US20030229794A1 - System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container - Google Patents
System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine containerDownload PDFInfo
- Publication number
- US20030229794A1 US20030229794A1US10/165,597US16559702AUS2003229794A1US 20030229794 A1US20030229794 A1US 20030229794A1US 16559702 AUS16559702 AUS 16559702AUS 2003229794 A1US2003229794 A1US 2003229794A1
- Authority
- US
- United States
- Prior art keywords
- code
- mode
- processor
- handler
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Definitions
- the present disclosurerelates generally to microprocessor systems, and more specifically to microprocessor systems that may operate in a trusted or secured environment.
- Processorsmay operate in several processor operating modes depending upon the immediate requirements of system operation.
- processorsmay have a supervisor mode, a user mode, and sometimes other special-purpose modes.
- Supervisor modemay support the execution of the operating system, and may enable the execution of most instructions, including privileged instructions. Access may be given in supervisor mode to a different address space and peripheral devices.
- User modemay be restricted to non-privileged instructions when compared with supervisor mode, so that user code may not disrupt system functionality.
- processorsmay be designed to support an operating mode having the ability to operate in operating system transparent or quasi-transparent manner, or in a privilege-level independent manner, for the purpose of executing low-level patches.
- a modemay be defined as a “sub operating system mode”.
- One such modeis the system management mode (SMM) of the Intel® Pentium® processor family and compatible processors. (See Chapter 14 of the Pentium® 4 Processor Software Developer's Manual, Vol.
- sub operating system modesmay exist in a MIPS Technologies® MIPS32TM or MIPS64TM architecture processor, in an IBM® PowerPCTM architecture processor, in a SPARC International® SPARC® architecture processor, or in many other processors.
- the existence of a sub operating system modemay have additional system benefits, such as supporting transitions into a power-down mode.
- existing sub operating system mode implementationsmay have no privilege restrictions or address mapping restrictions.
- Sub operating system modesmay be invoked by a dedicated sub operating system mode interrupt, sometimes generated by system firmware or system hardware. This dedicated sub operating system mode interrupt is usually designed to be non-maskable in order to respond to the exigencies that required the entry into the mode.
- a sub operating system modemay generally have the following major mechanisms.
- the only way to enter the modeis by means of a special sub operating system mode interrupt.
- the dedicated sub operating system mode interruptis called a system management interrupt (SMI).
- SMMsystem management interrupt
- the processormay execute the mode's code in a separate address space.
- SMRAMsystem management random-access memory
- the processorsaves the context of the interrupted program or task within the separate address space. For example, in SMM the context is saved into SMRAM.
- normal interruptsmay be disabled.
- the modemay be exited by means of a resume instruction that may only be executed while executing within the mode.
- FIG. 1is a memory mapping of system management mode code in system management RAM in an existing implementation.
- FIG. 2is a diagram of an exemplary software environment having trusted and untrusted areas, according to one embodiment.
- FIG. 3is a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2, according to one embodiment of the present invention.
- FIG. 4is a diagram showing a system management code operating in a virtual machine container, according to one embodiment of the present invention.
- FIG. 5is diagram showing system management interrupt redirection, according to one embodiment of the present invention.
- FIG. 6is a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2, according to another embodiment of the present invention.
- FIG. 7is diagram showing system management interrupt redirection, according to another embodiment of the present invention.
- the sub operating system mode interruptmay be first directed to a handler in a trusted code that controls virtual machine access to system resources. This direction to the handler may be accomplished by allowing the trusted code to read and write to the interrupt service register in the processor containing the location of the code required to service such a sub operating system mode interrupt.
- An interrupt service registermay generally be defined as a register that is used to determine that code that should be executed on receipt of an interrupt.
- the sub operating system mode interruptwill then be re-directed to sub operating system mode code, located in another virtual machine that is under the security control of the above trusted code, for interrupt servicing.
- a microprocessor's virtualization architecturemay be such that, when trusted code has been established, the sub operating system mode interrupt will no longer use the normal interrupt service register but will instead cause a transition to the trusted code consistent with the virtualization architecture.
- the SMM code execution within a secure or trusted environmentmay begin by having the system management interrupt (SMI) first be directed to a handler in a secured virtual machine monitor (SVMM). This direction to the handler may be accomplished by allowing the SVMM to read and write a system management base (SMBASE) register in the processor (PSMBASE). The SMI will then be re-directed to SMM code located in a virtual machine (VM) that is under the security control of the SVMM.
- the processor's virtualization architecturemay disable use of the PSMBASE register and cause redirection of all SMIs to the SVMM directly.
- the SMM codemay be granted access to all system resources except the protected pages in memory, and the associated system controls that maintain this protection.
- the SMIsmay be directed to a handler within SVMM first.
- This handlermay establish a suitable virtual machine (VM) container for the SMM code, and re-direct the SMI to that code.
- VMvirtual machine
- the SMM codemay be prevented from accessing various system resources, such as memory, that the SVMM has deemed protected.
- the SMM codemay now be written to conform to VM requirements.
- One such conforming changemay be that the SMM code be written in either flat protected mode or in some other page memory access mode.
- SMMsystem management mode
- SMBASEsystem management base
- the chipset SMBASE register's content CSMBASEmay define the boundaries of SMRAM.
- the SMRAMmay occupy the space between CSMBASE 120 and CSMBASE+FFFF hex 132 .
- each processorin order to support two or more processors executing SMM code at the same time, each processor may have its own dedicated SMRAM space.
- the processors' SMBASE register content PSMBASEmay define code-entry points and state save locations within SMRAM. For example, within SMRAM a standard code-entry point may be located at CSMBASE+8000 hex 124 .
- the value of CSMBASEmay be written at system initialization to each processor's SMBASE register, thereby allowing each processor to go to the SMM code-entry point upon receipt of an SMI.
- the processorPrior to entry into SMM code, the processor may in one embodiment store state data in a state save area between an address PSMBASE+FE00 hex 128 and the end of SMRAM at location SMBASE+FFFF hex 132 .
- each processor's SMBASE registermay contain a different value of PSMBASE, permitting differing code-entry points and locations for storing state data.
- the state datamay include the values of control registers, flags, an auto halt restart field, an input/output (I/O) instruction restart field, and an SMM revision identifier. Some of the locations within SMRAM may be modified by an SMI handler.
- SMMresume
- This existing RSM instructionmay only be issued within SMM, and it restores the state values previously stored within SMRAM. The use of this existing SMM design is well-known in the art.
- trusted and untrusted softwaremay be loaded simultaneously and may execute simultaneously on a single computer system.
- a SVMM 250selectively permits or prevents direct access to hardware resources 280 from untrusted operating system 240 (or, if multiple untrusted virtual machines are implemented, multiple operating systems) and untrusted applications 210 through 230 .
- untrusteddoes not necessarily mean that the operating system or applications are deliberately misbehaving, but that the size and variety of interacting code makes it impractical to reliably assert that the software is behaving as desired, and that there are no viruses or other foreign code interfering with its execution.
- the untrusted codemight consist of the normal operating system and applications found on today's personal computers.
- SVMM 250also selectively permits or prevents direct access to hardware resources 280 from one or more trusted or secure kernels 260 and one or more trusted applications 270 .
- a trusted or secure kernel 260 and trusted applications 270may be limited in size and functionality to aid in the ability to perform trust analysis upon it.
- the trusted application 270may be any software code, program, routine, or set of routines which is executable in a secure environment.
- the trusted application 270may be a variety of applications, or code sequences, or may be a relatively small application such as a Java applet.
- Instructions or operations normally performed by operating system 240 or kernel 260 that could alter system resource protections or privilegesmay be trapped by SVMM 250 , and selectively permitted, partially permitted, or rejected.
- instructions that change the processor's page table that would normally be performed by operating system 240 or kernel 260would instead be trapped by SVMM 250 , which would ensure that the request was not attempting to change page privileges outside the domain of its virtual machine.
- One way of viewing this systemis that operating system 240 , kernel 260 , and SVMM 250 are all virtual machines, with operating system 240 virtual machine and kernel 260 virtual machine executing within the SVMM 250 virtual machine.
- a hierarchy of virtual machinesis created.
- a virtual machinemay be defined as any multi-user shared-resource operating system that gives each user the appearance of having sole control of all the resources of the system, or virtual machine may also be defined as an operating system that is in turn managed by an underlying control program.
- CPU A 310 , CPU B 314 , CPU C 318 , and CPU D 322may be configured with additional microcode or logic circuitry to support the execution of special instructions.
- the processorsmay be Intel® Pentium® class microprocessors with certain special modifications in accordance with an embodiment of the present invention. These special instructions may support the issuance of special bus messages on system bus 320 that may enable the proper synchronization of SVMM 250 operation in the processors.
- chipset 330may support the above-mentioned special cycles on system bus 320 .
- the number of physical processorsmay vary upon the implementation of a particular embodiment.
- the four processors CPU A 310 , CPU B 314 , CPU C 318 , and CPU D 322are shown as four separate hardware entities.
- the number of processorsmay differ. Indeed, the processors may be replaced by separate threads, each running on one of the physical processors. In the latter case these threads possess many of the attributes of additional physical processors.
- the expression “logical processor”may be used to describe either a physical processor or a thread operating in one of the physical processors. Thus, one single-threaded processor may be considered a logical processor, and multi-threaded or multi-core processors may be considered multiple logical processors.
- Modifications to processorsmay include, in one embodiment, changes to the behavior of registers and new or modified instructions.
- CPU C 318may include a new instruction secure enter (SENTER) 324 .
- the SENTER 324 instructionupon execution, may enable the initiation of secure or trusted operations as shown in FIG. 2 above.
- SENTER 324may enable multiple logical processors to synchronize their entry into secure or trusted operations.
- SENTER 324may also permit writing to the PSMBASE register 316 of CPU C 318 in certain circumstances to support secure or trusted SMM operations.
- CPU C 318may also include a modified resume (RSM) 326 instruction.
- the modified RSM 326may permit a return from SMM that supports secure or trusted operations. Ordinarily RSM instructions may only be executed from within SMM.
- the modified RSM 326may be executed from within normal page mode.
- the modified RSM 326 instructionmay perform a special system call, called a VMexit, back to an SVMM handler for SMI.
- the chipset 330may service read and write requests carried from the CPUs on the system bus 320 , and may then perform the physical read and write operations on physical memory 334 . Allocation of SMRAM within memory 334 may be facilitated by a chipset SMBASE register 331 containing the value of CSMBASE.
- the chipset 330additionally may connect to specialized input/output (I/O) channels, such as an advanced graphics port (AGP) 336 .
- Chipset 330may control access to pages of memory within physical memory 334 from processors CPU A 310 , CPU B 314 , CPU C 318 and CPU D 322 , and additionally from I/O devices. Such devices may include mass storage devices such as fixed media 344 or removable media 348 .
- the fixed media 344 or removable media 348may be magnetic disks, magnetic tape, magnetic diskettes, magneto-optical drives, CD-ROM, DVD-ROM, Flash memory cards, or many other forms of mass storage.
- Fixed media 344 or removable media 348may be connected to chipset 330 via peripheral component interconnect (PCI) bus 346 , or, alternately, via a universal serial bus (USB) 342 , an integrated controller electronics (IDE) bus (not shown), or a small computer systems interconnect (SCSI) bus (not shown).
- PCIperipheral component interconnect
- USBuniversal serial bus
- IDEintegrated controller electronics
- SCSIsmall computer systems interconnect
- the SVMM 364may permit or deny the access of a VM to specific pages within memory 334 .
- the pages of memory that the VM are denied access tomay be called “locked” pages, whereas the pages that the VM are permitted access to may be called “unlocked” pages.
- Within locked memory pages 360may be located SVMM 364 and modules within SVMM 364 to support secure SMM operation.
- such modulesmay include an SVMM SMM handler 366 and a virtual machine exit (VMexit)/virtual machine call (VMcall) handler 368 .
- the functions of the SVMM SMM handler 366 and the VMexit/VMcall handler 368may be combined or may be distributed among other modules.
- SMM VM 370may include software code similar to standard SMM code but modified to operate in a virtual machine container. Such modifications in SMM VM 370 may include code prepared for execution in page mode rather than normal SMM.
- the memory controller and I/O device controller functions of chipset 330are shown in the FIG. 3 embodiment as being implemented on a single separate integrated circuit.
- a separate memory controller integrated circuitmay generally implement the memory, controller functions described above for chipset 330 .
- a separate I/O device controller integrated circuitmay generally implement the I/O device controller functions described above for chipset 330 .
- the memory controller functions of chipset 330may be implemented in circuitry on the CPU integrated circuits, permitting several CPUs to each have direct access to certain amounts of physical memory. In such an embodiment, the memory controller functions of chipset 330 may be divided among the several CPU integrated circuits, or for multiple processors may be included on a single die.
- FIG. 4a diagram of a system management code (SMM) operating in a virtual machine (VM) container is shown, according to one embodiment of the present invention.
- SVMM 450has two additional modules to support secure or trusted SMM operations.
- the SVMM SMM handler 452establishes the SMM code in a SMM VM 490 in response to the execution of an SENTER instruction.
- the VMexit/VMcall handler 454handles entry into and exit from the SMM VM 490 due to the intentional lower privilege level of SMM VM 490 within its VM container.
- the SVMM SMM handler 452 and the VMexit/VMcall handler 454may be the same software module.
- the SVMM SMM handler 452may perform several functions. During the transition into secure or trusted operations, following the execution of an SENTER command by a processor, the SVMM SMM handler 452 loads and initiates the SMM VM 490 code in a virtual machine container. In some embodiments, SVMM SMM handler 452 would then write an entry location within itself into the modified SMBASE register of each processor in the system. This entry location permits an SMI to be directed first to the SVMM SMM handler 452 .
- the SVMM SMM handler 452also establishes a space within the locked memory pages to store the state data that needs to be saved upon entry into SMM operations. Examples of this state data are discussed above in connection with FIG. 1. Placing this state data within locked memory pages prevents unauthorized disclosure or manipulation of the state data.
- the VMexit/VMcall handler 454may perform several functions. VMexit/VMcall handler 454 may handle entries into and exits from SMM VM 490 subsequent to the initial entry. VMexit/VMcall handler 454 may also handle exceptions raised when SMM VM 490 attempts to read from or write to locked memory pages. Portions of VMexit/VMcall handler 454 may determine whether certain of these reads from or writes to locked memory pages should be allowed to proceed depending upon circumstances. In one embodiment, reads from or writes to locked memory pages may be permitted if VMexit/VMcall handler 454 determines that the location targeted within the locked memory pages does not contain trusted data.
- the SMM VM 490contains the desired SMM code, modified from SMM mode format to now execute in a page memory access mode.
- the SMM code in the SMM VM 490executes as written, with the exceptional case of those instructions to create memory reads and writes to the locked memory pages.
- the SMM codemay invoke VMexit/VMcall handler 454 .
- SMM codemay make an explicit call to the VMexit/VMcall handler 454 , or may make an indirect call by allowing an exception to trap to VMexit/VMcall handler 454 . In either case VMexit/VMcall handler 454 handles these circumstances.
- FIG. 5a diagram of a system management interrupt redirection is shown, according to one embodiment of the present invention.
- the processorexamines its SMBASE register. Since the SVMM SMM handler 452 upon initialization wrote an internal memory location into modified SMBASE register within the processor, the processor begins execution of SVMM SMM handler 452 .
- SVMM SMM handler 452stores state data within a locked memory page, and then issues a virtual mode enter (VMenter) call to the actual SMM code within SMM VM 490 .
- the SMImay cause invocation of the SVMM's VMexit handler.
- the SMM code within SMM VM 490executes until it attempts to read from or write to a memory location within a locked memory page. Then either by an explicit call, or by an exception causing a trap, a VMexit/VMcall 524 may be made to invoke VMexit/VMcall handler 454 .
- the VMexit/VMcall handler 454performs those memory accesses that it deems permissible, and then returns to SMM VM 490 by another VMenter 522 . This process may repeat several times until the desired SMM code within SMM VM 490 is finished. At this time the SMM code exits via a final VMexit/VMcall 524 to VMexit/VMcall handler 454 .
- the VMexit/VMcall handler 454would then exit to the SVMM SMM handler 452 through the execution of a modified resume instruction SMM VM code RSM 526 .
- the SVMM SMM handler 452 and the VMexit/VMcall handler 454might be combined, and these operations might be carried out in software.
- the processorresumes its original operation.
- FIG. 6a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2 is shown, according to another embodiment of the present invention.
- CPU A 610 , CPU B 614 , CPU C 618 , and CPU D 622may be configured with additional microcode or logic circuitry to support the execution of special instructions. Modifications to the processors may include, in one embodiment, changes to the behavior of registers and new or modified instructions.
- CPU C 618may include a new instruction “virtual machine monitor initialization” (VMMINIT) 624 .
- the VMMINIT 624 instructionupon execution, may enable the initiation of secure or trusted operations as shown in FIG. 2 above.
- VMMINIT 624may also disable normal operations of the PSMBASE register 616 of CPU C 618 in certain circumstances to support secure or trusted SMM operations. In such an embodiment, CPU C 618 may then redirect an SMI to a code entry point and state save area within VMexit/VMcall handler 668 prearranged by the security environment rules.
- CPU C 618may also include a modified resume (RSM) 626 instruction.
- the modified RSM 626may permit a return from SMM that supports secure or trusted operations. Ordinarily RSM instructions may only be executed from within SMM.
