-11-20 | 2015-10-13 | Sprint Communications Company L.P. | Subscriber identity module virtualization |
US9916173B2 (en) | 2013-11-25 | 2018-03-13 | Red Hat Israel, Ltd. | Facilitating execution of MMIO based instructions |
US9411625B2 (en) | 2013-12-13 | 2016-08-09 | International Business Machines Corporation | Apparatus and control method for hypervisor to obtain faulting instruction |
CN104732164A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Device and method both for accelerating SSL (Security Socket Layer) data processing speed |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9459900B2 (en) | 2014-01-13 | 2016-10-04 | Red Hat Israel, Ltd. | Hypervisor-based balloon page initialization |
CN103744716B (en) * | 2014-01-15 | 2016-09-07 | 上海交通大学 | A kind of dynamically interruption Well-Balanced Mapping method based on current VCPU dispatch state |
US9292686B2 (en) | 2014-01-16 | 2016-03-22 | Fireeye, Inc. | Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment |
US9118655B1 (en) | 2014-01-24 | 2015-08-25 | Sprint Communications Company L.P. | Trusted display and transmission of digital ticket documentation |
US9934067B2 (en) | 2014-01-30 | 2018-04-03 | Vmware, Inc. | Synchronous user space function execution from a kernel context |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
CN103853597B (en) * | 2014-02-21 | 2017-04-19 | 北京神舟航天软件技术有限公司 | Method for realizing high-frequency data collection of embedded virtual machine platform |
US9819493B2 (en) * | 2014-02-26 | 2017-11-14 | Unisys Corporation | Enhanced security for media encryption |
US9792448B2 (en) | 2014-02-28 | 2017-10-17 | Advanced Micro Devices, Inc. | Cryptographic protection of information in a processing system |
US20150254145A1 (en) * | 2014-03-07 | 2015-09-10 | Microsoft Corporation | Operating system/hypervisor efficiencies for sub-divided privilege levels |
EP3115903B1 (en) * | 2014-03-07 | 2020-04-15 | Huawei Technologies Co., Ltd. | File accessing method and related device |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
GB2524561A (en) * | 2014-03-27 | 2015-09-30 | St Microelectronics Res & Dev | Methods and apparatus for storing content |
US9226145B1 (en) | 2014-03-28 | 2015-12-29 | Sprint Communications Company L.P. | Verification of mobile device integrity during activation |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9678778B1 (en) * | 2014-05-07 | 2017-06-13 | Google Inc. | Virtual cluster as a service (VCIaaS) |
US9678787B2 (en) | 2014-05-23 | 2017-06-13 | Microsoft Technology Licensing, Llc | Framework for authoring data loaders and data savers |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
RU2566253C1 (en) * | 2014-06-09 | 2015-10-20 | Общество с ограниченной ответственностью "НеоБИТ" | Data block processing method |
US10162655B2 (en) | 2014-06-23 | 2018-12-25 | Vmware, Inc. | Hypervisor context switching using TLB tags in processors having more than two hierarchical privilege levels |
US10255090B2 (en) * | 2014-06-23 | 2019-04-09 | Vmware, Inc. | Hypervisor context switching using a redirection exception vector in processors having more than two hierarchical privilege levels |
US10019275B2 (en) * | 2014-06-23 | 2018-07-10 | Vmware, Inc. | Hypervisor context switching using a trampoline scheme in processors having more than two hierarchical privilege levels |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US11477278B2 (en) * | 2014-06-24 | 2022-10-18 | Oracle International Corporation | System and method for supporting partitions in a multitenant application server environment |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
WO2016018234A1 (en) | 2014-07-28 | 2016-02-04 | Hewlett-Packard Development Company, L.P. | Memory access control |
WO2016018233A1 (en) * | 2014-07-28 | 2016-02-04 | Hewlett-Packard Development Company, L.P. | Memory access control |
US9230085B1 (en) | 2014-07-29 | 2016-01-05 | Sprint Communications Company L.P. | Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services |
US9696933B2 (en) | 2014-08-15 | 2017-07-04 | International Business Machines Corporation | Virtual machine manager initiated page-in of kernel pages |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US9916095B2 (en) | 2015-03-27 | 2018-03-13 | Kove Ip, Llc | Fork-safe memory allocation from memory-mapped files with anonymous memory behavior |
US10275171B2 (en) | 2014-09-16 | 2019-04-30 | Kove Ip, Llc | Paging of external memory |
US10372335B2 (en) | 2014-09-16 | 2019-08-06 | Kove Ip, Llc | External memory for virtualization |
