[go: up one dir, main page]

WO2007050797A3 - Secure virtual-machine monitor - Google Patents

Secure virtual-machine monitor Download PDF

Info

Publication number
WO2007050797A3
WO2007050797A3 PCT/US2006/041851 US2006041851W WO2007050797A3 WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3 US 2006041851 W US2006041851 W US 2006041851W WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
secure
machine
operating systems
machine monitor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2006/041851
Other languages
French (fr)
Other versions
WO2007050797A2 (en
Inventor
William S Worley Jr
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure64 Software Corp
Original Assignee
Secure64 Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secure64 Software Corp filed Critical Secure64 Software Corp
Priority to JP2008537955A priority Critical patent/JP2009514104A/en
Priority to EP06826781A priority patent/EP1955154A2/en
Publication of WO2007050797A2 publication Critical patent/WO2007050797A2/en
Anticipated expiration legal-status Critical
Publication of WO2007050797A3 publication Critical patent/WO2007050797A3/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45566Nested virtual machines
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Embodiments of the present invention provide secure virtual-machine monitors and secure, base-level operating systems that, in turn, provide secure execution environments for guest operating systems and certain special functions that can interface directly to base-level operating systems. Security is accomplished by employing a small, verifiable component of a secure foundation that executes at highest privilege between the hardware interface and the virtual-machine monitor. The virtual-machine monitor and secure foundation employ virtual-machine-monitor-resident guest-operating-system monitors, memory compartmentalization, and authenticated calls to securely isolate computational entities from one another within the computer system.
PCT/US2006/041851 2005-10-25 2006-10-25 Secure virtual-machine monitor Ceased WO2007050797A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2008537955A JP2009514104A (en) 2005-10-25 2006-10-25 Secure virtual machine monitor
EP06826781A EP1955154A2 (en) 2005-10-25 2006-10-25 Secure virtual-machine monitor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US73047805P 2005-10-25 2005-10-25
US60/730,478 2005-10-25

Publications (2)

Publication Number Publication Date
WO2007050797A2 WO2007050797A2 (en) 2007-05-03
WO2007050797A3 true WO2007050797A3 (en) 2009-05-07

Family

ID=37968567

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/041851 Ceased WO2007050797A2 (en) 2005-10-25 2006-10-25 Secure virtual-machine monitor

Country Status (3)

Country Link
EP (1) EP1955154A2 (en)
JP (1) JP2009514104A (en)
WO (1) WO2007050797A2 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2929733B1 (en) * 2008-04-08 2010-08-27 Eads Defence And Security Syst SYSTEM AND METHOD FOR SECURING A COMPUTER HAVING A MICRONOYAU
CN101770410B (en) * 2009-01-07 2016-08-17 联想(北京)有限公司 System reducing method based on client operating system, virtual machine manager and system
US8806231B2 (en) * 2009-12-22 2014-08-12 Intel Corporation Operating system independent network event handling
JP5758914B2 (en) * 2010-12-21 2015-08-05 パナソニック インテレクチュアル プロパティ コーポレーション オブアメリカPanasonic Intellectual Property Corporation of America Virtual computer system and virtual computer system control method
GB2490738A (en) * 2011-05-13 2012-11-14 En Twyn Ltd A power line communications network controlled by an operating system in which network terminals include a processor.
KR101259716B1 (en) 2011-07-08 2013-04-30 주식회사 엘지유플러스 System and method for strengthening security of mobile terminal
US9804870B2 (en) * 2011-10-28 2017-10-31 Intel Corporation Instruction-set support for invocation of VMM-configured services without VMM intervention
CN102779250B (en) * 2012-06-29 2016-04-13 腾讯科技(深圳)有限公司 The detection method of file controllable execution and virtual machine
EP2880587B1 (en) * 2012-08-03 2017-05-10 North Carolina State University Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices
CN112464221B (en) * 2019-09-09 2025-04-29 北京奇虎科技有限公司 Method and system for monitoring memory access behavior
US12254090B2 (en) 2021-08-26 2025-03-18 International Business Machines Corporation Filesystem object protection from ransomware attacks
US11954337B2 (en) * 2021-08-26 2024-04-09 International Business Machines Corporation Encryption monitor register and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Also Published As

Publication number Publication date
JP2009514104A (en) 2009-04-02
WO2007050797A2 (en) 2007-05-03
EP1955154A2 (en) 2008-08-13

Similar Documents

Publication Publication Date Title
WO2007050797A3 (en) Secure virtual-machine monitor
WO2008051842A3 (en) Methods and systems for accessing remote user files associated with local resources
MXPA05007141A (en) Model-based management of computer systems and distributed applications.
WO2007048062A3 (en) Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources
GB2421101B (en) Distributed lock
WO2007081834A3 (en) Multiple user desktop graphical identification and authentication
WO2011058552A3 (en) Secure kvm system having multiple emulated edid functions
HK1054799B (en) Secure machine platform that interfaces to operating systems and customized control programs
WO2009122296A3 (en) System for mitigating the unauthorized use of a device
WO2009122290A3 (en) System for mitigating the unauthorized use of a device
WO2009143294A3 (en) Methods and systems for using external display devices with a mobile computing device
WO2010078017A3 (en) Interrupt techniques
Riddle et al. A survey on the security of hypervisors in cloud computing
WO2010060704A3 (en) Method and system for token-based authentication
WO2009049227A3 (en) Systems, methods and circuits for identifying a micro-short
TW200620930A (en) Stsyem and method for managing access to protected content by untrusted applications
MY189174A (en) Network based management of protected data sets
TW200701722A (en) Context limited shared secret
WO2008129765A1 (en) Monitoring unit control system
WO2009136080A3 (en) System and method for securing a computer comprising a microcore
WO2013049006A3 (en) Monitoring and limiting requests to access system resources
WO2008103778A3 (en) Password protection system and method
WO2009069321A1 (en) Security management program, security management method, and portable terminal
GB2573422A (en) Protecting a web server against an unauthorized client application
Pinto et al. FreeTEE: When real-time and security meet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2008537955

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006826781

Country of ref document: EP