- the modified RSM 626may be executed from within normal page mode.
- the modified RSM 626 instructionmay perform a special system call, called a VMexit, back to invoke VMexit/VMcall handler 668 .
- the chipset 630may service read and write requests carried from the CPUs on the system bus 620 , and may then perform the physical read and write operations on physical memory 634 . Allocation of SMRAM within memory 634 may be facilitated by a chipset SMBASE register 631 containing the value of CSMBASE.
- the SVMM 664may permit or deny the access of a VM to specific pages within memory 634 .
- the pages of memory that the VM are denied access tomay be called “locked” pages, whereas the pages that the VM are permitted access to may be called “unlocked” pages.
- Within locked memory pages 660may be located SVMM 664 and a module within SVMM 664 to support secure SMM operation.
- the modulemay be VMexit/VMcall handler 668 .
- the functions of the VMexit/VMcall handler 668may be combined or may be distributed among other modules.
- Other pages of memorymay remain unlocked, such as unlocked memory pages 662 .
- Within unlocked memory pages 662may be located standard operating systems 672 .
- SMM VM 670may include software code similar to standard SMM code but modified to operate in a virtual machine container. Such modifications in SMM VM 670 may include code prepared for execution in page mode rather than normal SMM.
- FIG. 7a diagram of system management interrupt redirection is shown, according to another embodiment of the present invention.
- SVMM 750has two additional modules to support secure or trusted SMM operations.
- the VMexit/VMcall handler 754establishes the SMM code in a SMM VM 790 in response to the execution of an VMMINIT instruction, and additionally handles entry into and exit from the SMM VM 790 due to the intentional lower privilege level of SMM VM 790 within its VM container.
- the VMexit/VMcall handler 754may perform several functions. During the transition into secure or trusted operations, following the execution of a VMMINIT command by a processor, the VMexit/VMcall handler 754 loads and initiates the SMM VM 790 code in a virtual machine container. The VMexit/VMcall handler 754 also establishes a space within the locked memory pages to store the state data that needs to be saved upon entry into SMM operations.
- the VMexit/VMcall handler 754may perform several additional functions. VMexit/VMcall handler 754 may handle entries into and exits from SMM VM 790 . VMexit/VMcall handler 754 may also handle exceptions raised when SMM VM 790 attempts to read from or write to locked memory pages. Portions of VMexit/VMcall handler 754 may determine whether certain of these reads from or writes to locked memory pages should be allowed to proceed depending upon circumstances. In one embodiment, reads from or writes to locked memory pages may be permitted if VMexit/VMcall handler 754 determines that the location targeted within the locked memory pages does not contain trusted data.
- the SMM VM 790contains the desired SMM code, modified in one embodiment from SMM mode format to now execute in a page memory access mode.
- the SMM code in the SMM VM 790executes as written, with the exceptional case of those instructions to create memory reads and writes to the locked memory pages.
- the SMM codemay invoke VMexit/VMcall handler 754 .
- the SMM codemay make an explicit call to the VMexit/VMcall handler 754 , or may make an indirect call by allowing an exception to trap to VMexit/VMcall handler 754 . In either case VMexit/VMcall handler 754 handles these circumstances.
- the SMM code within SMM VM 790executes until it attempts to read from or write to a memory location within a locked memory page. Then either by an explicit call, or by an exception causing a trap, a VMexit/VMcall 724 may be made to invoke VMexit/VMcall handler 754 .
- the VMexit/VMcall handler 754performs those memory accesses that it deems permissible, and then returns to SMM VM 790 by another VMenter 722 . This process may repeat several times until the desired SMM code within SMM VM 790 is finished. At this time the SMM code exits via a final VMexit/VMcall 724 to VMexit/VMcall handler 754 .
- the VMexit/VMcall handler 454would then exit to normal SVMM 750 operations by first executing a modified resume instruction. This causes the VMexit/VMcall handler 754 to restore the (potentially modified by VMexit/VMcall handler 754 ) state data stored in locked memory pages. Upon the restoration of the state data, the processor resumes its original operation.
- processorseither logical or physical processors
- multi-processor and/or multi-threaded systemsare described in more detail to explain the added complexity associated with securing a system with multiple logical or physical processors.
- An embodiment also likely to be advantageous in less complex systemmay use only one processor.
- the one physical processormay be multi-threading and therefore may include multiple logical processors.
- a single-processor, single-threaded systemmay be used, and still utilize disclosed secure processing techniques. In such cases, the secure processing techniques still operate to reduce the likelihood that data can be stolen or manipulated in an unauthorized manner.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
- The present disclosure relates generally to microprocessor systems, and more specifically to microprocessor systems that may operate in a trusted or secured environment.[0001]
- Processors may operate in several processor operating modes depending upon the immediate requirements of system operation. Generally processors may have a supervisor mode, a user mode, and sometimes other special-purpose modes. Supervisor mode may support the execution of the operating system, and may enable the execution of most instructions, including privileged instructions. Access may be given in supervisor mode to a different address space and peripheral devices. User mode may be restricted to non-privileged instructions when compared with supervisor mode, so that user code may not disrupt system functionality.[0002]
- It is often the case that commercially released software is not a perfect fit on a particular original equipment manufacturer's (OEM) hardware suite. Due to specification misunderstandings or implementation errors, there may be situations where the software attempts to access hardware in a manner not anticipated or supported by the hardware. A simple example could be where a software program expects to place a value in a register at address x whereas the actual register in the hardware is at address x+y. This could cause a system exception.[0003]
- In order to deal with such situations, processors may be designed to support an operating mode having the ability to operate in operating system transparent or quasi-transparent manner, or in a privilege-level independent manner, for the purpose of executing low-level patches. For the purpose of the present application such a mode may be defined as a “sub operating system mode”. One such mode is the system management mode (SMM) of the Intel® Pentium® processor family and compatible processors. (See Chapter 14 of the Pentium® 4 Processor Software Developer's Manual, Vol. III, 2001 edition, order number 245472, available from Intel Corporation of Santa Clara, Calif.) Other sub operating system modes may exist in a MIPS Technologies® MIPS32™ or MIPS64™ architecture processor, in an IBM® PowerPC™ architecture processor, in a SPARC International® SPARC® architecture processor, or in many other processors. The existence of a sub operating system mode may have additional system benefits, such as supporting transitions into a power-down mode. In order to deal with software and hardware mismatches as outlined above, existing sub operating system mode implementations may have no privilege restrictions or address mapping restrictions. Sub operating system modes may be invoked by a dedicated sub operating system mode interrupt, sometimes generated by system firmware or system hardware. This dedicated sub operating system mode interrupt is usually designed to be non-maskable in order to respond to the exigencies that required the entry into the mode.[0004]
- A sub operating system mode may generally have the following major mechanisms. The only way to enter the mode is by means of a special sub operating system mode interrupt. In the case of SMM, the dedicated sub operating system mode interrupt is called a system management interrupt (SMI). The processor may execute the mode's code in a separate address space. For example, when the mode is SMM, the separate address space allows access to system management random-access memory (SMRAM), which may be made inaccessible to the other operating modes. When entering the mode, the processor saves the context of the interrupted program or task within the separate address space. For example, in SMM the context is saved into SMRAM. During the execution within the mode, normal interrupts may be disabled. Finally, the mode may be exited by means of a resume instruction that may only be executed while executing within the mode.[0005]
- The increasing number of financial and personal transactions being performed on local or remote microcomputers has given impetus for the establishment of “trusted” or “secured” microprocessor environments. The problem these environments try to solve is that of loss of privacy, or data being corrupted or abused. Users do not want their private data made public. They also do not want their data altered or used in inappropriate transactions. Examples of these include unintentional release of medical records or electronic theft of funds from an on-line bank or other depository. Similarly, content providers seek to protect digital content (for example, music, other audio, video, or other types of data in general) from being copied without authorization.[0006]
- The existence of a sub operating system mode, such as SMM, is a design challenge for designers of secure or trusted systems. The fact that such a sub operating system mode may have no privilege restrictions or address mapping restrictions is incompatible with secure or trusted system architecture. And this lack of privilege restrictions or address mapping restrictions often cannot be avoided by attempting to mask such a mode's dedicated interrupts, because these are usually designed to be non-maskable.[0007]
- The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:[0008]
- FIG. 1 is a memory mapping of system management mode code in system management RAM in an existing implementation.[0009]
- FIG. 2 is a diagram of an exemplary software environment having trusted and untrusted areas, according to one embodiment.[0010]
- FIG. 3 is a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2, according to one embodiment of the present invention.[0011]
- FIG. 4 is a diagram showing a system management code operating in a virtual machine container, according to one embodiment of the present invention.[0012]
- FIG. 5 is diagram showing system management interrupt redirection, according to one embodiment of the present invention.[0013]
- FIG. 6 is a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2, according to another embodiment of the present invention.[0014]
- FIG. 7 is diagram showing system management interrupt redirection, according to another embodiment of the present invention.[0015]
- The following description describes techniques for permitting the execution of certain system management mode code in a trusted or secured environment in a microprocessor system. In the following description, numerous specific details such as logic implementations, software module allocation, encryption techniques, bus signaling techniques, and details of operation are set forth in order to provide a more thorough understanding of the present invention. It will be appreciated, however, by one skilled in the art that the invention may be practiced without such specific details. In other instances, control structures, gate level circuits and full software instruction sequences have not been shown in detail in order not to obscure the invention. Those of ordinary skill in the art, with the included descriptions, will be able to implement appropriate functionality without undue experimentation. The invention is disclosed in the form of a microprocessor system. However, the invention may be practiced in other forms of processor such as a digital signal processor, a minicomputer, or a mainframe computer.[0016]
- In order to permit limited sub operating system mode code execution within a secure or trusted environment, the sub operating system mode interrupt may be first directed to a handler in a trusted code that controls virtual machine access to system resources. This direction to the handler may be accomplished by allowing the trusted code to read and write to the interrupt service register in the processor containing the location of the code required to service such a sub operating system mode interrupt. (An interrupt service register may generally be defined as a register that is used to determine that code that should be executed on receipt of an interrupt.) The sub operating system mode interrupt will then be re-directed to sub operating system mode code, located in another virtual machine that is under the security control of the above trusted code, for interrupt servicing. Alternatively, a microprocessor's virtualization architecture may be such that, when trusted code has been established, the sub operating system mode interrupt will no longer use the normal interrupt service register but will instead cause a transition to the trusted code consistent with the virtualization architecture.[0017]
- In an exemplary case where the sub operating system mode is the system management mode (SMM), the SMM code execution within a secure or trusted environment may begin by having the system management interrupt (SMI) first be directed to a handler in a secured virtual machine monitor (SVMM). This direction to the handler may be accomplished by allowing the SVMM to read and write a system management base (SMBASE) register in the processor (PSMBASE). The SMI will then be re-directed to SMM code located in a virtual machine (VM) that is under the security control of the SVMM. Alternatively, the processor's virtualization architecture may disable use of the PSMBASE register and cause redirection of all SMIs to the SVMM directly.[0018]
- In one embodiment, the SMM code may be granted access to all system resources except the protected pages in memory, and the associated system controls that maintain this protection. In order to accomplish this, after the initialization of secured operations the SMIs may be directed to a handler within SVMM first. This handler may establish a suitable virtual machine (VM) container for the SMM code, and re-direct the SMI to that code. By executing the SMM code within the VM container, the SMM code may be prevented from accessing various system resources, such as memory, that the SVMM has deemed protected. In one embodiment, the SMM code may now be written to conform to VM requirements. One such conforming change may be that the SMM code be written in either flat protected mode or in some other page memory access mode.[0019]
- Referring now to FIG. 1, a memory mapping of system management mode (SMM) code in system management random-access memory (SMRAM) is shown in one embodiment. During normal system initialization, a section of system random-access memory (RAM)[0020]110 may be set aside for exclusive use by SMM code. This set aside section is called system management RAM (SMRAM). Specific memory locations within SMRAM may be pointed to by interrupt service registers within the chipset or processor, which in one embodiment are called system management base (SMBASE) registers.
- The chipset SMBASE register's content CSMBASE may define the boundaries of SMRAM. For example, the SMRAM may occupy the space between[0021]
CSMBASE 120 and CSMBASE+FFFF hex 132. In other embodiments, in order to support two or more processors executing SMM code at the same time, each processor may have its own dedicated SMRAM space. The processors' SMBASE register content PSMBASE may define code-entry points and state save locations within SMRAM. For example, within SMRAM a standard code-entry point may be located at CSMBASE+8000hex 124. The value of CSMBASE may be written at system initialization to each processor's SMBASE register, thereby allowing each processor to go to the SMM code-entry point upon receipt of an SMI. Prior to entry into SMM code, the processor may in one embodiment store state data in a state save area between an address PSMBASE+FE00 hex 128 and the end of SMRAM at location SMBASE+FFFF hex 132. In other embodiments, in order to support two or more processors executing SMM code at the same time, each processor's SMBASE register may contain a different value of PSMBASE, permitting differing code-entry points and locations for storing state data. - The state data may include the values of control registers, flags, an auto halt restart field, an input/output (I/O) instruction restart field, and an SMM revision identifier. Some of the locations within SMRAM may be modified by an SMI handler. Upon completion of SMM code execution, the original program may be re-entered when the processor executes a resume (RSM) instruction. This existing RSM instruction may only be issued within SMM, and it restores the state values previously stored within SMRAM. The use of this existing SMM design is well-known in the art.[0022]
- Referring now to FIG. 2, a diagram of an exemplary trusted or secured software environment is shown, according to one embodiment of the present invention. In the FIG. 2 embodiment, trusted and untrusted software may be loaded simultaneously and may execute simultaneously on a single computer system. A[0023]
SVMM 250 selectively permits or prevents direct access tohardware resources 280 from untrusted operating system240 (or, if multiple untrusted virtual machines are implemented, multiple operating systems) and untrusted applications210 through230. In this context, “untrusted” does not necessarily mean that the operating system or applications are deliberately misbehaving, but that the size and variety of interacting code makes it impractical to reliably assert that the software is behaving as desired, and that there are no viruses or other foreign code interfering with its execution. In a typical embodiment, the untrusted code might consist of the normal operating system and applications found on today's personal computers. - SVMM[0024]250 also selectively permits or prevents direct access to
hardware resources 280 from one or more trusted or secure kernels260 and one or more trusted applications270. Such a trusted or secure kernel260 and trusted applications270 may be limited in size and functionality to aid in the ability to perform trust analysis upon it. The trusted application270 may be any software code, program, routine, or set of routines which is executable in a secure environment. Thus, the trusted application270 may be a variety of applications, or code sequences, or may be a relatively small application such as a Java applet. - Instructions or operations normally performed by[0025]
operating system 240 or kernel260 that could alter system resource protections or privileges may be trapped bySVMM 250, and selectively permitted, partially permitted, or rejected. As an example, in a typical embodiment, instructions that change the processor's page table that would normally be performed byoperating system 240 or kernel260 would instead be trapped bySVMM 250, which would ensure that the request was not attempting to change page privileges outside the domain of its virtual machine. One way of viewing this system is thatoperating system 240, kernel260, andSVMM 250 are all virtual machines, withoperating system 240 virtual machine and kernel260 virtual machine executing within theSVMM 250 virtual machine. Thus a hierarchy of virtual machines is created. Here in one embodiment a virtual machine may be defined as any multi-user shared-resource operating system that gives each user the appearance of having sole control of all the resources of the system, or virtual machine may also be defined as an operating system that is in turn managed by an underlying control program. - Referring now to FIG. 3, one embodiment of a[0026]
microprocessor system 300 adapted to support the secured software environment of FIG. 2 is shown.CPU A 310,CPU B 314,CPU C 318, andCPU D 322 may be configured with additional microcode or logic circuitry to support the execution of special instructions. In one embodiment, the processors may be Intel® Pentium® class microprocessors with certain special modifications in accordance with an embodiment of the present invention. These special instructions may support the issuance of special bus messages onsystem bus 320 that may enable the proper synchronization ofSVMM 250 operation in the processors. Similarlychipset 330 may support the above-mentioned special cycles onsystem bus 320. The number of physical processors may vary upon the implementation of a particular embodiment. - In the FIG. 3 embodiment, the four[0027]