US9626108B2 (en) | 2014-09-16 | 2017-04-18 | Kove Ip, Llc | Dynamically provisionable and allocatable external memory |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US11188427B2 (en) | 2014-09-26 | 2021-11-30 | Oracle International Corporation | System and method for transaction recovery in a multitenant application server environment |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
EP3224759B8 (en) * | 2014-11-26 | 2019-06-19 | Hewlett-Packard Development Company, L.P. | In-memory attack prevention |
US11303539B2 (en) | 2014-12-05 | 2022-04-12 | Accenture Global Services Limited | Network component placement architecture |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9779232B1 (en) | 2015-01-14 | 2017-10-03 | Sprint Communications Company L.P. | Trusted code generation and verification to prevent fraud from maleficent external devices that capture data |
US9189630B1 (en) * | 2015-01-21 | 2015-11-17 | AO Kaspersky Lab | Systems and methods for active operating system kernel protection |
US9838868B1 (en) | 2015-01-26 | 2017-12-05 | Sprint Communications Company L.P. | Mated universal serial bus (USB) wireless dongles configured with destination addresses |
US9639706B2 (en) * | 2015-02-19 | 2017-05-02 | International Business Machines Corporation | Inter-virtual machine communication |
US10185842B2 (en) | 2015-03-18 | 2019-01-22 | Intel Corporation | Cache and data organization for memory protection |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9798900B2 (en) | 2015-03-26 | 2017-10-24 | Intel Corporation | Flexible counter system for memory protection |
US10114763B2 (en) | 2015-03-27 | 2018-10-30 | Kove Ip, Llc | Fork-safe memory allocation from memory-mapped files with anonymous memory behavior |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9473945B1 (en) | 2015-04-07 | 2016-10-18 | Sprint Communications Company L.P. | Infrastructure for secure short message transmission |
US9870324B2 (en) * | 2015-04-09 | 2018-01-16 | Vmware, Inc. | Isolating guest code and data using multiple nested page tables |
US10007497B2 (en) * | 2015-04-10 | 2018-06-26 | Google Llc | Binary translation on shared object level |
WO2016162720A1 (en) * | 2015-04-10 | 2016-10-13 | Google Inc. | Binary translation into native client |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
CN104834604B (en) * | 2015-04-22 | 2018-02-16 | 上海微小卫星工程中心 | A kind of IO addresses are to I/O object quick mapping method and system |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
EP3093773B1 (en) * | 2015-05-13 | 2019-07-10 | Huawei Technologies Co., Ltd. | System and method for creating selective snapshots of a database |
CN106295267B (en) * | 2015-06-09 | 2019-04-19 | 阿里巴巴集团控股有限公司 | It is a kind of access electronic equipment physical memory in private data method and apparatus |
US9594598B1 (en) * | 2015-06-12 | 2017-03-14 | Amazon Technologies, Inc. | Live migration for virtual computing resources utilizing network-based storage |
KR102584506B1 (en) * | 2015-06-24 | 2023-10-04 | 어드밴스드 마이크로 디바이시즈, 인코포레이티드 | State information protection for virtual machines |
US10216927B1 (en) | 2015-06-30 | 2019-02-26 | Fireeye, Inc. | System and method for protecting memory pages associated with a process using a virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10395029B1 (en) | 2015-06-30 | 2019-08-27 | Fireeye, Inc. | Virtual system and method with threat protection |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US9720721B2 (en) * | 2015-07-01 | 2017-08-01 | International Business Machines Corporation | Protected guests in a hypervisor controlled system |
JP6458146B2 (en) * | 2015-07-08 | 2019-01-23 | 株式会社日立製作所 | Computer and memory area management method |
EP3118740B1 (en) | 2015-07-15 | 2021-09-08 | Huawei Technologies Co., Ltd. | Device and method for hardware virtualization support |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US9996494B2 (en) | 2015-09-03 | 2018-06-12 | Red Hat Israel, Ltd. | Asynchronous mapping of hot-plugged device associated with virtual machine |
CN106502759B (en) * | 2015-09-06 | 2019-11-15 | 华为技术有限公司 | A kind of data access method, code call method and virtual machine monitor |
US11829454B2 (en) * | 2018-03-09 | 2023-11-28 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
