Patent application number | Description | Published |
20090222792 | AUTOMATIC MODIFICATION OF EXECUTABLE CODE - A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded. | 09-03-2009 |
20090241189 | EFFICIENT HANDLING OF INTERRUPTS IN A COMPUTING ENVIRONMENT - A method for efficiently handling interrupts in a virtual technology environment with integrity services is provided. The method comprises assigning an interrupt to a virtual machine that is running a software agent; suspending the software agent; invoking a protected interrupt handler; copying the interrupt's memory content to a protected location, in response to successfully verifying the integrity of the content; replacing the interrupt's return address with a return address for a protected function; switching from the software agent's protected context to its active context; executing the original interrupt handler; returning control to the protected function to ensure that execution of the software agent resumes safely; switching back to the software agent's protected context, in response to successfully verifying the integrity of the content; and passing control back to the software agent to resume execution. | 09-24-2009 |
20090323941 | SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described. | 12-31-2009 |
20110061050 | METHODS AND SYSTEMS TO PROVIDE PLATFORM EXTENSIONS FOR TRUSTED VIRTUAL MACHINES - Methods and systems to authenticate a privileged virtual machine (VM), such as a monitoring VM, at a computing platform. Once authenticated, the privileged VM may access privileged resources, including data from the computing platform, via a VM manager or via defined instructions. Such data may include state information of other VMs. The state information may include performance counters of the other VMs. Such instructions may include ones that are not available to non-privileged VMs. | 03-10-2011 |
20110078799 | Computer system and method with anti-malware - In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service. | 03-31-2011 |
20130117743 | Instruction-Set Support for Invocation of VMM-Configured Services without VMM Intervention - A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software. | 05-09-2013 |
20130174147 | Low Latency Virtual Machine Page Table Management - Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed. | 07-04-2013 |
20140013326 | Instruction-Set Support for Invocation of VMM-Configured Services without VMM Intervention - A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software. | 01-09-2014 |
20140156972 | Control Transfer Termination Instructions Of An Instruction Set Architecture (ISA) - In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed. | 06-05-2014 |
20140189194 | LOW OVERHEAD PAGED MEMORY RUNTIME PROTECTION - Methods and apparatus relating to low overhead paged memory runtime protection are described. In an embodiment, permission information for guest physical mapping are received prior to utilization of paged memory by an Operating System (OS) based on the guest physical mapping. The permission information is provided through an Extended Page Table (EPT). Other embodiments are also described. | 07-03-2014 |
20150378633 | METHOD AND APPARATUS FOR FINE GRAIN MEMORY PROTECTION - An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages. | 12-31-2015 |
20150379263 | TECHNOLOGIES FOR PREVENTING HOOK-SKIPPING ATTACKS USING PROCESSOR VIRTUALIZATION FEATURES - Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed. | 12-31-2015 |
Patent application number | Description | Published |
20110154500 | Executing Trusted Applications with Reduced Trusted Computing Base - A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application. | 06-23-2011 |
20120255015 | METHOD AND APPARATUS FOR TRANSPARENTLY INSTRUMENTING AN APPLICATION PROGRAM - Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory. | 10-04-2012 |
20130007325 | SECURE HANDLING OF INTERRUPTED EVENTS - Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed. | 01-03-2013 |
20130125119 | REGULATING ACCESS TO AND PROTECTING PORTIONS OF APPLICATIONS OF VIRTUAL MACHINES - Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed. | 05-16-2013 |
20130191577 | INCREASING VIRTUAL-MEMORY EFFICIENCIES - Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed. | 07-25-2013 |
20130276057 | AUTHENTICATED LAUNCH OF VIRTUAL MACHINES AND NESTED VIRTUAL MACHINE MANAGERS - An embodiment of the invention provides for an authenticated launch of VMs and nested VMMs. The embodiment may do so using an interface that invokes a VMM protected launch control mechanism for the VMs and nested VMMs. The interface may be architecturally generic. Other embodiments are described herein. | 10-17-2013 |
20140041033 | HARDWARE ENFORCED MEMORY ACCESS PERMISSIONS - Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation. | 02-06-2014 |
20140068704 | MITIGATING UNAUTHORIZED ACCESS TO DATA TRAFFIC - One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data. | 03-06-2014 |
20140082751 | PROTECTING IAT/EAT HOOKS FROM ROOTKIT ATTACKS USING NEW CPU ASSISTS - The present disclosure provides systems and methods for hardware-enforced protection from malicious software. A device may include at least a security validator module and a security initiator module. A call from a process requesting access to information stored in the device may be redirected to the security initiator module, which may cause the device to change from an unsecured view to a secured view. In the secured view the security validator module may determine whether the call came from malicious software. If the call is determined to be valid, then access to the stored information may be permitted. If the call is determined to be invalid (e.g., from malware), the security software may cause the device to return to the unsecured view without allowing the stored information to be accessed, and may take further measures to identify and/or eliminate process code associated with the process that made the invalid call. | 03-20-2014 |
20140157410 | Secure Environment for Graphics Processing Units - In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments. | 06-05-2014 |
20140245430 | REGULATING ACCESS TO AND PROTECTING PORTIONS OF APPLICATIONS OF VIRTUAL MACHINES - Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed. | 08-28-2014 |
20140380009 | PROTECTED MEMORY VIEW FOR NESTED PAGE TABLE ACCESS BY VIRTUAL MACHINE GUESTS - Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure. | 12-25-2014 |
20150026426 | SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM - A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD. | 01-22-2015 |
20150067763 | HARDWARE AND SOFTWARE EXECUTION PROFILING - Technologies for assembling an execution profile of an event are disclosed. The technologies may include monitoring the event for a branch instruction, generating a callback to a security module upon execution of the branch instruction, filtering the callback according to a plurality of event identifiers, and validating a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction. | 03-05-2015 |
20150143071 | MEMORY EVENT NOTIFICATION - Embodiments of apparatuses and methods for memory event notification are disclosed. In one embodiment, a processor includes address translation hardware and memory event hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory event hardware is to detect an access to a registered portion of memory. | 05-21-2015 |
20150242333 | INCREASING VIRTUAL-MEMORY EFFICIENCIES - Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed. | 08-27-2015 |