processors CPU A 310,CPU B 314,CPU C 318, andCPU D 322 are shown as four separate hardware entities. In other embodiments, the number of processors may differ. Indeed, the processors may be replaced by separate threads, each running on one of the physical processors. In the latter case these threads possess many of the attributes of additional physical processors. In order to have a generic expression to discuss using any mixture of multiple physical processors and multiple threads upon processors, the expression “logical processor” may be used to describe either a physical processor or a thread operating in one of the physical processors. Thus, one single-threaded processor may be considered a logical processor, and multi-threaded or multi-core processors may be considered multiple logical processors. - Modifications to processors may include, in one embodiment, changes to the behavior of registers and new or modified instructions. For example, in one[0028]
embodiment CPU C 318 may include a new instruction secure enter (SENTER)324. TheSENTER 324 instruction, upon execution, may enable the initiation of secure or trusted operations as shown in FIG. 2 above.SENTER 324 may enable multiple logical processors to synchronize their entry into secure or trusted operations. In one embodiment,SENTER 324 may also permit writing to the PSMBASE register316 ofCPU C 318 in certain circumstances to support secure or trusted SMM operations. - In one[0029]
embodiment CPU C 318 may also include a modified resume (RSM)326 instruction. The modifiedRSM 326 may permit a return from SMM that supports secure or trusted operations. Ordinarily RSM instructions may only be executed from within SMM. The modifiedRSM 326 may be executed from within normal page mode. When invoked with VM extensions enabled, the modifiedRSM 326 instruction may perform a special system call, called a VMexit, back to an SVMM handler for SMI. - The[0030]
chipset 330 may service read and write requests carried from the CPUs on thesystem bus 320, and may then perform the physical read and write operations onphysical memory 334. Allocation of SMRAM withinmemory 334 may be facilitated by achipset SMBASE register 331 containing the value of CSMBASE. Thechipset 330 additionally may connect to specialized input/output (I/O) channels, such as an advanced graphics port (AGP)336.Chipset 330 may control access to pages of memory withinphysical memory 334 fromprocessors CPU A 310,CPU B 314,CPU C 318 andCPU D 322, and additionally from I/O devices. Such devices may include mass storage devices such as fixedmedia 344 orremovable media 348. The fixedmedia 344 orremovable media 348 may be magnetic disks, magnetic tape, magnetic diskettes, magneto-optical drives, CD-ROM, DVD-ROM, Flash memory cards, or many other forms of mass storage.Fixed media 344 orremovable media 348 may be connected tochipset 330 via peripheral component interconnect (PCI)bus 346, or, alternately, via a universal serial bus (USB)342, an integrated controller electronics (IDE) bus (not shown), or a small computer systems interconnect (SCSI) bus (not shown). - The[0031]
SVMM 364 may permit or deny the access of a VM to specific pages withinmemory 334. The pages of memory that the VM are denied access to may be called “locked” pages, whereas the pages that the VM are permitted access to may be called “unlocked” pages. Within lockedmemory pages 360 may be locatedSVMM 364 and modules withinSVMM 364 to support secure SMM operation. In one embodiment, such modules may include anSVMM SMM handler 366 and a virtual machine exit (VMexit)/virtual machine call (VMcall)handler 368. In other embodiments the functions of theSVMM SMM handler 366 and the VMexit/VMcall handler 368 may be combined or may be distributed among other modules. Other pages of memory may remain unlocked, such as unlocked memory pages362. Withinunlocked memory pages 362 may be located standard operating systems372. Also withinunlocked memory pages 362 may be a SMM virtual machine (SMM VM)370.SMM VM 370 may include software code similar to standard SMM code but modified to operate in a virtual machine container. Such modifications inSMM VM 370 may include code prepared for execution in page mode rather than normal SMM. - The memory controller and I/O device controller functions of[0032]
chipset 330 are shown in the FIG. 3 embodiment as being implemented on a single separate integrated circuit. In alternate embodiments, a separate memory controller integrated circuit may generally implement the memory, controller functions described above forchipset 330. Similarly, a separate I/O device controller integrated circuit may generally implement the I/O device controller functions described above forchipset 330. In further embodiments, the memory controller functions ofchipset 330 may be implemented in circuitry on the CPU integrated circuits, permitting several CPUs to each have direct access to certain amounts of physical memory. In such an embodiment, the memory controller functions ofchipset 330 may be divided among the several CPU integrated circuits, or for multiple processors may be included on a single die. - Referring now to FIG. 4, a diagram of a system management code (SMM) operating in a virtual machine (VM) container is shown, according to one embodiment of the present invention. In the FIG. 4 embodiment,[0033]
SVMM 450 has two additional modules to support secure or trusted SMM operations. TheSVMM SMM handler 452 establishes the SMM code in aSMM VM 490 in response to the execution of an SENTER instruction. The VMexit/VMcall handler 454 handles entry into and exit from theSMM VM 490 due to the intentional lower privilege level ofSMM VM 490 within its VM container. In some embodiments, theSVMM SMM handler 452 and the VMexit/VMcall handler 454 may be the same software module. - The[0034]
SVMM SMM handler 452 may perform several functions. During the transition into secure or trusted operations, following the execution of an SENTER command by a processor, theSVMM SMM handler 452 loads and initiates theSMM VM 490 code in a virtual machine container. In some embodiments,SVMM SMM handler 452 would then write an entry location within itself into the modified SMBASE register of each processor in the system. This entry location permits an SMI to be directed first to theSVMM SMM handler 452. This may not be necessary for other embodiments that invoke the VMexit/VMcall handler 454 directly in response system-management interrupts; for these embodiments, theSVMM SMM handler 452 and VMexit/VMcall handler 454 would be combined into one software module. TheSVMM SMM handler 452 also establishes a space within the locked memory pages to store the state data that needs to be saved upon entry into SMM operations. Examples of this state data are discussed above in connection with FIG. 1. Placing this state data within locked memory pages prevents unauthorized disclosure or manipulation of the state data. - The VMexit/[0035]
VMcall handler 454 may perform several functions. VMexit/VMcall handler 454 may handle entries into and exits fromSMM VM 490 subsequent to the initial entry. VMexit/VMcall handler 454 may also handle exceptions raised whenSMM VM 490 attempts to read from or write to locked memory pages. Portions of VMexit/VMcall handler 454 may determine whether certain of these reads from or writes to locked memory pages should be allowed to proceed depending upon circumstances. In one embodiment, reads from or writes to locked memory pages may be permitted if VMexit/VMcall handler 454 determines that the location targeted within the locked memory pages does not contain trusted data. - The[0036]
SMM VM 490 contains the desired SMM code, modified from SMM mode format to now execute in a page memory access mode. In general the SMM code in theSMM VM 490 executes as written, with the exceptional case of those instructions to create memory reads and writes to the locked memory pages. In those cases, the SMM code may invoke VMexit/VMcall handler 454. SMM code may make an explicit call to the VMexit/VMcall handler 454, or may make an indirect call by allowing an exception to trap to VMexit/VMcall handler 454. In either case VMexit/VMcall handler 454 handles these circumstances. - Referring now to FIG. 5, a diagram of a system management interrupt redirection is shown, according to one embodiment of the present invention. Consider an SMI producing event in[0037]
hardware 480 subsequent to the initiation of secure or trusted operations. The processor examines its SMBASE register. Since theSVMM SMM handler 452 upon initialization wrote an internal memory location into modified SMBASE register within the processor, the processor begins execution ofSVMM SMM handler 452.SVMM SMM handler 452 stores state data within a locked memory page, and then issues a virtual mode enter (VMenter) call to the actual SMM code withinSMM VM 490. In another embodiment, the SMI may cause invocation of the SVMM's VMexit handler. - The SMM code within[0038]
SMM VM 490 executes until it attempts to read from or write to a memory location within a locked memory page. Then either by an explicit call, or by an exception causing a trap, a VMexit/VMcall 524 may be made to invoke VMexit/VMcall handler 454. The VMexit/VMcall handler 454 performs those memory accesses that it deems permissible, and then returns toSMM VM 490 by anotherVMenter 522. This process may repeat several times until the desired SMM code withinSMM VM 490 is finished. At this time the SMM code exits via a final VMexit/VMcall 524 to VMexit/VMcall handler 454. For some embodiments, the VMexit/VMcall handler 454 would then exit to theSVMM SMM handler 452 through the execution of a modified resume instruction SMMVM code RSM 526. This causes theSVMM SMM handler 452 to restore the (potentially modified by VMexit/VMcall handler454) state data stored in locked memory pages. For other embodiments, theSVMM SMM handler 452 and the VMexit/VMcall handler 454 might be combined, and these operations might be carried out in software. Upon the restoration of the state data, the processor resumes its original operation. - Referring now to FIG. 6, a schematic diagram of an exemplary microprocessor system adapted to support the software environment of FIG. 2 is shown, according to another embodiment of the present invention.[0039]
CPU A 610,CPU B 614,CPU C 618, andCPU D 622 may be configured with additional microcode or logic circuitry to support the execution of special instructions. Modifications to the processors may include, in one embodiment, changes to the behavior of registers and new or modified instructions. For example, in oneembodiment CPU C 618 may include a new instruction “virtual machine monitor initialization” (VMMINIT)624. TheVMMINIT 624 instruction, upon execution, may enable the initiation of secure or trusted operations as shown in FIG. 2 above. In one embodiment,VMMINIT 624 may also disable normal operations of the PSMBASE register616 ofCPU C 618 in certain circumstances to support secure or trusted SMM operations. In such an embodiment,CPU C 618 may then redirect an SMI to a code entry point and state save area within VMexit/VMcall handler 668 prearranged by the security environment rules. - In one[0040]
embodiment CPU C 618 may also include a modified resume (RSM)626 instruction. The modifiedRSM 626 may permit a return from SMM that supports secure or trusted operations. Ordinarily RSM instructions may only be executed from within SMM. The modifiedRSM 626 may be executed from within normal page mode. When invoked with VM extensions enabled, the modifiedRSM 626 instruction may perform a special system call, called a VMexit, back to invoke VMexit/VMcall handler 668. - The[0041]
chipset 630 may service read and write requests carried from the CPUs on thesystem bus 620, and may then perform the physical read and write operations onphysical memory 634. Allocation of SMRAM withinmemory 634 may be facilitated by achipset SMBASE register 631 containing the value of CSMBASE. - The[0042]
SVMM 664 may permit or deny the access of a VM to specific pages withinmemory 634. The pages of memory that the VM are denied access to may be called “locked” pages, whereas the pages that the VM are permitted access to may be called “unlocked” pages. Within lockedmemory pages 660 may be locatedSVMM 664 and a module withinSVMM 664 to support secure SMM operation. In one embodiment, the module may be VMexit/VMcall handler 668. In other embodiments the functions of the VMexit/VMcall handler 668 may be combined or may be distributed among other modules. Other pages of memory may remain unlocked, such as unlocked memory pages662. Withinunlocked memory pages 662 may be locatedstandard operating systems 672. Also withinunlocked memory pages 662 may be aSMM VM 670.SMM VM 670 may include software code similar to standard SMM code but modified to operate in a virtual machine container. Such modifications inSMM VM 670 may include code prepared for execution in page mode rather than normal SMM. - Referring now to FIG. 7, a diagram of system management interrupt redirection is shown, according to another embodiment of the present invention. In the FIG. 7 embodiment,[0043]
SVMM 750 has two additional modules to support secure or trusted SMM operations. In one embodiment the VMexit/VMcall handler 754 establishes the SMM code in aSMM VM 790 in response to the execution of an VMMINIT instruction, and additionally handles entry into and exit from theSMM VM 790 due to the intentional lower privilege level ofSMM VM 790 within its VM container. - The VMexit/[0044]
VMcall handler 754 may perform several functions. During the transition into secure or trusted operations, following the execution of a VMMINIT command by a processor, the VMexit/VMcall handler 754 loads and initiates theSMM VM 790 code in a virtual machine container. The VMexit/VMcall handler 754 also establishes a space within the locked memory pages to store the state data that needs to be saved upon entry into SMM operations. - The VMexit/[0045]
VMcall handler 754 may perform several additional functions. VMexit/VMcall handler 754 may handle entries into and exits fromSMM VM 790. VMexit/VMcall handler 754 may also handle exceptions raised whenSMM VM 790 attempts to read from or write to locked memory pages. Portions of VMexit/VMcall handler 754 may determine whether certain of these reads from or writes to locked memory pages should be allowed to proceed depending upon circumstances. In one embodiment, reads from or writes to locked memory pages may be permitted if VMexit/VMcall handler 754 determines that the location targeted within the locked memory pages does not contain trusted data. - The[0046]
SMM VM 790 contains the desired SMM code, modified in one embodiment from SMM mode format to now execute in a page memory access mode. In general the SMM code in theSMM VM 790 executes as written, with the exceptional case of those instructions to create memory reads and writes to the locked memory pages. In those cases, the SMM code may invoke VMexit/VMcall handler 754. The SMM code may make an explicit call to the VMexit/VMcall handler 754, or may make an indirect call by allowing an exception to trap to VMexit/VMcall handler 754. In either case VMexit/VMcall handler 754 handles these circumstances. - Consider an SMI producing event in[0047]
hardware 780 subsequent to the initiation of secure or trusted operations. The processor examines its SMBASE register. Since the execution of VMMINIT disabled the normal operation of modified SMBASE register within the processor, the processor begins execution of VMexit/VMcall handler 754 from a code entry point prearranged by the security environment rules. VMexit/VMcall handler 754 stores state data within a locked memory page, and then issues aVMenter call 722 to the actual SMM code withinSMM VM 790. - The SMM code within[0048]
SMM VM 790 executes until it attempts to read from or write to a memory location within a locked memory page. Then either by an explicit call, or by an exception causing a trap, a VMexit/VMcall724 may be made to invoke VMexit/VMcall handler 754. The VMexit/VMcall handler 754 performs those memory accesses that it deems permissible, and then returns toSMM VM 790 by anotherVMenter 722. This process may repeat several times until the desired SMM code withinSMM VM 790 is finished. At this time the SMM code exits via a final VMexit/VMcall724 to VMexit/VMcall handler 754. For some embodiments, the VMexit/VMcall handler 454 would then exit tonormal SVMM 750 operations by first executing a modified resume instruction. This causes the VMexit/VMcall handler 754 to restore the (potentially modified by VMexit/VMcall handler754) state data stored in locked memory pages. Upon the restoration of the state data, the processor resumes its original operation. - While various embodiments disclosed include two or more processors (either logical or physical processors), it should be understood that such multi-processor and/or multi-threaded systems are described in more detail to explain the added complexity associated with securing a system with multiple logical or physical processors. An embodiment also likely to be advantageous in less complex system may use only one processor. In some cases, the one physical processor may be multi-threading and therefore may include multiple logical processors. In other cases, however, a single-processor, single-threaded system may be used, and still utilize disclosed secure processing techniques. In such cases, the secure processing techniques still operate to reduce the likelihood that data can be stolen or manipulated in an unauthorized manner.[0049]
- In the foregoing specification, the invention has been described with reference to specific exemplary embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.[0050]
Claims (43)
1. A system, comprising:
a processor to operate in a user mode, a supervisor mode, and a sub operating system mode, to receive a sub operating system mode interrupt;
a first code to be contained within a first virtual machine; and
a first handler to be contained within a trusted code in a second virtual machine to redirect said sub operating system mode interrupt to said first code.
2. The system ofclaim 1 , wherein said trusted code is to write an interrupt service register in said processor.
3. The system ofclaim 2 , wherein said interrupt service register is a system management base register, and wherein said sub operating system mode interrupt is a system management interrupt.
4. The system ofclaim 1 , wherein said first code is to execute in page mode.
5. The system ofclaim 4 , wherein said first code is a system management mode code.
6. The system ofclaim 1 , further comprising a second handler within said trusted code to be invoked upon access attempts to locked pages of a memory.
7. The system ofclaim 6 , wherein said second handler determines if access is allowable to said locked pages of said memory.
8. The system ofclaim 6 , wherein said second handler initiates an exit from said first code by issuing a modified resume instruction.
9. The system ofclaim 8 , wherein said modified resume instruction is capable of execution in page mode.
10. The system ofclaim 1 , wherein said first handler establishes a space within locked pages of a memory to store state data.
11. The system ofclaim 1 , wherein said first code is located in unlocked pages of memory.
12. The system ofclaim 1 , wherein said system comprises a single processor system.
13. The system ofclaim 1 , wherein said trusted code is to disable an interrupt service register in said processor.
14. The system ofclaim 13 , wherein said interrupt service register is a system management base register, and wherein said first interrupt is a system management interrupt.
15. The system ofclaim 1 , wherein said first handler within said trusted code to be invoked upon access attempts to locked pages of a memory.
16. The system ofclaim 15 , wherein said first handler determines if access is allowable to said locked pages of said memory.
17. The system ofclaim 15 , wherein said first handler initiates an exit from said first code by issuing a modified resume instruction.
18. The system ofclaim 1 , wherein said modified resume instruction is capable of execution in page mode.
19. A method, comprising:
directing a sub operating system mode interrupt to a first handler in a trusted code within a second virtual machine;
storing a state in a locked page in memory; and
entering a first code in a first virtual machine.
20. The method ofclaim 19 , further comprising invoking a second handler in said trusted code from said first code.
21. The method ofclaim 20 , wherein said invoking is subsequent to said first code accessing said locked page in memory.
22. The method ofclaim 19 , wherein said first code is system management mode code.
23. The method ofclaim 19 , further comprising invoking a second handler in said trusted code from said first code.
24. The method ofclaim 23 , wherein said invoking is subsequent to said first code accessing said locked page in memory.
25. The method ofclaim 19 , further comprising executing a modified resume instruction from a page mode.
26. The method ofclaim 19 , further comprising determining whether said first code may access said locked page in memory.
27. The method ofclaim 19 , wherein said directing includes writing a memory location within said trusted code to an interrupt service register.
28. The method ofclaim 27 , wherein said interrupt service register is a system management base register.
29. The method ofclaim 19 , wherein said sub operating system mode interrupt is a system management interrupt.
30. The method ofclaim 19 , further comprising invoking said first handler in said trusted code from said first code.
31. The method ofclaim 30 , wherein said invoking is subsequent to said first code accessing said locked page in memory.
32. A processor, comprising
a first logic to execute a modified resume instruction; and
an interrupt service register capable of being written subsequent to execution of a secure enter instruction.
33. The processor ofclaim 32 , wherein said modified resume instruction returns said processor to previous program execution subsequent to execution of a first code.