US9819679B1 (en) | 2015-09-14 | 2017-11-14 | Sprint Communications Company L.P. | Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033759B1 (en) | 2015-09-28 | 2018-07-24 | Fireeye, Inc. | System and method of threat detection under hypervisor control |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US9948637B2 (en) * | 2015-10-08 | 2018-04-17 | American Express Travel Related Services Company, Inc. | System and method for data security on big data sets |
CN105389197B (en) * | 2015-10-13 | 2019-02-26 | 北京百度网讯科技有限公司 | Operation method and device for capturing for the virtualization system based on container |
US9996357B2 (en) * | 2015-10-30 | 2018-06-12 | International Business Machines Corporation | Resolving page faults out of context for shared contexts |
US9536088B1 (en) * | 2015-11-09 | 2017-01-03 | AO Kaspersky Lab | System and method for protection of memory in a hypervisor |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10282719B1 (en) | 2015-11-12 | 2019-05-07 | Sprint Communications Company L.P. | Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit |
US10169601B2 (en) | 2015-11-18 | 2019-01-01 | American Express Travel Related Services Company, Inc. | System and method for reading and writing to big data storage formats |
US10037329B2 (en) | 2015-11-18 | 2018-07-31 | American Express Travel Related Services Company, Inc. | System and method for automatically capturing and recording lineage data for big data records |
US10055471B2 (en) | 2015-11-18 | 2018-08-21 | American Express Travel Related Services Company, Inc. | Integrated big data interface for multiple storage types |
US10445324B2 (en) | 2015-11-18 | 2019-10-15 | American Express Travel Related Services Company, Inc. | Systems and methods for tracking sensitive data in a big data environment |
US9817992B1 (en) | 2015-11-20 | 2017-11-14 | Sprint Communications Company Lp. | System and method for secure USIM wireless network access |
CN106775608B (en) * | 2015-11-24 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Method and device for realizing independent system process |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10055444B2 (en) | 2015-12-16 | 2018-08-21 | American Express Travel Related Services Company, Inc. | Systems and methods for access control over changing big data structures |
US9841987B2 (en) | 2015-12-17 | 2017-12-12 | International Business Machines Corporation | Transparent secure interception handling |
US10019279B2 (en) | 2015-12-17 | 2018-07-10 | International Business Machines Corporation | Transparent secure interception handling |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US9846610B2 (en) | 2016-02-08 | 2017-12-19 | Red Hat Israel, Ltd. | Page fault-based fast memory-mapped I/O for virtual machines |
US11429412B2 (en) | 2016-02-25 | 2022-08-30 | Red Hat Israel, Ltd. | Guest protection from application code execution in kernel mode |
US20170277903A1 (en) * | 2016-03-22 | 2017-09-28 | Qualcomm Incorporated | Data Protection Using Virtual Resource Views |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10019583B2 (en) * | 2016-04-01 | 2018-07-10 | Samsung Electronics Co., Ltd. | Method and apparatus for performing protected walk-based shadow paging using multiple stages of page tables |
US11379385B2 (en) * | 2016-04-16 | 2022-07-05 | Vmware, Inc. | Techniques for protecting memory pages of a virtual computing instance |
US10348500B2 (en) * | 2016-05-05 | 2019-07-09 | Adventium Enterprises, Llc | Key material management |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10210012B2 (en) | 2016-06-27 | 2019-02-19 | Intel Corporation | Techniques for persistent memory virtualization |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US20180052858A1 (en) * | 2016-08-16 | 2018-02-22 | Netscout Systems Texas, Llc | Methods and procedures for timestamp-based indexing of items in real-time storage |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10223528B2 (en) | 2016-09-27 | 2019-03-05 | Intel Corporation | Technologies for deterministic code flow integrity protection |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10528485B2 (en) * | 2016-09-30 | 2020-01-07 | Intel Corporation | Method and apparatus for sharing security metadata memory space |
US11494484B2 (en) * | 2016-10-24 | 2022-11-08 | Nubeva, Inc. | Leveraging instrumentation capabilities to enable monitoring services |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
CN108121594B (en) * | 2016-11-29 | 2020-10-20 | 阿里巴巴集团控股有限公司 | Process management method and device |
