-
1.发明授权System and method to enhance memory protection for programs in a virtual machine environment 有权用于增强虚拟机环境中程序的内存保护的系统和方法公开(公告)号:US08745308B2
公开(公告)日:2014-06-03
申请号:US13693552
申请日:2012-12-04
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Pratap Subrahmanyam
IPC: G06F12/00
CPC classification number: G06F12/08 , G06F9/45558 , G06F12/145 , G06F21/79 , G06F2009/45583
Abstract: In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software.
Abstract translation: 在支持虚拟化软件的执行和虚拟系统硬件的至少一个实例的计算机系统中,向虚拟化软件提供接口以允许程序直接定义其存储在物理存储器中的程序数据的访问特性。 该技术包括向虚拟化软件提供识别存储器页面及其访问特性的数据,然后从指定的数据导出存储器访问特性。 可选地,程序还可以指定在发生与所识别的存储器页面的访问相关联的故障时执行的预定义功能。 以这种方式,在虚拟化软件内部和外部运行的程序可以保护他的存储器页面,而不受操作系统软件的中介。
-
公开(公告)号:US09740637B2
公开(公告)日:2017-08-22
申请号:US14048515
申请日:2013-10-08
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Dan Boneh
CPC classification number: G06F12/1408 , G06F12/1491 , G06F21/6218 , G06F2212/151
Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
-
公开(公告)号:US09658878B2
公开(公告)日:2017-05-23
申请号:US14467974
申请日:2014-08-25
Applicant: VMware, Inc.
Inventor: Daniel R. K. Ports , Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel
CPC classification number: G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.
-
公开(公告)号:US10048982B2
公开(公告)日:2018-08-14
申请号:US15138136
申请日:2016-04-25
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
-
公开(公告)号:US09336033B2
公开(公告)日:2016-05-10
申请号:US14071455
申请日:2013-11-04
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
CPC classification number: G06F9/461 , G06F9/4486 , G06F9/45533 , G06F9/45558 , G06F9/4881 , G06F11/1451 , G06F11/1484 , G06F2009/45562 , G06F2009/45583 , G06F2201/815 , G06F2201/84
Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
Abstract translation: 基于虚拟机的系统,其识别虚拟机中的应用或进程,以便定位与所识别的应用相关联的资源。 然后基于所识别的应用的上下文来控制对所定位的资源的访问。 那些没有必要上下文的应用程序将具有不同的资源视图。
-
Patent Agency Ranking
公开(公告)号:US08756397B2
公开(公告)日:2014-06-17
申请号:US13743880
申请日:2013-01-17
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Anil Rao
IPC: G06F13/00
CPC classification number: G06F9/45545 , G06F9/45533 , G06F9/45558 , G06F9/5016 , G06F9/5077 , G06F12/023 , G06F12/08 , G06F12/109 , G06F2009/45583 , G06F2209/508 , G06F2212/151
Abstract: A resource scheduler for managing a distribution of host physical memory (HPM) among a plurality of virtual machines (VMs) monitors usage by each of the VMs of respective guest physical memories (GPM) to determine how much of the HPM should be allocated to each of the VMs. On determining that an amount of HPM allocated to a source VM should be reallocated to a target VM, the scheduler sends allocation parameters to a balloon application executing in the source VM causing it to reserve and write a value to a guest virtual memory (GVM) location in the source VM. The scheduler identifies the HPM location that corresponds to the reserved GVM and allocates it to the target VM by mapping a guest physical memory location of the target VM to the HPM location.
Abstract translation: 用于管理多个虚拟机(VM)中的主机物理存储器(HPM)的分发的资源调度器监视每个客户物理存储器(GPM)的每个VM的使用情况,以确定应该将多少HPM分配给每个 的虚拟机。 在确定分配给源VM的HPM数量应该重新分配给目标VM时,调度程序将分配参数发送到在源虚拟机中执行的气球应用程序,从而使其预留并将值写入来宾虚拟内存(GVM) 源VM中的位置。 调度程序标识与保留的GVM相对应的HPM位置,并通过将目标VM的访客物理内存位置映射到HPM位置来将其分配给目标VM。
-
公开(公告)号:US10241819B2
公开(公告)日:2019-03-26
申请号:US15055468
申请日:2016-02-26
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
IPC: G06F9/455 , G06F12/109 , G06F12/14
Abstract: Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.
-
公开(公告)号:US08543790B2
公开(公告)日:2013-09-24
申请号:US13743853
申请日:2013-01-17
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspruger , Anil Rao
CPC classification number: G06F9/45545 , G06F9/45533 , G06F9/45558 , G06F9/5016 , G06F9/5077 , G06F12/023 , G06F12/08 , G06F12/109 , G06F2009/45583 , G06F2209/508 , G06F2212/151
Abstract: A resource scheduler for managing a distribution of host physical memory (HPM) among a plurality of virtual machines (VMs) monitors usage by each of the VMs of respective guest physical memories (GPM) to determine how much of the HPM should be allocated to each of the VMs. On determining that an amount of HPM allocated to a source VM should be reallocated to a target VM, the scheduler sends allocation parameters to a balloon application executing in the source VM causing it to reserve and write a value to a guest virtual memory (GVM) location in the source VM. The scheduler identifies the HPM location that corresponds to the reserved GVM and allocates it to the target VM by mapping a guest physical memory location of the target VM to the HPM location.
Abstract translation: 用于管理多个虚拟机(VM)中的主机物理存储器(HPM)的分发的资源调度器监视每个客户物理存储器(GPM)的每个VM的使用情况,以确定应该将多少HPM分配给每个 的虚拟机。 在确定分配给源VM的HPM数量应该重新分配给目标VM时,调度程序将分配参数发送到在源虚拟机中执行的气球应用程序,从而使其预留并将值写入来宾虚拟内存(GVM) 源VM中的位置。 调度程序标识与保留的GVM相对应的HPM位置,并通过将目标VM的访客物理内存位置映射到HPM位置来将其分配给目标VM。
-
公开(公告)号:US10977074B2
公开(公告)日:2021-04-13
申请号:US16102411
申请日:2018-08-13
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam
Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
-
公开(公告)号:US10169253B2
公开(公告)日:2019-01-01
申请号:US15682056
申请日:2017-08-21
Applicant: VMware, Inc.
Inventor: Xiaoxin Chen , Carl A. Waldspurger , Pratap Subrahmanyam , Tal Garfinkel , Dan Boneh
Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.017 seconds)