34. The processor ofclaim 33 , wherein said modified resume instruction may be executed from within page mode.
35. The processor ofclaim 33 , wherein said execution of said first code occurs within a sub operating system mode.
36. The processor ofclaim 35 , wherein said sub operating system mode is a system management mode.
37. The processor ofclaim 32 , wherein said interrupt service register is a system management base register.
38. A processor, comprising
a first logic to execute a modified resume instruction; and
an interrupt service register capable of being disabled subsequent to execution of a monitor initialization instruction.
39. The processor ofclaim 38 , wherein said modified resume instruction returns said processor to previous program execution subsequent to execution of a first code.
40. The processor ofclaim 39 , wherein said modified resume instruction may be executed from within page mode.
41. The processor ofclaim 39 , wherein said execution of said first code occurs within a sub operating system mode.
42. The processor ofclaim 41 , wherein said sub operating system mode is a system management mode.
43. The processor ofclaim 38 , wherein said interrupt service register is a system management base register.
Priority Applications (11)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/165,597US20030229794A1 (en) | 2002-06-07 | 2002-06-07 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| AU2003231237AAU2003231237A1 (en) | 2002-06-07 | 2003-05-01 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| RU2004139086/09ARU2313126C2 (en) | 2002-06-07 | 2003-05-01 | System and method for protection from non-trusted system control mode code by means of redirection of system management mode interrupt and creation of virtual machine container |
| EP03724373AEP1512074A2 (en) | 2002-06-07 | 2003-05-01 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| CNB038188236ACN100377092C (en) | 2002-06-07 | 2003-05-01 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| JP2004511985AJP4708016B2 (en) | 2002-06-07 | 2003-05-01 | System and method for protection against unreliable system management code by re-instructing system management instructions and creating virtual machine containers |
| PCT/US2003/013616WO2003104981A2 (en) | 2002-06-07 | 2003-05-01 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| MYPI20032123AMY146723A (en) | 2002-06-07 | 2003-06-06 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| US11/095,855US7581219B2 (en) | 2002-06-07 | 2005-03-30 | Transitioning between virtual machine monitor domains in a virtual machine environment |
| JP2007150997AJP4846660B2 (en) | 2002-06-07 | 2007-06-06 | How to protect against untrusted system management code by re-ordering system management interrupts and creating virtual machine containers |
| JP2011178882AJP5242747B2 (en) | 2002-06-07 | 2011-08-18 | How to protect against untrusted system management code by re-ordering system management interrupts and creating virtual machine containers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/165,597US20030229794A1 (en) | 2002-06-07 | 2002-06-07 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/095,855Continuation-In-PartUS7581219B2 (en) | 2002-06-07 | 2005-03-30 | Transitioning between virtual machine monitor domains in a virtual machine environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20030229794A1true US20030229794A1 (en) | 2003-12-11 |
Family
ID=29710476
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US10/165,597AbandonedUS20030229794A1 (en) | 2002-06-07 | 2002-06-07 | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
| US11/095,855Expired - LifetimeUS7581219B2 (en) | 2002-06-07 | 2005-03-30 | Transitioning between virtual machine monitor domains in a virtual machine environment |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/095,855Expired - LifetimeUS7581219B2 (en) | 2002-06-07 | 2005-03-30 | Transitioning between virtual machine monitor domains in a virtual machine environment |
Country Status (8)
| Country | Link |
|---|---|
| US (2) | US20030229794A1 (en) |
| EP (1) | EP1512074A2 (en) |
| JP (3) | JP4708016B2 (en) |
| CN (1) | CN100377092C (en) |
| AU (1) | AU2003231237A1 (en) |
| MY (1) | MY146723A (en) |
| RU (1) | RU2313126C2 (en) |
| WO (1) | WO2003104981A2 (en) |
Cited By (145)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040172629A1 (en)* | 2003-02-28 | 2004-09-02 | Azul Systems | Segmented virtual machine |
| US20040250110A1 (en)* | 2003-03-28 | 2004-12-09 | Wray Michael John | Security policy in trusted computing systems |
| US20040268332A1 (en)* | 2003-04-23 | 2004-12-30 | Masato Mitsumori | Memory access control method and processing system with memory access check function |
| US20050097345A1 (en)* | 2003-10-29 | 2005-05-05 | Kelley Brian H. | System for selectively enabling operating modes of a device |
| US20050257243A1 (en)* | 2004-04-27 | 2005-11-17 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
| US20050289311A1 (en)* | 2004-06-29 | 2005-12-29 | David Durham | System and method for secure inter-platform and intra-platform communications |
| US20060021029A1 (en)* | 2004-06-29 | 2006-01-26 | Brickell Ernie F | Method of improving computer security through sandboxing |
| US20060075312A1 (en)* | 2004-09-30 | 2006-04-06 | Fischer Stephen A | System and method for limiting exposure of hardware failure information for a secured execution environment |
| US20060224685A1 (en)* | 2005-03-29 | 2006-10-05 | International Business Machines Corporation | System management architecture for multi-node computer system |
| US20070038997A1 (en)* | 2005-08-09 | 2007-02-15 | Steven Grobman | Exclusive access for secure audio program |
| US20070050764A1 (en)* | 2005-08-30 | 2007-03-01 | Microsoft Corporation | Hierarchical virtualization with a multi-level virtualization mechanism |
| US20070067590A1 (en)* | 2005-09-22 | 2007-03-22 | Uday Savagaonkar | Providing protected access to critical memory regions |
| US20070083739A1 (en)* | 2005-08-29 | 2007-04-12 | Glew Andrew F | Processor with branch predictor |
| US20080133893A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical register file |
| US20080133883A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical store buffer |
| US20080133889A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical instruction scheduler |
| US20080163331A1 (en)* | 2006-12-29 | 2008-07-03 | Datta Sham M | Reconfiguring a secure system |
| US20080216096A1 (en)* | 2005-07-15 | 2008-09-04 | Lenovo (Beijing) Limited | Virtual Computer System Supporting Trusted Computing and Method for Implementing Trusted Computation Thereon |
| US20080263679A1 (en)* | 2007-04-23 | 2008-10-23 | Microsoft Corporation | Storing information in closed computing devices |
| US20080294892A1 (en)* | 2007-05-25 | 2008-11-27 | Ingo Molnar | Method and system for a kernel lock validator |
| US7480908B1 (en) | 2005-06-24 | 2009-01-20 | Azul Systems, Inc. | Segmented virtual machine transport mechanism |
| US20090038017A1 (en)* | 2007-08-02 | 2009-02-05 | David Durham | Secure vault service for software components within an execution environment |
| GB2453652A (en)* | 2007-10-08 | 2009-04-15 | Lenovo | Implementing secure online payments by switching to a dedicated operating system (OS) |
| US20090172385A1 (en)* | 2007-12-31 | 2009-07-02 | Datta Sham M | Enabling system management mode in a secure system |
| US7620953B1 (en)* | 2004-10-05 | 2009-11-17 | Azul Systems, Inc. | System and method for allocating resources of a core space among a plurality of core virtual machines |
| US20100057982A1 (en)* | 2008-08-26 | 2010-03-04 | Phoenix Technologies Ltd | Hypervisor security using SMM |
| US7748037B2 (en) | 2005-09-22 | 2010-06-29 | Intel Corporation | Validating a memory type modification attempt |
| US20100169666A1 (en)* | 2008-12-31 | 2010-07-01 | Prashant Dewan | Methods and systems to direclty render an image and correlate corresponding user input in a secuire memory domain |
| US20110066783A1 (en)* | 2009-09-14 | 2011-03-17 | International Business Machines Corporation | Secure Handling and Routing of Message-Signaled Interrupts |
| US20110231668A1 (en)* | 2005-06-30 | 2011-09-22 | Travis Schluessler | Signed Manifest for Run-Time Verification of Software Program Identity and Integrity |
| US8099718B2 (en) | 2007-11-13 | 2012-01-17 | Intel Corporation | Method and system for whitelisting software components |
| US20120017285A1 (en)* | 2009-05-18 | 2012-01-19 | Mark A Piwonka | Systems and methods of determining a trust level from system management mode |
| US20120255004A1 (en)* | 2011-03-31 | 2012-10-04 | Mcafee, Inc. | System and method for securing access to system calls |
| WO2012135192A2 (en) | 2011-03-28 | 2012-10-04 | Mcafee, Inc. | System and method for virtual machine monitor based anti-malware security |
| KR20120111734A (en)* | 2009-12-29 | 2012-10-10 | 어드밴스드 마이크로 디바이시즈, 인코포레이티드 | Hypervisor isolation of processor cores |
| US8356297B1 (en) | 2007-03-21 | 2013-01-15 | Azul Systems, Inc. | External data source redirection in segmented virtual machine |
| US8495750B2 (en) | 2010-08-31 | 2013-07-23 | International Business Machines Corporation | Filesystem management and security system |
| US20130326288A1 (en)* | 2011-12-31 | 2013-12-05 | Shamanna M. Datta | Processor that detects when system management mode attempts to reach program code outside of protected space |
| US8813227B2 (en) | 2011-03-29 | 2014-08-19 | Mcafee, Inc. | System and method for below-operating system regulation and control of self-modifying code |
| EP2782038A1 (en)* | 2013-03-19 | 2014-09-24 | STMicroelectronics (Grenoble 2) SAS | Resource management in a processor for trusted and untrusted applications |
| EP2782007A1 (en)* | 2013-03-19 | 2014-09-24 | STMicroelectronics (Grenoble 2) SAS | Launching multiple applications in containers on a processor |
| WO2014158603A1 (en)* | 2013-03-13 | 2014-10-02 | Intel Corporation | System management interrupt handling for multi-core processors |
| US8925089B2 (en) | 2011-03-29 | 2014-12-30 | Mcafee, Inc. | System and method for below-operating system modification of malicious code on an electronic device |
| US8959638B2 (en) | 2011-03-29 | 2015-02-17 | Mcafee, Inc. | System and method for below-operating system trapping and securing of interdriver communication |
| US8966624B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for securing an input/output path of an application against malware with a below-operating system security agent |
| US8966629B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for below-operating system trapping of driver loading and unloading |
| US9032525B2 (en) | 2011-03-29 | 2015-05-12 | Mcafee, Inc. | System and method for below-operating system trapping of driver filter attachment |
| US9038176B2 (en) | 2011-03-31 | 2015-05-19 | Mcafee, Inc. | System and method for below-operating system trapping and securing loading of code into memory |
| US9087199B2 (en) | 2011-03-31 | 2015-07-21 | Mcafee, Inc. | System and method for providing a secured operating system execution environment |
| US9176741B2 (en) | 2005-08-29 | 2015-11-03 | Invention Science Fund I, Llc | Method and apparatus for segmented sequential storage |
| US9223963B2 (en) | 2009-12-15 | 2015-12-29 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
| US9262246B2 (en) | 2011-03-31 | 2016-02-16 | Mcafee, Inc. | System and method for securing memory and storage of an electronic device with a below-operating system security agent |
| US9317690B2 (en) | 2011-03-28 | 2016-04-19 | Mcafee, Inc. | System and method for firmware based anti-malware security |
| JP2016511872A (en)* | 2013-01-22 | 2016-04-21 | アマゾン・テクノロジーズ、インコーポレイテッド | Privileged cryptographic services in a virtualized environment |
| US9367691B2 (en) | 2012-07-31 | 2016-06-14 | Hewlett-Packard Development Company, L.P. | Modify executable bits of system management memory page table |
| US20160350215A1 (en)* | 2014-12-13 | 2016-12-01 | Via Alliance Semiconductor Co., Ltd. | Distributed hang recovery logic |
| US20160350223A1 (en)* | 2014-12-13 | 2016-12-01 | Via Alliance Semiconductor Co., Ltd. | Logic analyzer for detecting hangs |
| US9529627B2 (en) | 2013-03-19 | 2016-12-27 | Stmicroelectronics (Grenoble 2) Sas | Managing multiple systems in a computer device |
| US20170098092A1 (en)* | 2015-10-06 | 2017-04-06 | Symantec Corporation | Techniques for generating a virtual private container |
| US20170192804A1 (en)* | 2014-09-30 | 2017-07-06 | Amazon Technologies, Inc. | Threading as a service |
| US9946651B2 (en)* | 2014-12-13 | 2018-04-17 | Via Alliance Semiconductor Co., Ltd | Pattern detector for detecting hangs |
| CN108292339A (en)* | 2016-01-26 | 2018-07-17 | 惠普发展公司,有限责任合伙企业 | System Management Mode privilege framework |
| US10102040B2 (en) | 2016-06-29 | 2018-10-16 | Amazon Technologies, Inc | Adjusting variable limit on concurrent code executions |
| US10108443B2 (en) | 2014-09-30 | 2018-10-23 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
| US10140139B1 (en)* | 2012-06-19 | 2018-11-27 | Bromium, Inc. | Ensuring the privacy and integrity of a hypervisor |
| US10162672B2 (en) | 2016-03-30 | 2018-12-25 | Amazon Technologies, Inc. | Generating data streams from pre-existing data sets |
| US10162688B2 (en) | 2014-09-30 | 2018-12-25 | Amazon Technologies, Inc. | Processing event messages for user requests to execute program code |
| US10203990B2 (en) | 2016-06-30 | 2019-02-12 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
| CN109542610A (en)* | 2018-12-04 | 2019-03-29 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of multi partition operating system void interrupt criteria component realization method |
| US10277708B2 (en) | 2016-06-30 | 2019-04-30 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
| US10282229B2 (en) | 2016-06-28 | 2019-05-07 | Amazon Technologies, Inc. | Asynchronous task management in an on-demand network code execution environment |
| US10353746B2 (en) | 2014-12-05 | 2019-07-16 | Amazon Technologies, Inc. | Automatic determination of resource sizing |
| US10353678B1 (en) | 2018-02-05 | 2019-07-16 | Amazon Technologies, Inc. | Detecting code characteristic alterations due to cross-service calls |
| US10365985B2 (en) | 2015-12-16 | 2019-07-30 | Amazon Technologies, Inc. | Predictive management of on-demand code execution |
| CN110084039A (en)* | 2013-04-19 | 2019-08-02 | Nicira股份有限公司 | Frame for the coordination between endpoint security and Network Security Service |
| US10387177B2 (en) | 2015-02-04 | 2019-08-20 | Amazon Technologies, Inc. | Stateful virtual compute system |
| US10437629B2 (en) | 2015-12-16 | 2019-10-08 | Amazon Technologies, Inc. | Pre-triggers for code execution environments |
| US10528390B2 (en) | 2016-09-23 | 2020-01-07 | Amazon Technologies, Inc. | Idempotent task execution in on-demand network code execution systems |
| US10552193B2 (en) | 2015-02-04 | 2020-02-04 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
| US10564946B1 (en) | 2017-12-13 | 2020-02-18 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
| US10579405B1 (en)* | 2013-03-13 | 2020-03-03 | Amazon Technologies, Inc. | Parallel virtual machine managers |
| US10592269B2 (en) | 2014-09-30 | 2020-03-17 | Amazon Technologies, Inc. | Dynamic code deployment and versioning |
| US10623476B2 (en) | 2015-04-08 | 2020-04-14 | Amazon Technologies, Inc. | Endpoint management system providing an application programming interface proxy service |
| US10691498B2 (en) | 2015-12-21 | 2020-06-23 | Amazon Technologies, Inc. | Acquisition and maintenance of compute capacity |
| US10725752B1 (en) | 2018-02-13 | 2020-07-28 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
| US10733085B1 (en) | 2018-02-05 | 2020-08-04 | Amazon Technologies, Inc. | Detecting impedance mismatches due to cross-service calls |
| US10754701B1 (en) | 2015-12-16 | 2020-08-25 | Amazon Technologies, Inc. | Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions |
| US10776091B1 (en) | 2018-02-26 | 2020-09-15 | Amazon Technologies, Inc. | Logging endpoint in an on-demand code execution system |
| US10776171B2 (en) | 2015-04-08 | 2020-09-15 | Amazon Technologies, Inc. | Endpoint management system and virtual compute system |
| US10824484B2 (en) | 2014-09-30 | 2020-11-03 | Amazon Technologies, Inc. | Event-driven computing |
| US10831898B1 (en) | 2018-02-05 | 2020-11-10 | Amazon Technologies, Inc. | Detecting privilege escalations in code including cross-service calls |
| US10884812B2 (en) | 2018-12-13 | 2021-01-05 | Amazon Technologies, Inc. | Performance-based hardware emulation in an on-demand network code execution system |
| US10884802B2 (en) | 2014-09-30 | 2021-01-05 | Amazon Technologies, Inc. | Message-based computation request scheduling |
| US10884722B2 (en) | 2018-06-26 | 2021-01-05 | Amazon Technologies, Inc. | Cross-environment application of tracing information for improved code execution |
| US10884787B1 (en) | 2016-09-23 | 2021-01-05 | Amazon Technologies, Inc. | Execution guarantees in an on-demand network code execution system |
| US10891145B2 (en) | 2016-03-30 | 2021-01-12 | Amazon Technologies, Inc. | Processing pre-existing data sets at an on demand code execution environment |
| US10908927B1 (en) | 2019-09-27 | 2021-02-02 | Amazon Technologies, Inc. | On-demand execution of object filter code in output path of object storage service |
| US10915371B2 (en) | 2014-09-30 | 2021-02-09 | Amazon Technologies, Inc. | Automatic management of low latency computational capacity |
| US10942795B1 (en) | 2019-11-27 | 2021-03-09 | Amazon Technologies, Inc. | Serverless call distribution to utilize reserved capacity without inhibiting scaling |