US20180165133A1 (en) * | 2016-12-13 | 2018-06-14 | Microsoft Technology Licensing, Llc | Shared Memory Using Memory Mapped Files Between Host And Guest On A Computing Device |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10496311B2 (en) | 2017-01-19 | 2019-12-03 | International Business Machines Corporation | Run-time instrumentation of guarded storage event processing |
US10452288B2 (en) | 2017-01-19 | 2019-10-22 | International Business Machines Corporation | Identifying processor attributes based on detecting a guarded storage event |
US10579377B2 (en) | 2017-01-19 | 2020-03-03 | International Business Machines Corporation | Guarded storage event handling during transactional execution |
US10496292B2 (en) | 2017-01-19 | 2019-12-03 | International Business Machines Corporation | Saving/restoring guarded storage controls in a virtualized environment |
US10732858B2 (en) | 2017-01-19 | 2020-08-04 | International Business Machines Corporation | Loading and storing controls regulating the operation of a guarded storage facility |
US10725685B2 (en) | 2017-01-19 | 2020-07-28 | International Business Machines Corporation | Load logical and shift guarded instruction |
US11295326B2 (en) | 2017-01-31 | 2022-04-05 | American Express Travel Related Services Company, Inc. | Insights on a data platform |
US10509733B2 (en) | 2017-03-24 | 2019-12-17 | Red Hat, Inc. | Kernel same-page merging for encrypted memory |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10209917B2 (en) | 2017-04-20 | 2019-02-19 | Red Hat, Inc. | Physical memory migration for secure encrypted virtual machines |
US10310895B2 (en) * | 2017-04-21 | 2019-06-04 | Intel Corporation | Memory-based software barriers |
US10379764B2 (en) | 2017-05-11 | 2019-08-13 | Red Hat, Inc. | Virtual machine page movement for encrypted memory |
CN109144844B (en) * | 2017-06-27 | 2023-01-31 | 阿里巴巴集团控股有限公司 | Tracking method, device, equipment and machine readable medium |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10499249B1 (en) | 2017-07-11 | 2019-12-03 | Sprint Communications Company L.P. | Data link layer trust signaling in communication network |
US10565126B2 (en) * | 2017-07-14 | 2020-02-18 | Arm Limited | Method and apparatus for two-layer copy-on-write |
US11354420B2 (en) | 2017-07-21 | 2022-06-07 | Red Hat, Inc. | Re-duplication of de-duplicated encrypted memory |
US11086525B2 (en) | 2017-08-02 | 2021-08-10 | Kove Ip, Llc | Resilient external memory |
CN107562515B (en) * | 2017-08-04 | 2021-09-07 | 海光信息技术股份有限公司 | Method for managing memory in virtualization technology |
CN107688481B (en) * | 2017-08-17 | 2023-12-15 | 中国电子科技集团公司第五十四研究所 | Multi-node-supporting KVM virtual machine hiding process detection system |
US10761734B2 (en) * | 2017-08-30 | 2020-09-01 | General Electric Company | Systems and methods for data frame representation |
CN109471671B (en) * | 2017-09-06 | 2023-03-24 | 武汉斗鱼网络科技有限公司 | Program cold starting method and system |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US10915268B2 (en) * | 2017-12-22 | 2021-02-09 | International Business Machines Corporation | Event based runtime scheduling |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11853423B2 (en) | 2018-01-19 | 2023-12-26 | SunStone Information Defense, Inc. | Methods and apparatus for interfering with malware using displaced display elements |
WO2019152792A1 (en) | 2018-02-02 | 2019-08-08 | Dover Microsystems, Inc. | Systems and methods for policy linking and/or loading for secure initialization |
WO2019161557A1 (en) | 2018-02-24 | 2019-08-29 | 华为技术有限公司 | Communication method and apparatus |
US10789174B2 (en) | 2018-02-28 | 2020-09-29 | Red Hat, Inc. | Guest intermediate address translation for virtual machines |
US10579410B2 (en) * | 2018-02-28 | 2020-03-03 | Red Hat, Inc. | Guest intermediate address tagging for guest applications |
US10606631B2 (en) | 2018-03-19 | 2020-03-31 | Red Hat, Inc. | Security enhanced hypervisor userspace notifications |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
CN108469984B (en) * | 2018-04-17 | 2021-07-30 | 哈尔滨工业大学 | Virtual machine introspection function level-based dynamic detection system and method for inner core of virtual machine |
CN108874500B (en) * | 2018-04-26 | 2022-10-18 | 南京大学 | Application program safety protection method based on hardware virtualization technology |
WO2019213061A1 (en) | 2018-04-30 | 2019-11-07 | Dover Microsystems, Inc. | Systems and methods for checking safety properties |
CN109102754B (en) * | 2018-06-20 | 2020-12-01 | 新华三大数据技术有限公司 | Data map generation method and device |
