WO2007050797A3 - Moniteur de machine virtuelle securise - Google Patents

Moniteur de machine virtuelle securise Download PDF

Info

Publication number
WO2007050797A3
WO2007050797A3 PCT/US2006/041851 US2006041851W WO2007050797A3 WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3 US 2006041851 W US2006041851 W US 2006041851W WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
secure
machine
operating systems
machine monitor
Prior art date
Application number
PCT/US2006/041851
Other languages
English (en)
Other versions
WO2007050797A2 (fr
Inventor
William S Worley Jr
Original Assignee
Secure64 Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secure64 Software Corp filed Critical Secure64 Software Corp
Priority to EP06826781A priority Critical patent/EP1955154A2/fr
Priority to JP2008537955A priority patent/JP2009514104A/ja
Publication of WO2007050797A2 publication Critical patent/WO2007050797A2/fr
Publication of WO2007050797A3 publication Critical patent/WO2007050797A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45566Nested virtual machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Des modes de réalisation de la présente invention ont trait à des moniteurs de machine virtuelle sécurisés et des systèmes d'exploitation de niveau de base sécurisés qui, à leur tour, fournissent des environnements d'exécution sécurisés pour des systèmes d'exploitation hôtes et certaines fonctions spéciales qui peuvent être en interface directe avec des système d'exploitation de niveau de base. La sécurité est réalisée grâce à l'utilisation d'un composant vérifiable de petite taille d'une fondation sécurisée qui exécute au niveau de privilège le plus élevé entre l'interface matérielle et le moniteur de machine virtuelle. Le moniteur de machine virtuelle et la fondation sécurisée utilisent des moniteurs de systèmes d'exploitation hôtes de moniteur de machine virtuelle, une parcellisation de mémoire, et des appels authentifiés pour l'isolement sécurisé d'entités computationnelles les unes des autres au sein du système informatique.
PCT/US2006/041851 2005-10-25 2006-10-25 Moniteur de machine virtuelle securise WO2007050797A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP06826781A EP1955154A2 (fr) 2005-10-25 2006-10-25 Moniteur de machine virtuelle securise
JP2008537955A JP2009514104A (ja) 2005-10-25 2006-10-25 セキュアな仮想マシンモニタ

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US73047805P 2005-10-25 2005-10-25
US60/730,478 2005-10-25

Publications (2)

Publication Number Publication Date
WO2007050797A2 WO2007050797A2 (fr) 2007-05-03
WO2007050797A3 true WO2007050797A3 (fr) 2009-05-07

Family

ID=37968567

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/041851 WO2007050797A2 (fr) 2005-10-25 2006-10-25 Moniteur de machine virtuelle securise

Country Status (3)

Country Link
EP (1) EP1955154A2 (fr)
JP (1) JP2009514104A (fr)
WO (1) WO2007050797A2 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2929733B1 (fr) * 2008-04-08 2010-08-27 Eads Defence And Security Syst Systeme et procede de securisation d'un ordinateur comportant un micronoyau
CN101770410B (zh) * 2009-01-07 2016-08-17 联想(北京)有限公司 基于客户操作系统的系统还原方法、虚拟机管理器及系统
US8806231B2 (en) 2009-12-22 2014-08-12 Intel Corporation Operating system independent network event handling
WO2012086106A1 (fr) * 2010-12-21 2012-06-28 パナソニック株式会社 Système d'ordinateur virtuel et procédé de commande de système d'ordinateur virtuel
GB2490738A (en) * 2011-05-13 2012-11-14 En Twyn Ltd A power line communications network controlled by an operating system in which network terminals include a processor.
KR101259716B1 (ko) 2011-07-08 2013-04-30 주식회사 엘지유플러스 이동단말의 보안을 강화하는 시스템 및 방법
CN102779250B (zh) * 2012-06-29 2016-04-13 腾讯科技(深圳)有限公司 文件可控执行的检测方法及虚拟机
BR112015002316A2 (pt) * 2012-08-03 2017-07-04 Univ North Carolina State métodos, sistemas, e meios legíveis por computador para monitoramento ativo, proteção de memória e verificação de integridade de dispositivos alvos
CN112464221A (zh) * 2019-09-09 2021-03-09 北京奇虎科技有限公司 内存访问行为的监控方法及系统
US11954337B2 (en) * 2021-08-26 2024-04-09 International Business Machines Corporation Encryption monitor register and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Also Published As

Publication number Publication date
EP1955154A2 (fr) 2008-08-13
WO2007050797A2 (fr) 2007-05-03
JP2009514104A (ja) 2009-04-02

Similar Documents

Publication Publication Date Title
WO2007050797A3 (fr) Moniteur de machine virtuelle securise
WO2008051842A3 (fr) Procédés et systèmes pour accéder à des fichiers d'utilisateur à distance associés à des ressources locales
MXPA05007141A (es) Manejo con base en un modelo de sistemas de computadora y aplicaciones distribuidas.
GB2421101B (en) Distributed lock
WO2005086802A3 (fr) Systeme de compte lie utilisant une cle numerique personnelle
WO2007001635A3 (fr) Modele de confiance pour contenu actif
WO2007095097A3 (fr) Fonction d'authentification sécurisée
WO2007081834A3 (fr) Identification et authentification graphique pour bureau multi-utilisateurs
WO2006133383A3 (fr) Procedes, systemes et progiciels pour port de dispositifs d'acces dynamique au reseau, et configuration de terminal utilisateur pour la mise en oeuvre de politiques a base de dispositifs et d'utilisateurs
WO2011058552A3 (fr) Système kvm sécurisé doté de multiples fonctions edid émulées
WO2009122296A3 (fr) Système permettant d'enrayer l'utilisation non autorisée d'un dispositif
WO2011145095A3 (fr) Carte mère d'ordinateur disposant de fonctions de sécurité de périphérique
WO2009122290A3 (fr) Système permettant d'enrayer l'utilisation non autorisée d'un dispositif
WO2005029249A8 (fr) Systeme de reseau securise et procede d'utilisation associe
Riddle et al. A survey on the security of hypervisors in cloud computing
WO2006094301A3 (fr) Systeme de diagnostic et de rapport de materiel et de logiciel informatique
WO2009131959A3 (fr) Architecture orientée composant pour site web composite
TW200636567A (en) Systems and methods for multi-level intercept processing in a virtual machine environment
WO2010060704A3 (fr) Authentification d’un canal de communication secondaire à base de jeton de client à serveur à travers des canaux de communication principaux authentifiés
WO2009122291A3 (fr) Procédé permettant d'enrayer l'utilisation non autorisée d'un dispositif
WO2009049227A3 (fr) Systèmes, procédés et circuits pour identifier un microcourt-circuit
EP1901238A3 (fr) Dispositif de contrôle d'authentification et d'accès
PH12014502633A1 (en) Network based management of protected data sets
WO2011001371A3 (fr) Procédé de commande et de surveillance à distance des données générées sur un logiciel de bureau
WO2008103778A3 (fr) Système et procédé de protection de mots de passe

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2008537955

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006826781

Country of ref document: EP