| US10949237B2 (en) | 2018-06-29 | 2021-03-16 | Amazon Technologies, Inc. | Operating system customization in an on-demand network code execution system |
| WO2021080601A1 (en)* | 2019-10-25 | 2021-04-29 | Hewlett-Packard Development Company, L.P. | Integrity monitor |
| US10996961B2 (en) | 2019-09-27 | 2021-05-04 | Amazon Technologies, Inc. | On-demand indexing of data in input path of object storage service |
| CN112800431A (en)* | 2020-08-28 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Method and device for safely entering trusted execution environment in hyper-thread scene |
| US11010188B1 (en) | 2019-02-05 | 2021-05-18 | Amazon Technologies, Inc. | Simulated data object storage using on-demand computation of data objects |
| US11016815B2 (en) | 2015-12-21 | 2021-05-25 | Amazon Technologies, Inc. | Code execution request routing |
| US11023311B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | On-demand code execution in input path of data uploaded to storage service in multiple data portions |
| US11023416B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | Data access control system for object storage service based on owner-defined code |
| US11055112B2 (en) | 2019-09-27 | 2021-07-06 | Amazon Technologies, Inc. | Inserting executions of owner-specified code into input/output path of object storage service |
| US11099870B1 (en) | 2018-07-25 | 2021-08-24 | Amazon Technologies, Inc. | Reducing execution times in an on-demand network code execution system using saved machine states |
| US11099917B2 (en) | 2018-09-27 | 2021-08-24 | Amazon Technologies, Inc. | Efficient state maintenance for execution environments in an on-demand code execution system |
| US11106477B2 (en) | 2019-09-27 | 2021-08-31 | Amazon Technologies, Inc. | Execution of owner-specified code during input/output path to object storage service |
| US11115404B2 (en) | 2019-06-28 | 2021-09-07 | Amazon Technologies, Inc. | Facilitating service connections in serverless code executions |
| US11119826B2 (en) | 2019-11-27 | 2021-09-14 | Amazon Technologies, Inc. | Serverless call distribution to implement spillover while avoiding cold starts |
| US11119813B1 (en) | 2016-09-30 | 2021-09-14 | Amazon Technologies, Inc. | Mapreduce implementation using an on-demand network code execution system |
| US11119809B1 (en) | 2019-06-20 | 2021-09-14 | Amazon Technologies, Inc. | Virtualization-based transaction handling in an on-demand network code execution system |
| US11132213B1 (en) | 2016-03-30 | 2021-09-28 | Amazon Technologies, Inc. | Dependency-based process of pre-existing data sets at an on demand code execution environment |
| US11146569B1 (en) | 2018-06-28 | 2021-10-12 | Amazon Technologies, Inc. | Escalation-resistant secure network services using request-scoped authentication information |
| US11159528B2 (en) | 2019-06-28 | 2021-10-26 | Amazon Technologies, Inc. | Authentication to network-services using hosted authentication information |
| US11171983B2 (en)* | 2018-06-29 | 2021-11-09 | Intel Corporation | Techniques to provide function-level isolation with capability-based security |
| US11190609B2 (en) | 2019-06-28 | 2021-11-30 | Amazon Technologies, Inc. | Connection pooling for scalable network services |
| US11188391B1 (en) | 2020-03-11 | 2021-11-30 | Amazon Technologies, Inc. | Allocating resources to on-demand code executions under scarcity conditions |
| CN113826072A (en)* | 2019-05-16 | 2021-12-21 | 微软技术许可有限责任公司 | Code Updates in System Administration Mode |
| US11243953B2 (en) | 2018-09-27 | 2022-02-08 | Amazon Technologies, Inc. | Mapreduce implementation in an on-demand network code execution system and stream data processing system |
| US11250007B1 (en) | 2019-09-27 | 2022-02-15 | Amazon Technologies, Inc. | On-demand execution of object combination code in output path of object storage service |
| US11263220B2 (en) | 2019-09-27 | 2022-03-01 | Amazon Technologies, Inc. | On-demand execution of object transformation code in output path of object storage service |
| US11360948B2 (en) | 2019-09-27 | 2022-06-14 | Amazon Technologies, Inc. | Inserting owner-specified data processing pipelines into input/output path of object storage service |
| US11386230B2 (en) | 2019-09-27 | 2022-07-12 | Amazon Technologies, Inc. | On-demand code obfuscation of data in input path of object storage service |
| US11388210B1 (en) | 2021-06-30 | 2022-07-12 | Amazon Technologies, Inc. | Streaming analytics using a serverless compute system |
| US11394761B1 (en) | 2019-09-27 | 2022-07-19 | Amazon Technologies, Inc. | Execution of user-submitted code on a stream of data |
| US11416628B2 (en) | 2019-09-27 | 2022-08-16 | Amazon Technologies, Inc. | User-specific data manipulation system for object storage service based on user-submitted code |
| US11449601B2 (en)* | 2020-01-08 | 2022-09-20 | Red Hat, Inc. | Proof of code compliance and protected integrity using a trusted execution environment |
| US11550944B2 (en) | 2019-09-27 | 2023-01-10 | Amazon Technologies, Inc. | Code execution environment customization system for object storage service |
| US11550713B1 (en) | 2020-11-25 | 2023-01-10 | Amazon Technologies, Inc. | Garbage collection in distributed systems using life cycled storage roots |
| US11593270B1 (en) | 2020-11-25 | 2023-02-28 | Amazon Technologies, Inc. | Fast distributed caching using erasure coded object parts |
| US20230061511A1 (en)* | 2021-08-30 | 2023-03-02 | International Business Machines Corporation | Inaccessible prefix pages during virtual machine execution |
| US11656892B1 (en) | 2019-09-27 | 2023-05-23 | Amazon Technologies, Inc. | Sequential execution of user-submitted code and native functions |
| US11714682B1 (en) | 2020-03-03 | 2023-08-01 | Amazon Technologies, Inc. | Reclaiming computing resources in an on-demand code execution system |
| US11775640B1 (en) | 2020-03-30 | 2023-10-03 | Amazon Technologies, Inc. | Resource utilization-based malicious task detection in an on-demand code execution system |
| US11861386B1 (en) | 2019-03-22 | 2024-01-02 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
| US11875173B2 (en) | 2018-06-25 | 2024-01-16 | Amazon Technologies, Inc. | Execution of auxiliary functions in an on-demand network code execution system |
| US11943093B1 (en) | 2018-11-20 | 2024-03-26 | Amazon Technologies, Inc. | Network connection recovery after virtual machine transition in an on-demand network code execution system |
| US11968280B1 (en) | 2021-11-24 | 2024-04-23 | Amazon Technologies, Inc. | Controlling ingestion of streaming data to serverless function executions |
| US12015603B2 (en) | 2021-12-10 | 2024-06-18 | Amazon Technologies, Inc. | Multi-tenant mode for serverless code execution |
| US12327133B1 (en) | 2019-03-22 | 2025-06-10 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
| US12381878B1 (en) | 2023-06-27 | 2025-08-05 | Amazon Technologies, Inc. | Architecture for selective use of private paths between cloud services |
Families Citing this family (55)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8041761B1 (en)* | 2002-12-23 | 2011-10-18 | Netapp, Inc. | Virtual filer and IP space based IT configuration transitioning framework |
| CN100349123C (en)* | 2004-03-02 | 2007-11-14 | 英特维数位科技股份有限公司 | Method for Remotely Controlling Computer System |
| US7305592B2 (en)* | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
| US7757231B2 (en) | 2004-12-10 | 2010-07-13 | Intel Corporation | System and method to deprivilege components of a virtual machine monitor |
| US9785485B2 (en)* | 2005-07-27 | 2017-10-10 | Intel Corporation | Virtualization event processing in a layered virtualization architecture |
| US20140373144A9 (en)* | 2006-05-22 | 2014-12-18 | Alen Capalik | System and method for analyzing unauthorized intrusion into a computer network |
| US8973094B2 (en) | 2006-05-26 | 2015-03-03 | Intel Corporation | Execution of a secured environment initialization instruction on a point-to-point interconnect system |
| US7490191B2 (en)* | 2006-09-22 | 2009-02-10 | Intel Corporation | Sharing information between guests in a virtual machine environment |
| US7533207B2 (en)* | 2006-12-06 | 2009-05-12 | Microsoft Corporation | Optimized interrupt delivery in a virtualized environment |
| US9354927B2 (en) | 2006-12-21 | 2016-05-31 | Vmware, Inc. | Securing virtual machine data |
| US9098347B2 (en)* | 2006-12-21 | 2015-08-04 | Vmware | Implementation of virtual machine operations using storage system functionality |
| US9189265B2 (en) | 2006-12-21 | 2015-11-17 | Vmware, Inc. | Storage architecture for virtual machines |
| US7698507B2 (en)* | 2007-02-28 | 2010-04-13 | Intel Corporation | Protecting system management mode (SMM) spaces against cache attacks |
| JP4864817B2 (en) | 2007-06-22 | 2012-02-01 | 株式会社日立製作所 | Virtualization program and virtual computer system |
| US8151264B2 (en)* | 2007-06-29 | 2012-04-03 | Intel Corporation | Injecting virtualization events in a layered virtualization architecture |
| US20090119748A1 (en)* | 2007-08-30 | 2009-05-07 | Jiewen Yao | System management mode isolation in firmware |
| US8250641B2 (en)* | 2007-09-17 | 2012-08-21 | Intel Corporation | Method and apparatus for dynamic switching and real time security control on virtualized systems |
| JP4678396B2 (en)* | 2007-09-25 | 2011-04-27 | 日本電気株式会社 | Computer and method for monitoring virtual machine monitor, and virtual machine monitor monitor program |
| US8522236B2 (en)* | 2007-12-28 | 2013-08-27 | Intel Corporation | Method and system for establishing a robust virtualized environment |
| US8261028B2 (en)* | 2007-12-31 | 2012-09-04 | Intel Corporation | Cached dirty bits for context switch consistency checks |
| CN101970477B (en)* | 2008-03-14 | 2014-12-31 | 诺沃-诺迪斯克有限公司 | Protease-stabilized insulin analogues |
| US8145471B2 (en)* | 2008-04-30 | 2012-03-27 | International Business Machines Corporation | Non-destructive simulation of a failure in a virtualization environment |
| JP5405799B2 (en) | 2008-10-30 | 2014-02-05 | 株式会社日立製作所 | Virtual computer control method, virtualization program, and virtual computer system |
| US8205197B2 (en)* | 2008-11-12 | 2012-06-19 | Lenovo (Singapore) Pte. Ltd. | Apparatus, system, and method for granting hypervisor privileges |
| US8868925B2 (en)* | 2008-12-09 | 2014-10-21 | Nvidia Corporation | Method and apparatus for the secure processing of confidential content within a virtual machine of a processor |
| KR101571880B1 (en)* | 2009-02-02 | 2015-11-25 | 삼성전자 주식회사 | Virtualized electronic apparatus virtual machine store and method for using virtual machine service |
| JP4961459B2 (en)* | 2009-06-26 | 2012-06-27 | 株式会社日立製作所 | Virtual computer system and control method in virtual computer system |
| US8612975B2 (en)* | 2009-07-07 | 2013-12-17 | Advanced Micro Devices, Inc. | World switch between virtual machines with selective storage of state information |
| DE102009051350A1 (en)* | 2009-10-30 | 2011-05-05 | Continental Automotive Gmbh | Method of operating a tachograph and tachograph |
| US20110197256A1 (en)* | 2009-12-18 | 2011-08-11 | Assured Information Security, Inc. | Methods for securing a processing system and devices thereof |
| US8346935B2 (en)* | 2010-01-15 | 2013-01-01 | Joyent, Inc. | Managing hardware resources by sending messages amongst servers in a data center |
| US9106697B2 (en)* | 2010-06-24 | 2015-08-11 | NeurallQ, Inc. | System and method for identifying unauthorized activities on a computer system using a data structure model |
| US8555276B2 (en) | 2011-03-11 | 2013-10-08 | Joyent, Inc. | Systems and methods for transparently optimizing workloads |
| CN103748556B (en) | 2011-08-30 | 2018-02-02 | 惠普发展公司,有限责任合伙企业 | Communicating with Virtual Trusted Runtime BIOS |
| US10303501B2 (en) | 2011-08-30 | 2019-05-28 | Hewlett-Packard Development Company, L.P. | Virtual high privilege mode for a system management request |
| US8782224B2 (en) | 2011-12-29 | 2014-07-15 | Joyent, Inc. | Systems and methods for time-based dynamic allocation of resource management |
| RU2522019C1 (en)* | 2012-12-25 | 2014-07-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of detecting threat in code executed by virtual machine |
| RU2535175C2 (en)* | 2012-12-25 | 2014-12-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for detecting malware by creating isolated environment |
| US8826279B1 (en) | 2013-03-14 | 2014-09-02 | Joyent, Inc. | Instruction set architecture for compute-based object stores |
| US8881279B2 (en) | 2013-03-14 | 2014-11-04 | Joyent, Inc. | Systems and methods for zone-based intrusion detection |
| US8943284B2 (en) | 2013-03-14 | 2015-01-27 | Joyent, Inc. | Systems and methods for integrating compute resources in a storage area network |
| US8677359B1 (en)* | 2013-03-14 | 2014-03-18 | Joyent, Inc. | Compute-centric object stores and methods of use |
| US9104456B2 (en) | 2013-03-14 | 2015-08-11 | Joyent, Inc. | Zone management of compute-centric object stores |
| US9092238B2 (en) | 2013-03-15 | 2015-07-28 | Joyent, Inc. | Versioning schemes for compute-centric object stores |
| US8793688B1 (en) | 2013-03-15 | 2014-07-29 | Joyent, Inc. | Systems and methods for double hulled virtualization operations |
| US8775485B1 (en) | 2013-03-15 | 2014-07-08 | Joyent, Inc. | Object store management operations within compute-centric object stores |
| US9330035B2 (en)* | 2013-05-23 | 2016-05-03 | Arm Limited | Method and apparatus for interrupt handling |
| CN103927224B (en)* | 2014-03-28 | 2016-06-29 | 小米科技有限责任公司 | Bead performs method and apparatus |
| US20160048679A1 (en)* | 2014-08-18 | 2016-02-18 | Bitdefender IPR Management Ltd. | Systems And Methods for Exposing A Current Processor Instruction Upon Exiting A Virtual Machine |
| US9471799B2 (en)* | 2014-09-22 | 2016-10-18 | Advanced Micro Devices, Inc. | Method for privileged mode based secure input mechanism |
| US10104099B2 (en) | 2015-01-07 | 2018-10-16 | CounterTack, Inc. | System and method for monitoring a computer system using machine interpretable code |
| GB2539436B (en)* | 2015-06-16 | 2019-02-06 | Advanced Risc Mach Ltd | Secure initialisation |
| US11347529B2 (en)* | 2019-03-08 | 2022-05-31 | International Business Machines Corporation | Inject interrupts and exceptions into secure virtual machine |
| CN113791865B (en)* | 2021-09-08 | 2024-07-26 | 山石网科通信技术股份有限公司 | Container security processing method and device, storage medium and processor |
| CN113986481A (en)* | 2021-09-30 | 2022-01-28 | 深圳曦华科技有限公司 | Interrupt service instance calling method and related device |
Citations (98)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3699532A (en)* | 1970-04-21 | 1972-10-17 | Singer Co | Multiprogramming control for a data handling system |
| US3996449A (en)* | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
| US4162536A (en)* | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
| US4207609A (en)* | 1978-05-08 | 1980-06-10 | International Business Machines Corporation | Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system |
| US4247905A (en)* | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
| US4276594A (en)* | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
| US4278837A (en)* | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
| US4307214A (en)* | 1979-12-12 | 1981-12-22 | Phillips Petroleum Company | SC2 activation of supported chromium oxide catalysts |
| US4307447A (en)* | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
| US4319233A (en)* | 1978-11-30 | 1982-03-09 | Kokusan Denki Co., Ltd. | Device for electrically detecting a liquid level |
| US4319323A (en)* | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
| US4347565A (en)* | 1978-12-01 | 1982-08-31 | Fujitsu Limited | Address control system for software simulation |
| US4366537A (en)* | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
| US4403283A (en)* | 1980-07-28 | 1983-09-06 | Ncr Corporation | Extended memory system and method |
| US4419724A (en)* | 1980-04-14 | 1983-12-06 | Sperry Corporation | Main bus interface package |
| US4430709A (en)* | 1980-09-13 | 1984-02-07 | Robert Bosch Gmbh | Apparatus for safeguarding data entered into a microprocessor |
| US4521852A (en)* | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
| US4571672A (en)* | 1982-12-17 | 1986-02-18 | Hitachi, Ltd. | Access control method for multiprocessor systems |
| US4759064A (en)* | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
| US4795893A (en)* | 1986-07-11 | 1989-01-03 | Bull, Cp8 | Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power |
| US4802084A (en)* | 1985-03-11 | 1989-01-31 | Hitachi, Ltd. | Address translator |
| US4825052A (en)* | 1985-12-31 | 1989-04-25 | Bull Cp8 | Method and apparatus for certifying services obtained using a portable carrier such as a memory card |
| US4907272A (en)* | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for authenticating an external authorizing datum by a portable object, such as a memory card |
| US4907270A (en)* | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line |
| US4910774A (en)* | 1987-07-10 | 1990-03-20 | Schlumberger Industries | Method and system for suthenticating electronic memory cards |
| US4975836A (en)* | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
| US5007082A (en)* | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
| US5022077A (en)* | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
| US5075842A (en)* | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
| US5079737A (en)* | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
| US5139760A (en)* | 1989-02-28 | 1992-08-18 | Mizusawa Industrial Chemicals, Ltd. | Amorphous silica-alumina spherical particles and process for preparation thereof |