US10452294B1 (en) * | 2018-06-25 | 2019-10-22 | Dell Products L.P. | System and method of allocating storage of devices |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US10761996B2 (en) * | 2018-09-28 | 2020-09-01 | Intel Corporation | Apparatus and method for secure memory access using trust domains |
TW202022679A (en) | 2018-11-06 | 2020-06-16 | 美商多佛微系統公司 | Systems and methods for stalling host processor |
CN109739613B (en) * | 2018-11-22 | 2021-08-13 | 海光信息技术股份有限公司 | Maintenance method and access control method of nested page table and related device |
US10853119B2 (en) * | 2018-11-29 | 2020-12-01 | Shanghai Jiao Tong University | GiantVM for resource aggregation |
US11841956B2 (en) | 2018-12-18 | 2023-12-12 | Dover Microsystems, Inc. | Systems and methods for data lifecycle protection |
US12074887B1 (en) | 2018-12-21 | 2024-08-27 | Musarubra Us Llc | System and method for selectively processing content after identification and removal of malicious content |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
CN111459623B (en) * | 2019-01-18 | 2024-04-12 | 华为技术有限公司 | Method, device and computer for restoring running of application program |
US11150817B2 (en) | 2019-02-08 | 2021-10-19 | International Business Machines Corporation | Integrating kernel-bypass user-level file systems into legacy applications |
US11206128B2 (en) | 2019-03-08 | 2021-12-21 | International Business Machines Corporation | Secure paging with page change detection |
US11487906B2 (en) | 2019-03-08 | 2022-11-01 | International Business Machines Corporation | Storage sharing between a secure domain and a non-secure entity |
US11347869B2 (en) | 2019-03-08 | 2022-05-31 | International Business Machines Corporation | Secure interface control high-level page management |
US11403409B2 (en) * | 2019-03-08 | 2022-08-02 | International Business Machines Corporation | Program interruptions for page importing/exporting |
US11531627B2 (en) * | 2019-03-08 | 2022-12-20 | International Business Machines Corporation | Secure storage isolation |
US11640361B2 (en) | 2019-03-08 | 2023-05-02 | International Business Machines Corporation | Sharing secure memory across multiple security domains |
KR20210138007A (en) * | 2019-03-28 | 2021-11-18 | 인텔 코포레이션 | Direct memory access tracking for pass-through devices within virtualized environments |
US11537424B2 (en) * | 2019-05-10 | 2022-12-27 | Kontain Inc. | Scalable and secure containers |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11868273B2 (en) * | 2019-06-29 | 2024-01-09 | Intel Corporation | Memory protection with hidden inline metadata to indicate data type |
CN110716791B (en) * | 2019-09-25 | 2023-01-20 | 北京直客通科技有限公司 | Real-time virtualization system and execution method thereof |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US12079197B2 (en) | 2019-10-18 | 2024-09-03 | Dover Microsystems, Inc. | Systems and methods for updating metadata |
US11614956B2 (en) | 2019-12-06 | 2023-03-28 | Red Hat, Inc. | Multicast live migration for encrypted virtual machines |
US11726922B2 (en) * | 2020-02-25 | 2023-08-15 | International Business Machines Corporation | Memory protection in hypervisor environments |
US11604671B2 (en) | 2020-03-19 | 2023-03-14 | Red Hat, Inc. | Secure virtual machine and peripheral device communication |
CN111459620B (en) * | 2020-04-08 | 2023-07-25 | 孙宇霖 | Information scheduling method from secure container operating system to virtual machine monitor |
CN113849339B (en) * | 2020-06-28 | 2023-07-11 | 华为技术有限公司 | Method, device and storage medium for restoring running state of application program |
US11816211B2 (en) | 2020-07-31 | 2023-11-14 | RunSafe Security, Inc. | Active signaling in response to attacks on a transformed binary |
US20220300330A1 (en) * | 2021-03-16 | 2022-09-22 | Cisco Technology, Inc. | Runtime Container Protection |
CN113391856B (en) * | 2021-06-25 | 2022-04-15 | 北京字节跳动网络技术有限公司 | Cross-task-stack page processing method, device, equipment and medium |
WO2023034586A1 (en) * | 2021-09-03 | 2023-03-09 | Dover Microsystems, Inc. | Systems and methods for on-demand loading of metadata |
US20230132905A1 (en) * | 2021-10-28 | 2023-05-04 | Red Hat, Inc. | Binary execuction by a virtual device |
US11947817B2 (en) | 2021-11-15 | 2024-04-02 | Microstrategy Incorporated | Memory mapping to enhance data cube performance |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050273783A1 (en) * | 2004-06-03 | 2005-12-08 | Tankov Nikolai D | Identification of execution context |
US20070005992A1 (en) * | 2005-06-30 | 2007-01-04 | Travis Schluessler | Signed manifest for run-time verification of software program identity and integrity |
