Invention Grant
- Patent Title: Enforcing isolation among plural operating systems
- Patent Title (中): 在多个操作系统之间实现隔离
-
Application No.: US10741629Application Date: 2003-12-19
-
Publication No.: US07975117B2Publication Date: 2011-07-05
- Inventor: Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
- Applicant: Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
- Applicant Address: US WA Redmond
- Assignee: Microsoft Corporation
- Current Assignee: Microsoft Corporation
- Current Assignee Address: US WA Redmond
- Agency: Woodcock Washburn LLP
- Main IPC: G06F13/00
- IPC: G06F13/00
Abstract:
Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
Public/Granted literature
- US20040205203A1 Enforcing isolation among plural operating systems Public/Granted day:2004-10-14
Information query