| US5187802A (en)* | 1988-12-26 | 1993-02-16 | Hitachi, Ltd. | Virtual machine system with vitual machine resetting store indicating that virtual machine processed interrupt without virtual machine control program intervention |
| US5230069A (en)* | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
| US5237616A (en)* | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
| US5255379A (en)* | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
| US5287363A (en)* | 1991-07-01 | 1994-02-15 | Disk Technician Corporation | System for locating and anticipating data storage media failures |
| US5293424A (en)* | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
| US5295251A (en)* | 1989-09-21 | 1994-03-15 | Hitachi, Ltd. | Method of accessing multiple virtual address spaces and computer system |
| US5317705A (en)* | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
| US5319760A (en)* | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
| US5355490A (en)* | 1991-06-14 | 1994-10-11 | Toshiba America Information Systems, Inc. | System and method for saving the state for advanced microprocessor operating modes |
| US5361375A (en)* | 1989-02-09 | 1994-11-01 | Fujitsu Limited | Virtual computer system having input/output interrupt control of virtual machines |
| US5386552A (en)* | 1991-10-21 | 1995-01-31 | Intel Corporation | Preservation of a computer system processing state in a mass storage device |
| US5421006A (en)* | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
| US5434999A (en)* | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
| US5437033A (en)* | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
| US5442645A (en)* | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
| US5455909A (en)* | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
| US5459867A (en)* | 1989-10-20 | 1995-10-17 | Iomega Corporation | Kernels, description tables, and device drivers |
| US5459869A (en)* | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
| US5469557A (en)* | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
| US5473692A (en)* | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
| US5479509A (en)* | 1993-04-06 | 1995-12-26 | Bull Cp8 | Method for signature of an information processing file, and apparatus for implementing it |
| US5504922A (en)* | 1989-06-30 | 1996-04-02 | Hitachi, Ltd. | Virtual machine with hardware display controllers for base and target machines |
| US5506975A (en)* | 1992-12-18 | 1996-04-09 | Hitachi, Ltd. | Virtual machine I/O interrupt control method compares number of pending I/O interrupt conditions for non-running virtual machines with predetermined number |
| US5511217A (en)* | 1992-11-30 | 1996-04-23 | Hitachi, Ltd. | Computer system of virtual machines sharing a vector processor |
| US5522075A (en)* | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
| US5528231A (en)* | 1993-06-08 | 1996-06-18 | Bull Cp8 | Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process |
| US5533126A (en)* | 1993-04-22 | 1996-07-02 | Bull Cp8 | Key protection device for smart cards |
| US5555414A (en)* | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
| US5555385A (en)* | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
| US5560013A (en)* | 1994-12-06 | 1996-09-24 | International Business Machines Corporation | Method of using a target processor to execute programs of a source architecture that uses multiple address spaces |
| US5564040A (en)* | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
| US5566323A (en)* | 1988-12-20 | 1996-10-15 | Bull Cp8 | Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory |
| US5574936A (en)* | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
| US5582717A (en)* | 1990-09-12 | 1996-12-10 | Di Santo; Dennis E. | Water dispenser with side by side filling-stations |
| US5603499A (en)* | 1995-07-26 | 1997-02-18 | Doris G. Jagosz | Blackjack play option response indicator |
| US5604805A (en)* | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
| US5606617A (en)* | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
| US5615263A (en)* | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
| US5628022A (en)* | 1993-06-04 | 1997-05-06 | Hitachi, Ltd. | Microcomputer with programmable ROM |
| US5633929A (en)* | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
| US5657445A (en)* | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
| US5668971A (en)* | 1992-12-01 | 1997-09-16 | Compaq Computer Corporation | Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer |
| US5684948A (en)* | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
| US5706469A (en)* | 1994-09-12 | 1998-01-06 | Mitsubishi Denki Kabushiki Kaisha | Data processing system controlling bus access to an arbitrary sized memory area |
| US5708818A (en)* | 1994-02-25 | 1998-01-13 | Munz; Heinrich | Method and apparatus for real-time operation of a processor |
| US5717903A (en)* | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
| US5720609A (en)* | 1991-01-09 | 1998-02-24 | Pfefferle; William Charles | Catalytic method |
| US5721222A (en)* | 1992-04-16 | 1998-02-24 | Zeneca Limited | Heterocyclic ketones |
| US5729760A (en)* | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
| US5737604A (en)* | 1989-11-03 | 1998-04-07 | Compaq Computer Corporation | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
| US5740178A (en)* | 1996-08-29 | 1998-04-14 | Lucent Technologies Inc. | Software for controlling a reliable backup memory |
| US5752046A (en)* | 1993-01-14 | 1998-05-12 | Apple Computer, Inc. | Power management system for computer device interconnection bus |
| US5757919A (en)* | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
| US5764969A (en)* | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
| US5854913A (en)* | 1995-06-07 | 1998-12-29 | International Business Machines Corporation | Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set architectures |
| US5987604A (en)* | 1997-10-07 | 1999-11-16 | Phoenix Technologies, Ltd. | Method and apparatus for providing execution of system management mode services in virtual mode |
| US6075938A (en)* | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
| US6182089B1 (en)* | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
| US6272637B1 (en)* | 1997-04-14 | 2001-08-07 | Dallas Semiconductor Corporation | Systems and methods for protecting access to encrypted information |
| US6282650B1 (en)* | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
| US6314409B2 (en)* | 1996-01-11 | 2001-11-06 | Veridian Information Solutions | System for controlling access and distribution of digital property |
| US6374317B1 (en)* | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
| US6397242B1 (en)* | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
| US20020099753A1 (en)* | 2001-01-20 | 2002-07-25 | Hardin David S. | System and method for concurrently supporting multiple independent virtual machines |
| US20030037089A1 (en)* | 2001-08-15 | 2003-02-20 | Erik Cota-Robles | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
| US6961941B1 (en)* | 2001-06-08 | 2005-11-01 | Vmware, Inc. | Computer configuration for resource management in systems including a virtual machine |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4253145A (en)* | 1978-12-26 | 1981-02-24 | Honeywell Information Systems Inc. | Hardware virtualizer for supporting recursive virtual computer systems on a host computer system |
| WO1993009494A1 (en)* | 1991-10-28 | 1993-05-13 | Digital Equipment Corporation | Fault-tolerant computer processing using a shadow virtual processor |
| GB2282245B (en)* | 1993-09-23 | 1998-04-15 | Advanced Risc Mach Ltd | Execution of data processing instructions |
| US6181703B1 (en)* | 1995-09-08 | 2001-01-30 | Sprint Communications Company L. P. | System for managing telecommunications |
| US6093213A (en)* | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
| CA2285106A1 (en)* | 1997-04-02 | 1998-10-08 | David M. Silver | Method for integrating a virtual machine with input method editors |
| US6496847B1 (en)* | 1998-05-15 | 2002-12-17 | Vmware, Inc. | System and method for virtualizing computer systems |
| JP2002041305A (en)* | 2000-07-26 | 2002-02-08 | Hitachi Ltd | Method of allocating computer resources in virtual computer system and virtual computer system |
| US6725289B1 (en)* | 2002-04-17 | 2004-04-20 | Vmware, Inc. | Transparent address remapping for high-speed I/O |
| US7318141B2 (en)* | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
| US7424709B2 (en)* | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
- 2002
- 2002-06-07USUS10/165,597patent/US20030229794A1/ennot_activeAbandoned
- 2003
- 2003-05-01JPJP2004511985Apatent/JP4708016B2/ennot_activeExpired - Fee Related
- 2003-05-01CNCNB038188236Apatent/CN100377092C/ennot_activeExpired - Fee Related
- 2003-05-01RURU2004139086/09Apatent/RU2313126C2/ennot_activeIP Right Cessation
- 2003-05-01AUAU2003231237Apatent/AU2003231237A1/ennot_activeAbandoned
- 2003-05-01EPEP03724373Apatent/EP1512074A2/ennot_activeWithdrawn
- 2003-05-01WOPCT/US2003/013616patent/WO2003104981A2/enactiveApplication Filing
- 2003-06-06MYMYPI20032123Apatent/MY146723A/enunknown
- 2005
- 2005-03-30USUS11/095,855patent/US7581219B2/ennot_activeExpired - Lifetime
- 2007
- 2007-06-06JPJP2007150997Apatent/JP4846660B2/ennot_activeExpired - Lifetime
- 2011
- 2011-08-18JPJP2011178882Apatent/JP5242747B2/ennot_activeExpired - Lifetime
Patent Citations (99)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3699532A (en)* | 1970-04-21 | 1972-10-17 | Singer Co | Multiprogramming control for a data handling system |
| US3996449A (en)* | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
| US4162536A (en)* | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
| US4247905A (en)* | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
| US4278837A (en)* | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
| US4276594A (en)* | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
| US4207609A (en)* | 1978-05-08 | 1980-06-10 | International Business Machines Corporation | Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system |
| US4319233A (en)* | 1978-11-30 | 1982-03-09 | Kokusan Denki Co., Ltd. | Device for electrically detecting a liquid level |
| US4347565A (en)* | 1978-12-01 | 1982-08-31 | Fujitsu Limited | Address control system for software simulation |
| US4307447A (en)* | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
| US4307214A (en)* | 1979-12-12 | 1981-12-22 | Phillips Petroleum Company | SC2 activation of supported chromium oxide catalysts |
| US4319323A (en)* | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
| US4419724A (en)* | 1980-04-14 | 1983-12-06 | Sperry Corporation | Main bus interface package |
| US4366537A (en)* | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
| US4403283A (en)* | 1980-07-28 | 1983-09-06 | Ncr Corporation | Extended memory system and method |
| US4430709A (en)* | 1980-09-13 | 1984-02-07 | Robert Bosch Gmbh | Apparatus for safeguarding data entered into a microprocessor |
| US4521852A (en)* | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
| US4571672A (en)* | 1982-12-17 | 1986-02-18 | Hitachi, Ltd. | Access control method for multiprocessor systems |
| US4975836A (en)* | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
| US4802084A (en)* | 1985-03-11 | 1989-01-31 | Hitachi, Ltd. | Address translator |
| US4759064A (en)* | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
| US4825052A (en)* | 1985-12-31 | 1989-04-25 | Bull Cp8 | Method and apparatus for certifying services obtained using a portable carrier such as a memory card |
| US4907270A (en)* | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line |
| US4907272A (en)* | 1986-07-11 | 1990-03-06 | Bull Cp8 | Method for authenticating an external authorizing datum by a portable object, such as a memory card |
| US4795893A (en)* | 1986-07-11 | 1989-01-03 | Bull, Cp8 | Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power |
| US4910774A (en)* | 1987-07-10 | 1990-03-20 | Schlumberger Industries | Method and system for suthenticating electronic memory cards |
| US5007082A (en)* | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
| US5079737A (en)* | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
| US5434999A (en)* | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
| US5566323A (en)* | 1988-12-20 | 1996-10-15 | Bull Cp8 | Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory |
| US5187802A (en)* | 1988-12-26 | 1993-02-16 | Hitachi, Ltd. | Virtual machine system with vitual machine resetting store indicating that virtual machine processed interrupt without virtual machine control program intervention |
| US5361375A (en)* | 1989-02-09 | 1994-11-01 | Fujitsu Limited | Virtual computer system having input/output interrupt control of virtual machines |
| US5139760A (en)* | 1989-02-28 | 1992-08-18 | Mizusawa Industrial Chemicals, Ltd. | Amorphous silica-alumina spherical particles and process for preparation thereof |
| US5442645A (en)* | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
| US5504922A (en)* | 1989-06-30 | 1996-04-02 | Hitachi, Ltd. | Virtual machine with hardware display controllers for base and target machines |
| US5022077A (en)* | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
| US5295251A (en)* | 1989-09-21 | 1994-03-15 | Hitachi, Ltd. | Method of accessing multiple virtual address spaces and computer system |
| US5459867A (en)* | 1989-10-20 | 1995-10-17 | Iomega Corporation | Kernels, description tables, and device drivers |
| US5737604A (en)* | 1989-11-03 | 1998-04-07 | Compaq Computer Corporation | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
| US5075842A (en)* | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
| US5582717A (en)* | 1990-09-12 | 1996-12-10 | Di Santo; Dennis E. | Water dispenser with side by side filling-stations |
| US5230069A (en)* | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
| US5317705A (en)* | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
| US5437033A (en)* | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
| US5255379A (en)* | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
| US5720609A (en)* | 1991-01-09 | 1998-02-24 | Pfefferle; William Charles | Catalytic method |
| US5355490A (en)* | 1991-06-14 | 1994-10-11 | Toshiba America Information Systems, Inc. | System and method for saving the state for advanced microprocessor operating modes |
| US5319760A (en)* | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
| US5522075A (en)* | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
| US5287363A (en)* | 1991-07-01 | 1994-02-15 | Disk Technician Corporation | System for locating and anticipating data storage media failures |
| US5455909A (en)* | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
| US5386552A (en)* | 1991-10-21 | 1995-01-31 | Intel Corporation | Preservation of a computer system processing state in a mass storage device |
| US5574936A (en)* | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
| US5721222A (en)* | 1992-04-16 | 1998-02-24 | Zeneca Limited | Heterocyclic ketones |
| US5421006A (en)* | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
| US5237616A (en)* | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
| US5293424A (en)* | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
| US5511217A (en)* | 1992-11-30 | 1996-04-23 | Hitachi, Ltd. | Computer system of virtual machines sharing a vector processor |
| US5668971A (en)* | 1992-12-01 | 1997-09-16 | Compaq Computer Corporation | Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer |
| US5506975A (en)* | 1992-12-18 | 1996-04-09 | Hitachi, Ltd. | Virtual machine I/O interrupt control method compares number of pending I/O interrupt conditions for non-running virtual machines with predetermined number |
| US5752046A (en)* | 1993-01-14 | 1998-05-12 | Apple Computer, Inc. | Power management system for computer device interconnection bus |
| US5469557A (en)* | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
| US5479509A (en)* | 1993-04-06 | 1995-12-26 | Bull Cp8 | Method for signature of an information processing file, and apparatus for implementing it |
| US5533126A (en)* | 1993-04-22 | 1996-07-02 | Bull Cp8 | Key protection device for smart cards |
| US5628022A (en)* | 1993-06-04 | 1997-05-06 | Hitachi, Ltd. | Microcomputer with programmable ROM |
| US5528231A (en)* | 1993-06-08 | 1996-06-18 | Bull Cp8 | Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process |
| US5555385A (en)* | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
| US5459869A (en)* | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
| US5708818A (en)* | 1994-02-25 | 1998-01-13 | Munz; Heinrich | Method and apparatus for real-time operation of a processor |
| US5604805A (en)* | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
| US5473692A (en)* | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
| US5568552A (en)* | 1994-09-07 | 1996-10-22 | Intel Corporation | Method for providing a roving software license from one node to another node |
| US5706469A (en)* | 1994-09-12 | 1998-01-06 | Mitsubishi Denki Kabushiki Kaisha | Data processing system controlling bus access to an arbitrary sized memory area |
| US5606617A (en)* | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
| US5564040A (en)* | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
| US5560013A (en)* | 1994-12-06 | 1996-09-24 | International Business Machines Corporation | Method of using a target processor to execute programs of a source architecture that uses multiple address spaces |
| US5555414A (en)* | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