US20090038017A1 (en) * | 2007-08-02 | 2009-02-05 | David Durham | Secure vault service for software components within an execution environment |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4787031A (en) * | 1985-01-04 | 1988-11-22 | Digital Equipment Corporation | Computer with virtual machine mode and multiple protection rings |
US5097533A (en) * | 1988-11-29 | 1992-03-17 | International Business Machines Corporation | System and method for interfacing computer application programs written in different languages to a software system |
US5230069A (en) * | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
US5555385A (en) * | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
US6055617A (en) * | 1997-08-29 | 2000-04-25 | Sequent Computer Systems, Inc. | Virtual address window for accessing physical memory in a computer system |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
GB0024919D0 (en) * | 2000-10-11 | 2000-11-22 | Sealedmedia Ltd | Method of further securing an operating system |
US7260820B1 (en) * | 2001-04-26 | 2007-08-21 | Vm Ware, Inc. | Undefeatable transformation for virtual machine I/O operations |
US7181744B2 (en) * | 2002-10-24 | 2007-02-20 | International Business Machines Corporation | System and method for transferring data between virtual machines or other computer entities |
US7111145B1 (en) * | 2003-03-25 | 2006-09-19 | Vmware, Inc. | TLB miss fault handler and method for accessing multiple page tables |
US7290253B1 (en) * | 2003-09-30 | 2007-10-30 | Vmware, Inc. | Prediction mechanism for subroutine returns in binary translation sub-systems of computers |
EP1870814B1 (en) | 2006-06-19 | 2014-08-13 | Texas Instruments France | Method and apparatus for secure demand paging for processor devices |
US7299337B2 (en) | 2005-05-12 | 2007-11-20 | Traut Eric P | Enhanced shadow page table algorithms |
US9274974B1 (en) | 2005-10-21 | 2016-03-01 | Vmware, Inc. | Isolating data within a computer system using private shadow mappings |
US20080077767A1 (en) * | 2006-09-27 | 2008-03-27 | Khosravi Hormuzd M | Method and apparatus for secure page swapping in virtual memory systems |
US8615643B2 (en) * | 2006-12-05 | 2013-12-24 | Microsoft Corporation | Operational efficiency of virtual TLBs |
US7788464B2 (en) * | 2006-12-22 | 2010-08-31 | Microsoft Corporation | Scalability of virtual TLBs for multi-processor virtual machines |
US8856782B2 (en) * | 2007-03-01 | 2014-10-07 | George Mason Research Foundation, Inc. | On-demand disposable virtual work system |
US20080301770A1 (en) * | 2007-05-31 | 2008-12-04 | Kinder Nathan G | Identity based virtual machine selector |
US8261265B2 (en) * | 2007-10-30 | 2012-09-04 | Vmware, Inc. | Transparent VMM-assisted user-mode execution control transfer |
US9740637B2 (en) | 2007-10-30 | 2017-08-22 | Vmware, Inc. | Cryptographic multi-shadowing with integrity verification |
US8140820B2 (en) * | 2008-05-21 | 2012-03-20 | Arm Limited | Data processing apparatus and method for handling address translation for access requests issued by processing circuitry |
-
2008
- 2008-10-30 US US12/261,623 patent/US8261265B2/en active Active
- 2008-10-30 US US12/261,722 patent/US8819676B2/en active Active
- 2008-10-30 US US12/261,147 patent/US8607013B2/en active Active
- 2008-10-30 US US12/261,194 patent/US8555081B2/en active Active
- 2008-10-30 US US12/261,159 patent/US20090113111A1/en not_active Abandoned
-
2013
- 2013-11-04 US US14/071,455 patent/US9336033B2/en active Active
-
2014
- 2014-08-25 US US14/467,974 patent/US9658878B2/en active Active
-
2016
- 2016-04-25 US US15/138,136 patent/US10048982B2/en active Active
-
2018
- 2018-08-13 US US16/102,411 patent/US10977074B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050273783A1 (en) * | 2004-06-03 | 2005-12-08 | Tankov Nikolai D | Identification of execution context |
US20070005992A1 (en) * | 2005-06-30 | 2007-01-04 | Travis Schluessler | Signed manifest for run-time verification of software program identity and integrity |
US8132003B2 (en) * | 2005-06-30 | 2012-03-06 | Intel Corporation | Secure platform voucher service for software components within an execution environment |
US20090038017A1 (en) * | 2007-08-02 | 2009-02-05 | David Durham | Secure vault service for software components within an execution environment |
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10241819B2 (en) | 2005-10-21 | 2019-03-26 | Vmware, Inc. | Isolating data within a computer system using private shadow mappings |
