公开(公告)号：WO2008091462A1

公开(公告)日：2008-07-31

申请号：PCT/US2007/088219

申请日：2007-12-19

Applicant: MICROSOFT CORPORATION

Inventor： BAKER, Brandon ,  FIELD, Scott, A. ,  TRAUT, Eric ,  SINHA, Suyash ,  GANGULY, Joy ,  FOLTZ, Forrest ,  CUTLER, David

IPC: G06F9/06 ,  G06F11/30

CPC classification number: G06F21/552 ,  G06F9/468 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.

Abstract translation: 本文档描述了能够使保护代理能够从不能从操作系统特权模式访问的存储器确定操作系统的一个或多个资源是否已被修改的工具。 在某些情况下，这些工具可能使保护代理能够驻留在虚拟机监视器中。 在其他情况下，这些工具可以使保护代理能够驻留在由虚拟机监视器提供的不同的虚拟分区中。 通过在操作系统特权模式之外操作，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

公开(公告)号：EP2106583A1

公开(公告)日：2009-10-07

申请号：EP07869567.3

申请日：2007-12-19

Applicant: Microsoft Corporation

Inventor： BAKER, Brandon ,  FIELD, Scott, A. ,  TRAUT, Eric ,  SINHA, Suyash ,  GANGULY, Joy ,  FOLTZ, Forrest ,  CUTLER, David

IPC: G06F9/06 ,  G06F11/30

CPC classification number: G06F21/552 ,  G06F9/468 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.