| US5615263A (en)* | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
| US5764969A (en)* | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
| US5717903A (en)* | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
| US5854913A (en)* | 1995-06-07 | 1998-12-29 | International Business Machines Corporation | Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set architectures |
| US5603499A (en)* | 1995-07-26 | 1997-02-18 | Doris G. Jagosz | Blackjack play option response indicator |
| US5684948A (en)* | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
| US5633929A (en)* | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
| US6314409B2 (en)* | 1996-01-11 | 2001-11-06 | Veridian Information Solutions | System for controlling access and distribution of digital property |
| US5657445A (en)* | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
| US5729760A (en)* | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
| US5740178A (en)* | 1996-08-29 | 1998-04-14 | Lucent Technologies Inc. | Software for controlling a reliable backup memory |
| US5757919A (en)* | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
| US6272637B1 (en)* | 1997-04-14 | 2001-08-07 | Dallas Semiconductor Corporation | Systems and methods for protecting access to encrypted information |
| US6075938A (en)* | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
| US6182089B1 (en)* | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
| US5987604A (en)* | 1997-10-07 | 1999-11-16 | Phoenix Technologies, Ltd. | Method and apparatus for providing execution of system management mode services in virtual mode |
| US6397242B1 (en)* | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
| US6282650B1 (en)* | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
| US6374317B1 (en)* | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
| US20020099753A1 (en)* | 2001-01-20 | 2002-07-25 | Hardin David S. | System and method for concurrently supporting multiple independent virtual machines |
| US6961941B1 (en)* | 2001-06-08 | 2005-11-01 | Vmware, Inc. | Computer configuration for resource management in systems including a virtual machine |
| US20030037089A1 (en)* | 2001-08-15 | 2003-02-20 | Erik Cota-Robles | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
Cited By (222)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7536688B2 (en)* | 2003-02-28 | 2009-05-19 | Azul Systems | Segmented virtual machine |
| US20040172629A1 (en)* | 2003-02-28 | 2004-09-02 | Azul Systems | Segmented virtual machine |
| US20040250110A1 (en)* | 2003-03-28 | 2004-12-09 | Wray Michael John | Security policy in trusted computing systems |
| US8612755B2 (en)* | 2003-03-28 | 2013-12-17 | Hewlett-Packard Development Company, L.P. | Security policy in trusted computing systems |
| US20040268332A1 (en)* | 2003-04-23 | 2004-12-30 | Masato Mitsumori | Memory access control method and processing system with memory access check function |
| US20050097345A1 (en)* | 2003-10-29 | 2005-05-05 | Kelley Brian H. | System for selectively enabling operating modes of a device |
| US7496958B2 (en)* | 2003-10-29 | 2009-02-24 | Qualcomm Incorporated | System for selectively enabling operating modes of a device |
| US20050257243A1 (en)* | 2004-04-27 | 2005-11-17 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
| US8607299B2 (en) | 2004-04-27 | 2013-12-10 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
| US20050289311A1 (en)* | 2004-06-29 | 2005-12-29 | David Durham | System and method for secure inter-platform and intra-platform communications |
| WO2006012197A3 (en)* | 2004-06-29 | 2006-04-06 | Intel Corp | Method of improving computer security through sandboxing |
| WO2006012197A2 (en) | 2004-06-29 | 2006-02-02 | Intel Corporation | Method of improving computer security through sandboxing |
| WO2006012341A1 (en) | 2004-06-29 | 2006-02-02 | Intel Corporation | System and method for secure inter-platform and intra-platform communications |
| US7908653B2 (en)* | 2004-06-29 | 2011-03-15 | Intel Corporation | Method of improving computer security through sandboxing |
| US20060021029A1 (en)* | 2004-06-29 | 2006-01-26 | Brickell Ernie F | Method of improving computer security through sandboxing |
| US20060075312A1 (en)* | 2004-09-30 | 2006-04-06 | Fischer Stephen A | System and method for limiting exposure of hardware failure information for a secured execution environment |
| US7934076B2 (en) | 2004-09-30 | 2011-04-26 | Intel Corporation | System and method for limiting exposure of hardware failure information for a secured execution environment |
| US7620953B1 (en)* | 2004-10-05 | 2009-11-17 | Azul Systems, Inc. | System and method for allocating resources of a core space among a plurality of core virtual machines |
| US20060224685A1 (en)* | 2005-03-29 | 2006-10-05 | International Business Machines Corporation | System management architecture for multi-node computer system |
| US7487222B2 (en) | 2005-03-29 | 2009-02-03 | International Business Machines Corporation | System management architecture for multi-node computer system |
| US7480908B1 (en) | 2005-06-24 | 2009-01-20 | Azul Systems, Inc. | Segmented virtual machine transport mechanism |
| US8276138B2 (en) | 2005-06-24 | 2012-09-25 | Azul Systems, Inc. | Segmented virtual machine transport mechanism |
| US20090178039A1 (en)* | 2005-06-24 | 2009-07-09 | Azul Systems, Inc. | Segmented virtual machine transport mechanism |
| US20090172665A1 (en)* | 2005-06-24 | 2009-07-02 | Azul Systems, Inc. | Reducing latency in a segmented virtual machine |
| US8336048B2 (en) | 2005-06-24 | 2012-12-18 | Azul Systems, Inc. | Reducing latency in a segmented virtual machine |
| US9361471B2 (en) | 2005-06-30 | 2016-06-07 | Intel Corporation | Secure vault service for software components within an execution environment |
| US9547772B2 (en) | 2005-06-30 | 2017-01-17 | Intel Corporation | Secure vault service for software components within an execution environment |
| US8601273B2 (en) | 2005-06-30 | 2013-12-03 | Intel Corporation | Signed manifest for run-time verification of software program identity and integrity |
| US8499151B2 (en) | 2005-06-30 | 2013-07-30 | Intel Corporation | Secure platform voucher service for software components within an execution environment |
| US20110231668A1 (en)* | 2005-06-30 | 2011-09-22 | Travis Schluessler | Signed Manifest for Run-Time Verification of Software Program Identity and Integrity |
| US20080216096A1 (en)* | 2005-07-15 | 2008-09-04 | Lenovo (Beijing) Limited | Virtual Computer System Supporting Trusted Computing and Method for Implementing Trusted Computation Thereon |
| US20100192150A1 (en)* | 2005-08-09 | 2010-07-29 | Steven Grobman | Exclusive access for secure audio program |
| US7971057B2 (en)* | 2005-08-09 | 2011-06-28 | Intel Corporation | Exclusive access for secure audio program |
| US20070038997A1 (en)* | 2005-08-09 | 2007-02-15 | Steven Grobman | Exclusive access for secure audio program |
| US7752436B2 (en)* | 2005-08-09 | 2010-07-06 | Intel Corporation | Exclusive access for secure audio program |
| US20080133893A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical register file |
| US9176741B2 (en) | 2005-08-29 | 2015-11-03 | Invention Science Fund I, Llc | Method and apparatus for segmented sequential storage |
| US8296550B2 (en) | 2005-08-29 | 2012-10-23 | The Invention Science Fund I, Llc | Hierarchical register file with operand capture ports |
| US7644258B2 (en) | 2005-08-29 | 2010-01-05 | Searete, Llc | Hybrid branch predictor using component predictors each having confidence and override signals |
| US20080133885A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical multi-threading processor |
| US20070083739A1 (en)* | 2005-08-29 | 2007-04-12 | Glew Andrew F | Processor with branch predictor |
| US8275976B2 (en) | 2005-08-29 | 2012-09-25 | The Invention Science Fund I, Llc | Hierarchical instruction scheduler facilitating instruction replay |
| US20080133883A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical store buffer |
| US8266412B2 (en) | 2005-08-29 | 2012-09-11 | The Invention Science Fund I, Llc | Hierarchical store buffer having segmented partitions |
| US20080133889A1 (en)* | 2005-08-29 | 2008-06-05 | Centaurus Data Llc | Hierarchical instruction scheduler |
| US8037288B2 (en) | 2005-08-29 | 2011-10-11 | The Invention Science Fund I, Llc | Hybrid branch predictor having negative ovedrride signals |
| US8028152B2 (en) | 2005-08-29 | 2011-09-27 | The Invention Science Fund I, Llc | Hierarchical multi-threading processor for executing virtual threads in a time-multiplexed fashion |
| US8327353B2 (en)* | 2005-08-30 | 2012-12-04 | Microsoft Corporation | Hierarchical virtualization with a multi-level virtualization mechanism |
| US20070050764A1 (en)* | 2005-08-30 | 2007-03-01 | Microsoft Corporation | Hierarchical virtualization with a multi-level virtualization mechanism |
| US7748037B2 (en) | 2005-09-22 | 2010-06-29 | Intel Corporation | Validating a memory type modification attempt |
| US20070067590A1 (en)* | 2005-09-22 | 2007-03-22 | Uday Savagaonkar | Providing protected access to critical memory regions |
| US20080163331A1 (en)* | 2006-12-29 | 2008-07-03 | Datta Sham M | Reconfiguring a secure system |
| US8316414B2 (en) | 2006-12-29 | 2012-11-20 | Intel Corporation | Reconfiguring a secure system |
| US8683191B2 (en) | 2006-12-29 | 2014-03-25 | Intel Corporation | Reconfiguring a secure system |
| US8356297B1 (en) | 2007-03-21 | 2013-01-15 | Azul Systems, Inc. | External data source redirection in segmented virtual machine |
| US20080263679A1 (en)* | 2007-04-23 | 2008-10-23 | Microsoft Corporation | Storing information in closed computing devices |
| US20080294892A1 (en)* | 2007-05-25 | 2008-11-27 | Ingo Molnar | Method and system for a kernel lock validator |
| US8145903B2 (en)* | 2007-05-25 | 2012-03-27 | Red Hat, Inc. | Method and system for a kernel lock validator |
| US8839450B2 (en) | 2007-08-02 | 2014-09-16 | Intel Corporation | Secure vault service for software components within an execution environment |
| US20090038017A1 (en)* | 2007-08-02 | 2009-02-05 | David Durham | Secure vault service for software components within an execution environment |
| GB2453652A (en)* | 2007-10-08 | 2009-04-15 | Lenovo | Implementing secure online payments by switching to a dedicated operating system (OS) |
| GB2453652B (en)* | 2007-10-08 | 2010-07-14 | Lenovo | Method and client system for implementing online secure payment |
| US8099718B2 (en) | 2007-11-13 | 2012-01-17 | Intel Corporation | Method and system for whitelisting software components |
| US20090172385A1 (en)* | 2007-12-31 | 2009-07-02 | Datta Sham M | Enabling system management mode in a secure system |
| US8473945B2 (en)* | 2007-12-31 | 2013-06-25 | Intel Corporation | Enabling system management mode in a secure system |
| US8843742B2 (en)* | 2008-08-26 | 2014-09-23 | Hewlett-Packard Company | Hypervisor security using SMM |
| US20100057982A1 (en)* | 2008-08-26 | 2010-03-04 | Phoenix Technologies Ltd | Hypervisor security using SMM |
| US8364601B2 (en) | 2008-12-31 | 2013-01-29 | Intel Corporation | Methods and systems to directly render an image and correlate corresponding user input in a secure memory domain |
| US20100169666A1 (en)* | 2008-12-31 | 2010-07-01 | Prashant Dewan | Methods and systems to direclty render an image and correlate corresponding user input in a secuire memory domain |
| US20120017285A1 (en)* | 2009-05-18 | 2012-01-19 | Mark A Piwonka | Systems and methods of determining a trust level from system management mode |
| US8850601B2 (en)* | 2009-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Systems and methods of determining a trust level from system management mode |
| US8250273B2 (en)* | 2009-09-14 | 2012-08-21 | International Business Machines Corporation | Secure handling and routing of message-signaled interrupts |
| US20110066783A1 (en)* | 2009-09-14 | 2011-03-17 | International Business Machines Corporation | Secure Handling and Routing of Message-Signaled Interrupts |
| US9223963B2 (en) | 2009-12-15 | 2015-12-29 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
| US9058183B2 (en) | 2009-12-29 | 2015-06-16 | Advanced Micro Devices, Inc. | Hypervisor isolation of processor cores to enable computing accelerator cores |
| KR20120111734A (en)* | 2009-12-29 | 2012-10-10 | 어드밴스드 마이크로 디바이시즈, 인코포레이티드 | Hypervisor isolation of processor cores |
| KR101668399B1 (en) | 2009-12-29 | 2016-10-21 | 어드밴스드 마이크로 디바이시즈, 인코포레이티드 | Hypervisor isolation of processor cores |
| US8495750B2 (en) | 2010-08-31 | 2013-07-23 | International Business Machines Corporation | Filesystem management and security system |
| EP2691908A4 (en)* | 2011-03-28 | 2014-10-29 | Mcafee Inc | SYSTEM AND METHOD FOR ANTI-MALICIAL SECURITY BASED ON A VIRTUAL MACHINE MONITOR |
| US9317690B2 (en) | 2011-03-28 | 2016-04-19 | Mcafee, Inc. | System and method for firmware based anti-malware security |
| US9747443B2 (en) | 2011-03-28 | 2017-08-29 | Mcafee, Inc. | System and method for firmware based anti-malware security |
| WO2012135192A2 (en) | 2011-03-28 | 2012-10-04 | Mcafee, Inc. | System and method for virtual machine monitor based anti-malware security |
| US9392016B2 (en) | 2011-03-29 | 2016-07-12 | Mcafee, Inc. | System and method for below-operating system regulation and control of self-modifying code |
| US8925089B2 (en) | 2011-03-29 | 2014-12-30 | Mcafee, Inc. | System and method for below-operating system modification of malicious code on an electronic device |
| US8959638B2 (en) | 2011-03-29 | 2015-02-17 | Mcafee, Inc. | System and method for below-operating system trapping and securing of interdriver communication |
| US9032525B2 (en) | 2011-03-29 | 2015-05-12 | Mcafee, Inc. | System and method for below-operating system trapping of driver filter attachment |
| US8813227B2 (en) | 2011-03-29 | 2014-08-19 | Mcafee, Inc. | System and method for below-operating system regulation and control of self-modifying code |
| US20120255004A1 (en)* | 2011-03-31 | 2012-10-04 | Mcafee, Inc. | System and method for securing access to system calls |
| US9087199B2 (en) | 2011-03-31 | 2015-07-21 | Mcafee, Inc. | System and method for providing a secured operating system execution environment |
| US9038176B2 (en) | 2011-03-31 | 2015-05-19 | Mcafee, Inc. | System and method for below-operating system trapping and securing loading of code into memory |
| US8966629B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for below-operating system trapping of driver loading and unloading |
| US9262246B2 (en) | 2011-03-31 | 2016-02-16 | Mcafee, Inc. | System and method for securing memory and storage of an electronic device with a below-operating system security agent |
| US8966624B2 (en) | 2011-03-31 | 2015-02-24 | Mcafee, Inc. | System and method for securing an input/output path of an application against malware with a below-operating system security agent |
| US8863283B2 (en)* | 2011-03-31 | 2014-10-14 | Mcafee, Inc. | System and method for securing access to system calls |
| US9530001B2 (en) | 2011-03-31 | 2016-12-27 | Mcafee, Inc. | System and method for below-operating system trapping and securing loading of code into memory |
| US9448867B2 (en)* | 2011-12-31 | 2016-09-20 | Intel Corporation | Processor that detects when system management mode attempts to reach program code outside of protected space |
| US20130326288A1 (en)* | 2011-12-31 | 2013-12-05 | Shamanna M. Datta | Processor that detects when system management mode attempts to reach program code outside of protected space |
| US10140139B1 (en)* | 2012-06-19 | 2018-11-27 | Bromium, Inc. | Ensuring the privacy and integrity of a hypervisor |
| US10877903B2 (en) | 2012-07-31 | 2020-12-29 | Hewlett-Packard Development Company, L.P. | Protected memory area |
| US9367691B2 (en) | 2012-07-31 | 2016-06-14 | Hewlett-Packard Development Company, L.P. | Modify executable bits of system management memory page table |
| US10102154B2 (en) | 2012-07-31 | 2018-10-16 | Hewlett-Packard Development Company, L.P. | Protected memory area |
| JP2016511872A (en)* | 2013-01-22 | 2016-04-21 | アマゾン・テクノロジーズ、インコーポレイテッド | Privileged cryptographic services in a virtualized environment |
| US9311138B2 (en) | 2013-03-13 | 2016-04-12 | Intel Corporation | System management interrupt handling for multi-core processors |
| WO2014158603A1 (en)* | 2013-03-13 | 2014-10-02 | Intel Corporation | System management interrupt handling for multi-core processors |
| US10579405B1 (en)* | 2013-03-13 | 2020-03-03 | Amazon Technologies, Inc. | Parallel virtual machine managers |
| US9529627B2 (en) | 2013-03-19 | 2016-12-27 | Stmicroelectronics (Grenoble 2) Sas | Managing multiple systems in a computer device |
| EP2782007A1 (en)* | 2013-03-19 | 2014-09-24 | STMicroelectronics (Grenoble 2) SAS | Launching multiple applications in containers on a processor |
| US9552477B2 (en) | 2013-03-19 | 2017-01-24 | Stmicroelectronics (Grenoble 2) Sas | Resource management in a processor |
| EP2782038A1 (en)* | 2013-03-19 | 2014-09-24 | STMicroelectronics (Grenoble 2) SAS | Resource management in a processor for trusted and untrusted applications |
| US10140958B2 (en) | 2013-03-19 | 2018-11-27 | Stmicroelectronics (Grenoble 2) Sas | Managing multiple systems in a computer device |
| US9317304B2 (en) | 2013-03-19 | 2016-04-19 | Stmicroelectronics (Grenoble 2) Sas | Launching multiple applications in a processor |
| US11736530B2 (en) | 2013-04-19 | 2023-08-22 | Nicira, Inc. | Framework for coordination between endpoint security and network security services |
| CN110084039A (en)* | 2013-04-19 | 2019-08-02 | Nicira股份有限公司 | Frame for the coordination between endpoint security and Network Security Service |