US9274974B1 (en) | 2005-10-21 | 2016-03-01 | Vmware, Inc. | Isolating data within a computer system using private shadow mappings |
US9027132B2 (en) | 2007-01-24 | 2015-05-05 | Mcafee, Inc. | System, method and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface |
US9824215B2 (en) | 2007-01-24 | 2017-11-21 | Mcafee, Llc | System, method, and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface |
US8561060B2 (en) | 2007-04-26 | 2013-10-15 | Advanced Micro Devices, Inc. | Processor and method configured to determine an exit mechanism using an intercept configuration for a virtual machine |
US20080271014A1 (en) * | 2007-04-26 | 2008-10-30 | Serebrin Benjamin C | Lightweight World Switch |
US9740637B2 (en) | 2007-10-30 | 2017-08-22 | Vmware, Inc. | Cryptographic multi-shadowing with integrity verification |
US9658878B2 (en) | 2007-10-30 | 2017-05-23 | Vmware, Inc. | Transparent memory-mapped emulation of I/O calls |
US10977074B2 (en) | 2007-10-30 | 2021-04-13 | Vmware, Inc. | Secure identification of execution contexts |
US20090113110A1 (en) * | 2007-10-30 | 2009-04-30 | Vmware, Inc. | Providing VMM Access to Guest Virtual Memory |
US9336033B2 (en) | 2007-10-30 | 2016-05-10 | Vmware, Inc. | Secure identification of execution contexts |
US8607013B2 (en) * | 2007-10-30 | 2013-12-10 | Vmware, Inc. | Providing VMM access to guest virtual memory |
US10048982B2 (en) | 2007-10-30 | 2018-08-14 | Vmware, Inc. | Method for performing control transfers in a system with cloaked pages |
US10169253B2 (en) | 2007-10-30 | 2019-01-01 | Vmware, Inc. | Cryptographic multi-shadowing with integrity verification |
US20090187698A1 (en) * | 2008-01-22 | 2009-07-23 | Serebrin Benjamin C | Minivisor Entry Point in Virtual Machine Monitor Address Space |
US20090187726A1 (en) * | 2008-01-22 | 2009-07-23 | Serebrin Benjamin C | Alternate Address Space to Permit Virtual Machine Monitor Access to Guest Virtual Address Space |
US8099541B2 (en) * | 2008-01-22 | 2012-01-17 | Globalfoundries Inc. | Minivisor entry point in virtual machine monitor address space |
US20090187729A1 (en) * | 2008-01-22 | 2009-07-23 | Serebrin Benjamin C | Separate Page Table Base Address for Minivisor |
US8078792B2 (en) | 2008-01-22 | 2011-12-13 | Advanced Micro Devices, Inc. | Separate page table base address for minivisor |
US8739189B2 (en) | 2008-01-24 | 2014-05-27 | Mcafee, Inc. | System, method, and computer program product for invoking an application program interface within an interception of another application program interface |
US9483645B2 (en) | 2008-03-05 | 2016-11-01 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code |
US8955121B2 (en) | 2008-04-29 | 2015-02-10 | Mcafee, Inc. | System, method, and computer program product for dynamically adjusting a level of security applied to a system |
US8261267B2 (en) * | 2008-07-28 | 2012-09-04 | Fujitsu Limited | Virtual machine monitor having mapping data generator for mapping virtual page of the virtual memory to a physical memory |
US20100023941A1 (en) * | 2008-07-28 | 2010-01-28 | Fujitsu Limted | Virtual machine monitor |
US20100257514A1 (en) * | 2009-04-03 | 2010-10-07 | Samsung Electronics Co., Ltd. | Effective mapping of code sections to the same section of secondary memory to improve the security of computing systems |
US20100257318A1 (en) * | 2009-04-03 | 2010-10-07 | Samsung Electronics Co., Ltd. | Evicting code sections from secondary memory to improve the security of computing systems |
CN102473098A (en) * | 2009-08-24 | 2012-05-23 | 微软公司 | Entropy pools for virtual machines |
US9495190B2 (en) * | 2009-08-24 | 2016-11-15 | Microsoft Technology Licensing, Llc | Entropy pools for virtual machines |
US20110047545A1 (en) * | 2009-08-24 | 2011-02-24 | Microsoft Corporation | Entropy Pools for Virtual Machines |
KR101761950B1 (en) * | 2009-08-24 | 2017-08-04 | 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 | Entropy pools for virtual machines |
US20120117644A1 (en) * | 2010-11-04 | 2012-05-10 | Ridgeway Internet Security, Llc | System and Method for Internet Security |
US8578487B2 (en) * | 2010-11-04 | 2013-11-05 | Cylance Inc. | System and method for internet security |
US8694548B2 (en) * | 2011-01-02 | 2014-04-08 | Cisco Technology, Inc. | Defense-in-depth security for bytecode executables |
US20120173497A1 (en) * | 2011-01-02 | 2012-07-05 | Cisco Technology, Inc. | Defense-in-depth security for bytecode executables |