| US11263034B2 (en) | 2014-09-30 | 2022-03-01 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
| US10915371B2 (en) | 2014-09-30 | 2021-02-09 | Amazon Technologies, Inc. | Automatic management of low latency computational capacity |
| US10956185B2 (en) | 2014-09-30 | 2021-03-23 | Amazon Technologies, Inc. | Threading as a service |
| US10108443B2 (en) | 2014-09-30 | 2018-10-23 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
| US10140137B2 (en)* | 2014-09-30 | 2018-11-27 | Amazon Technologies, Inc. | Threading as a service |
| US12321766B2 (en) | 2014-09-30 | 2025-06-03 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
| US11467890B2 (en) | 2014-09-30 | 2022-10-11 | Amazon Technologies, Inc. | Processing event messages for user requests to execute program code |
| US11561811B2 (en) | 2014-09-30 | 2023-01-24 | Amazon Technologies, Inc. | Threading as a service |
| US10162688B2 (en) | 2014-09-30 | 2018-12-25 | Amazon Technologies, Inc. | Processing event messages for user requests to execute program code |
| US10884802B2 (en) | 2014-09-30 | 2021-01-05 | Amazon Technologies, Inc. | Message-based computation request scheduling |
| US20170192804A1 (en)* | 2014-09-30 | 2017-07-06 | Amazon Technologies, Inc. | Threading as a service |
| US10824484B2 (en) | 2014-09-30 | 2020-11-03 | Amazon Technologies, Inc. | Event-driven computing |
| US10592269B2 (en) | 2014-09-30 | 2020-03-17 | Amazon Technologies, Inc. | Dynamic code deployment and versioning |
| US11126469B2 (en) | 2014-12-05 | 2021-09-21 | Amazon Technologies, Inc. | Automatic determination of resource sizing |
| US10353746B2 (en) | 2014-12-05 | 2019-07-16 | Amazon Technologies, Inc. | Automatic determination of resource sizing |
| US9946651B2 (en)* | 2014-12-13 | 2018-04-17 | Via Alliance Semiconductor Co., Ltd | Pattern detector for detecting hangs |
| US20160350215A1 (en)* | 2014-12-13 | 2016-12-01 | Via Alliance Semiconductor Co., Ltd. | Distributed hang recovery logic |
| US10067871B2 (en)* | 2014-12-13 | 2018-09-04 | Via Alliance Semiconductor Co., Ltd | Logic analyzer for detecting hangs |
| US10324842B2 (en)* | 2014-12-13 | 2019-06-18 | Via Alliance Semiconductor Co., Ltd | Distributed hang recovery logic |
| US20160350223A1 (en)* | 2014-12-13 | 2016-12-01 | Via Alliance Semiconductor Co., Ltd. | Logic analyzer for detecting hangs |
| US11461124B2 (en) | 2015-02-04 | 2022-10-04 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
| US11360793B2 (en) | 2015-02-04 | 2022-06-14 | Amazon Technologies, Inc. | Stateful virtual compute system |
| US10853112B2 (en) | 2015-02-04 | 2020-12-01 | Amazon Technologies, Inc. | Stateful virtual compute system |
| US10552193B2 (en) | 2015-02-04 | 2020-02-04 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
| US10387177B2 (en) | 2015-02-04 | 2019-08-20 | Amazon Technologies, Inc. | Stateful virtual compute system |
| US10623476B2 (en) | 2015-04-08 | 2020-04-14 | Amazon Technologies, Inc. | Endpoint management system providing an application programming interface proxy service |
| US10776171B2 (en) | 2015-04-08 | 2020-09-15 | Amazon Technologies, Inc. | Endpoint management system and virtual compute system |
| US9940470B2 (en)* | 2015-10-06 | 2018-04-10 | Symantec Corporation | Techniques for generating a virtual private container |
| US20170098092A1 (en)* | 2015-10-06 | 2017-04-06 | Symantec Corporation | Techniques for generating a virtual private container |
| US10754701B1 (en) | 2015-12-16 | 2020-08-25 | Amazon Technologies, Inc. | Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions |
| US10437629B2 (en) | 2015-12-16 | 2019-10-08 | Amazon Technologies, Inc. | Pre-triggers for code execution environments |
| US10365985B2 (en) | 2015-12-16 | 2019-07-30 | Amazon Technologies, Inc. | Predictive management of on-demand code execution |
| US11243819B1 (en) | 2015-12-21 | 2022-02-08 | Amazon Technologies, Inc. | Acquisition and maintenance of compute capacity |
| US10691498B2 (en) | 2015-12-21 | 2020-06-23 | Amazon Technologies, Inc. | Acquisition and maintenance of compute capacity |
| US11016815B2 (en) | 2015-12-21 | 2021-05-25 | Amazon Technologies, Inc. | Code execution request routing |
| US10747873B2 (en) | 2016-01-26 | 2020-08-18 | Hewlett-Packard Development Company, L.P. | System management mode privilege architecture |
| CN108292339A (en)* | 2016-01-26 | 2018-07-17 | 惠普发展公司,有限责任合伙企业 | System Management Mode privilege framework |
| EP3314516A4 (en)* | 2016-01-26 | 2019-01-09 | Hewlett-Packard Development Company, L.P. | SYSTEM MANAGEMENT MODE PRIVILEGE ARCHITECTURE |
| US10162672B2 (en) | 2016-03-30 | 2018-12-25 | Amazon Technologies, Inc. | Generating data streams from pre-existing data sets |
| US11132213B1 (en) | 2016-03-30 | 2021-09-28 | Amazon Technologies, Inc. | Dependency-based process of pre-existing data sets at an on demand code execution environment |
| US10891145B2 (en) | 2016-03-30 | 2021-01-12 | Amazon Technologies, Inc. | Processing pre-existing data sets at an on demand code execution environment |
| US10282229B2 (en) | 2016-06-28 | 2019-05-07 | Amazon Technologies, Inc. | Asynchronous task management in an on-demand network code execution environment |
| US11354169B2 (en) | 2016-06-29 | 2022-06-07 | Amazon Technologies, Inc. | Adjusting variable limit on concurrent code executions |
| US10402231B2 (en) | 2016-06-29 | 2019-09-03 | Amazon Technologies, Inc. | Adjusting variable limit on concurrent code executions |
| US10102040B2 (en) | 2016-06-29 | 2018-10-16 | Amazon Technologies, Inc | Adjusting variable limit on concurrent code executions |
| US10203990B2 (en) | 2016-06-30 | 2019-02-12 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
| US10277708B2 (en) | 2016-06-30 | 2019-04-30 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
| US10528390B2 (en) | 2016-09-23 | 2020-01-07 | Amazon Technologies, Inc. | Idempotent task execution in on-demand network code execution systems |
| US10884787B1 (en) | 2016-09-23 | 2021-01-05 | Amazon Technologies, Inc. | Execution guarantees in an on-demand network code execution system |
| US11119813B1 (en) | 2016-09-30 | 2021-09-14 | Amazon Technologies, Inc. | Mapreduce implementation using an on-demand network code execution system |
| US10564946B1 (en) | 2017-12-13 | 2020-02-18 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
| US10353678B1 (en) | 2018-02-05 | 2019-07-16 | Amazon Technologies, Inc. | Detecting code characteristic alterations due to cross-service calls |
| US10733085B1 (en) | 2018-02-05 | 2020-08-04 | Amazon Technologies, Inc. | Detecting impedance mismatches due to cross-service calls |
| US10831898B1 (en) | 2018-02-05 | 2020-11-10 | Amazon Technologies, Inc. | Detecting privilege escalations in code including cross-service calls |
| US10725752B1 (en) | 2018-02-13 | 2020-07-28 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
| US10776091B1 (en) | 2018-02-26 | 2020-09-15 | Amazon Technologies, Inc. | Logging endpoint in an on-demand code execution system |
| US11875173B2 (en) | 2018-06-25 | 2024-01-16 | Amazon Technologies, Inc. | Execution of auxiliary functions in an on-demand network code execution system |
| US12314752B2 (en) | 2018-06-25 | 2025-05-27 | Amazon Technologies, Inc. | Execution of auxiliary functions in an on-demand network code execution system |
| US10884722B2 (en) | 2018-06-26 | 2021-01-05 | Amazon Technologies, Inc. | Cross-environment application of tracing information for improved code execution |
| US11146569B1 (en) | 2018-06-28 | 2021-10-12 | Amazon Technologies, Inc. | Escalation-resistant secure network services using request-scoped authentication information |
| US11171983B2 (en)* | 2018-06-29 | 2021-11-09 | Intel Corporation | Techniques to provide function-level isolation with capability-based security |
| US10949237B2 (en) | 2018-06-29 | 2021-03-16 | Amazon Technologies, Inc. | Operating system customization in an on-demand network code execution system |
| US11836516B2 (en) | 2018-07-25 | 2023-12-05 | Amazon Technologies, Inc. | Reducing execution times in an on-demand network code execution system using saved machine states |
| US11099870B1 (en) | 2018-07-25 | 2021-08-24 | Amazon Technologies, Inc. | Reducing execution times in an on-demand network code execution system using saved machine states |
| US11099917B2 (en) | 2018-09-27 | 2021-08-24 | Amazon Technologies, Inc. | Efficient state maintenance for execution environments in an on-demand code execution system |
| US11243953B2 (en) | 2018-09-27 | 2022-02-08 | Amazon Technologies, Inc. | Mapreduce implementation in an on-demand network code execution system and stream data processing system |
| US11943093B1 (en) | 2018-11-20 | 2024-03-26 | Amazon Technologies, Inc. | Network connection recovery after virtual machine transition in an on-demand network code execution system |
| CN109542610A (en)* | 2018-12-04 | 2019-03-29 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of multi partition operating system void interrupt criteria component realization method |
| US10884812B2 (en) | 2018-12-13 | 2021-01-05 | Amazon Technologies, Inc. | Performance-based hardware emulation in an on-demand network code execution system |
| US11010188B1 (en) | 2019-02-05 | 2021-05-18 | Amazon Technologies, Inc. | Simulated data object storage using on-demand computation of data objects |
| US12327133B1 (en) | 2019-03-22 | 2025-06-10 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
| US11861386B1 (en) | 2019-03-22 | 2024-01-02 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
| CN113826072A (en)* | 2019-05-16 | 2021-12-21 | 微软技术许可有限责任公司 | Code Updates in System Administration Mode |
| US11119809B1 (en) | 2019-06-20 | 2021-09-14 | Amazon Technologies, Inc. | Virtualization-based transaction handling in an on-demand network code execution system |
| US11714675B2 (en) | 2019-06-20 | 2023-08-01 | Amazon Technologies, Inc. | Virtualization-based transaction handling in an on-demand network code execution system |
| US11115404B2 (en) | 2019-06-28 | 2021-09-07 | Amazon Technologies, Inc. | Facilitating service connections in serverless code executions |
| US11190609B2 (en) | 2019-06-28 | 2021-11-30 | Amazon Technologies, Inc. | Connection pooling for scalable network services |
| US11159528B2 (en) | 2019-06-28 | 2021-10-26 | Amazon Technologies, Inc. | Authentication to network-services using hosted authentication information |
| US11023311B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | On-demand code execution in input path of data uploaded to storage service in multiple data portions |
| US11263220B2 (en) | 2019-09-27 | 2022-03-01 | Amazon Technologies, Inc. | On-demand execution of object transformation code in output path of object storage service |
| US11386230B2 (en) | 2019-09-27 | 2022-07-12 | Amazon Technologies, Inc. | On-demand code obfuscation of data in input path of object storage service |
| US10908927B1 (en) | 2019-09-27 | 2021-02-02 | Amazon Technologies, Inc. | On-demand execution of object filter code in output path of object storage service |
| US11394761B1 (en) | 2019-09-27 | 2022-07-19 | Amazon Technologies, Inc. | Execution of user-submitted code on a stream of data |
| US11416628B2 (en) | 2019-09-27 | 2022-08-16 | Amazon Technologies, Inc. | User-specific data manipulation system for object storage service based on user-submitted code |
| US10996961B2 (en) | 2019-09-27 | 2021-05-04 | Amazon Technologies, Inc. | On-demand indexing of data in input path of object storage service |
| US11656892B1 (en) | 2019-09-27 | 2023-05-23 | Amazon Technologies, Inc. | Sequential execution of user-submitted code and native functions |
| US11250007B1 (en) | 2019-09-27 | 2022-02-15 | Amazon Technologies, Inc. | On-demand execution of object combination code in output path of object storage service |
| US11550944B2 (en) | 2019-09-27 | 2023-01-10 | Amazon Technologies, Inc. | Code execution environment customization system for object storage service |
| US11023416B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | Data access control system for object storage service based on owner-defined code |
| US11860879B2 (en) | 2019-09-27 | 2024-01-02 | Amazon Technologies, Inc. | On-demand execution of object transformation code in output path of object storage service |
| US11055112B2 (en) | 2019-09-27 | 2021-07-06 | Amazon Technologies, Inc. | Inserting executions of owner-specified code into input/output path of object storage service |
| US11106477B2 (en) | 2019-09-27 | 2021-08-31 | Amazon Technologies, Inc. | Execution of owner-specified code during input/output path to object storage service |
| US11360948B2 (en) | 2019-09-27 | 2022-06-14 | Amazon Technologies, Inc. | Inserting owner-specified data processing pipelines into input/output path of object storage service |
| WO2021080601A1 (en)* | 2019-10-25 | 2021-04-29 | Hewlett-Packard Development Company, L.P. | Integrity monitor |
| US10942795B1 (en) | 2019-11-27 | 2021-03-09 | Amazon Technologies, Inc. | Serverless call distribution to utilize reserved capacity without inhibiting scaling |
| US11119826B2 (en) | 2019-11-27 | 2021-09-14 | Amazon Technologies, Inc. | Serverless call distribution to implement spillover while avoiding cold starts |
| US11449601B2 (en)* | 2020-01-08 | 2022-09-20 | Red Hat, Inc. | Proof of code compliance and protected integrity using a trusted execution environment |
| US11714682B1 (en) | 2020-03-03 | 2023-08-01 | Amazon Technologies, Inc. | Reclaiming computing resources in an on-demand code execution system |
| US11188391B1 (en) | 2020-03-11 | 2021-11-30 | Amazon Technologies, Inc. | Allocating resources to on-demand code executions under scarcity conditions |
| US11775640B1 (en) | 2020-03-30 | 2023-10-03 | Amazon Technologies, Inc. | Resource utilization-based malicious task detection in an on-demand code execution system |
| CN112800431A (en)* | 2020-08-28 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Method and device for safely entering trusted execution environment in hyper-thread scene |
| US11550713B1 (en) | 2020-11-25 | 2023-01-10 | Amazon Technologies, Inc. | Garbage collection in distributed systems using life cycled storage roots |
| US11593270B1 (en) | 2020-11-25 | 2023-02-28 | Amazon Technologies, Inc. | Fast distributed caching using erasure coded object parts |
| US11388210B1 (en) | 2021-06-30 | 2022-07-12 | Amazon Technologies, Inc. | Streaming analytics using a serverless compute system |
| US12020059B2 (en)* | 2021-08-30 | 2024-06-25 | International Business Machines Corporation | Inaccessible prefix pages during virtual machine execution |
| US20230061511A1 (en)* | 2021-08-30 | 2023-03-02 | International Business Machines Corporation | Inaccessible prefix pages during virtual machine execution |
| US11968280B1 (en) | 2021-11-24 | 2024-04-23 | Amazon Technologies, Inc. | Controlling ingestion of streaming data to serverless function executions |
| US12015603B2 (en) | 2021-12-10 | 2024-06-18 | Amazon Technologies, Inc. | Multi-tenant mode for serverless code execution |
| US12381878B1 (en) | 2023-06-27 | 2025-08-05 | Amazon Technologies, Inc. | Architecture for selective use of private paths between cloud services |
Also Published As
| Publication number | Publication date |
|---|---|
| RU2313126C2 (en) | 2007-12-20 |
| US20060015869A1 (en) | 2006-01-19 |
| JP4846660B2 (en) | 2011-12-28 |
| AU2003231237A8 (en) | 2003-12-22 |
| CN1675623A (en) | 2005-09-28 |
| CN100377092C (en) | 2008-03-26 |
| US7581219B2 (en) | 2009-08-25 |
| JP5242747B2 (en) | 2013-07-24 |
| AU2003231237A1 (en) | 2003-12-22 |
| WO2003104981A3 (en) | 2004-05-13 |
| JP2005529401A (en) | 2005-09-29 |
| EP1512074A2 (en) | 2005-03-09 |
| MY146723A (en) | 2012-09-14 |
| JP4708016B2 (en) | 2011-06-22 |
| WO2003104981A2 (en) | 2003-12-18 |
| JP2007265434A (en) | 2007-10-11 |
| RU2004139086A (en) | 2005-07-10 |
| JP2011227939A (en) | 2011-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20030229794A1 (en) | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container | |
| US7631160B2 (en) | Method and apparatus for securing portions of memory | |
| JP6404283B2 (en) | System and method for executing instructions to initialize a secure environment | |
| US7260848B2 (en) | Hardened extensible firmware framework | |
| US5944821A (en) | Secure software registration and integrity assessment in a computer system | |
| US10360386B2 (en) | Hardware enforcement of providing separate operating system environments for mobile devices | |
| KR100950102B1 (en) | A computer system including a secure execution mode-capable processor and a method of initializing the computer system | |
| JP3982687B2 (en) | Controlling access to multiple isolated memories in an isolated execution environment | |
| JP2006012170A (en) | Method to enable user mode process to operate in privileged execution mode | |
| US11989576B2 (en) | Execution of code in system memory | |
| US20060136679A1 (en) | Protected processing apparatus, systems, and methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:INTEL CORPORATION, CALIFORNIA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GLEW, ANDY;REEL/FRAME:012995/0740 Effective date:20020603 | |
| AS | Assignment | Owner name:INTEL CORPORATION, CALIFORNIA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SUTTON, JAMES A. II;GRAWROCK, DAVID W.;UHLIG, RICHARD A.;AND OTHERS;REEL/FRAME:013389/0650;SIGNING DATES FROM 20020813 TO 20021004 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION | |
| AS | Assignment | Owner name:TAHOE RESEARCH, LTD., IRELAND Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTEL CORPORATION;REEL/FRAME:061175/0176 Effective date:20220718 |