US8707434B2 (en) | 2011-08-17 | 2014-04-22 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
US9237171B2 (en) | 2011-08-17 | 2016-01-12 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
WO2013025323A1 (en) * | 2011-08-17 | 2013-02-21 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
US9946870B2 (en) | 2011-11-28 | 2018-04-17 | Ravello Systems Ltd. | Apparatus and method thereof for efficient execution of a guest in a virtualized enviroment |
US9176763B2 (en) | 2011-11-28 | 2015-11-03 | Ravello Systems Ltd. | Apparatus and method thereof for efficient execution of a guest in a virtualized environment |
US8793651B2 (en) * | 2012-05-24 | 2014-07-29 | International Business Machines Corporation | Remote card content management using synchronous server-side scripting |
US8813029B2 (en) * | 2012-05-24 | 2014-08-19 | International Business Machines Corporation | Remote card content management using synchronous server-side scripting |
US20130318508A1 (en) * | 2012-05-24 | 2013-11-28 | International Business Machines Corporation | Remote card content management using synchronous server-side scripting |
US20130318142A1 (en) * | 2012-05-24 | 2013-11-28 | International Business Machines Corporation | Remote card content management using synchronous server-side scripting |
US11614972B2 (en) * | 2012-06-26 | 2023-03-28 | Juniper Networks, Inc. | Distributed processing of network device tasks |
US10963280B2 (en) | 2016-02-03 | 2021-03-30 | Advanced Micro Devices, Inc. | Hypervisor post-write notification of control and debug register updates |
US20180074971A1 (en) * | 2016-09-12 | 2018-03-15 | Toshiba Memory Corporation | Ddr storage adapter |
US9916256B1 (en) * | 2016-09-12 | 2018-03-13 | Toshiba Memory Corporation | DDR storage adapter |
US10430346B2 (en) | 2016-09-12 | 2019-10-01 | Toshiba Memory Corporation | DDR storage adapter |
US11281495B2 (en) | 2017-10-26 | 2022-03-22 | Advanced Micro Devices, Inc. | Trusted memory zone |
Also Published As
Publication number | Publication date |
---|---|
US8607013B2 (en) | 2013-12-10 |
US8555081B2 (en) | 2013-10-08 |
US10977074B2 (en) | 2021-04-13 |
US9336033B2 (en) | 2016-05-10 |
US20090113110A1 (en) | 2009-04-30 |
US20160239339A1 (en) | 2016-08-18 |
US9658878B2 (en) | 2017-05-23 |
US20140068614A1 (en) | 2014-03-06 |
US8819676B2 (en) | 2014-08-26 |
US10048982B2 (en) | 2018-08-14 |
US8261265B2 (en) | 2012-09-04 |
US20150046924A1 (en) | 2015-02-12 |
US20090113216A1 (en) | 2009-04-30 |
US20090113425A1 (en) | 2009-04-30 |
US20090113424A1 (en) | 2009-04-30 |
US20190004850A1 (en) | 2019-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10977074B2 (en) | Secure identification of execution contexts | |
US10169253B2 (en) | Cryptographic multi-shadowing with integrity verification | |
Park et al. | libmpk: Software abstraction for intel memory protection keys (intel {MPK}) | |
Chen et al. | Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems | |
US10241819B2 (en) | Isolating data within a computer system using private shadow mappings | |
US9989043B2 (en) | System and method for processor-based security | |
Yang et al. | Using hypervisor to provide data secrecy for user applications on a per-page basis | |
Champagne et al. | Scalable architectural support for trusted software | |
US7797748B2 (en) | On-access anti-virus mechanism for virtual machine architecture | |
US8341627B2 (en) | Method and system for providing user space address protection from writable memory area in a virtual environment | |
US20090055693A1 (en) | Monitoring Execution of Guest Code in a Virtual Machine | |
Jin et al. | H-svm: Hardware-assisted secure virtual machines under a vulnerable hypervisor | |
Jin et al. | Secure mmu: Architectural support for memory isolation among virtual machines | |
Gu et al. | Enclavisor: A hardware-software co-design for enclaves on untrusted cloud | |
Park et al. | Libmpk: software abstraction for Intel memory protection keys | |
US20230221982A1 (en) | Enabling communication between virtual machines and virtual devices by hypervisor-controlled firmware | |
Christopher et al. | Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems | |
Lee | Scalable architectural support for trusted software | |
Shin | Unlimited—ftp ijS rO VO | |
Singh | Fundamental of Windows |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: VMWARE, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEN, XIAOXIN;WALDSPURGER, CARL A.;SUBRAHMANYAM, PRATAP;REEL/FRAME:021760/0685 Effective date: 20081028 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |