WO2007050797A3 - Secure virtual-machine monitor - Google Patents

Secure virtual-machine monitor Download PDF

Info

Publication number
WO2007050797A3
WO2007050797A3 PCT/US2006/041851 US2006041851W WO2007050797A3 WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3 US 2006041851 W US2006041851 W US 2006041851W WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
secure
machine
operating systems
machine monitor
Prior art date
Application number
PCT/US2006/041851
Other languages
French (fr)
Other versions
WO2007050797A2 (en
Inventor
William S Worley Jr
Original Assignee
Secure64 Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secure64 Software Corp filed Critical Secure64 Software Corp
Priority to JP2008537955A priority Critical patent/JP2009514104A/en
Priority to EP06826781A priority patent/EP1955154A2/en
Publication of WO2007050797A2 publication Critical patent/WO2007050797A2/en
Publication of WO2007050797A3 publication Critical patent/WO2007050797A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45566Nested virtual machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Abstract

Embodiments of the present invention provide secure virtual-machine monitors and secure, base-level operating systems that, in turn, provide secure execution environments for guest operating systems and certain special functions that can interface directly to base-level operating systems. Security is accomplished by employing a small, verifiable component of a secure foundation that executes at highest privilege between the hardware interface and the virtual-machine monitor. The virtual-machine monitor and secure foundation employ virtual-machine-monitor-resident guest-operating-system monitors, memory compartmentalization, and authenticated calls to securely isolate computational entities from one another within the computer system.
PCT/US2006/041851 2005-10-25 2006-10-25 Secure virtual-machine monitor WO2007050797A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2008537955A JP2009514104A (en) 2005-10-25 2006-10-25 Secure virtual machine monitor
EP06826781A EP1955154A2 (en) 2005-10-25 2006-10-25 Secure virtual-machine monitor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US73047805P 2005-10-25 2005-10-25
US60/730,478 2005-10-25

Publications (2)

Publication Number Publication Date
WO2007050797A2 WO2007050797A2 (en) 2007-05-03
WO2007050797A3 true WO2007050797A3 (en) 2009-05-07

Family

ID=37968567

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/041851 WO2007050797A2 (en) 2005-10-25 2006-10-25 Secure virtual-machine monitor

Country Status (3)

Country Link
EP (1) EP1955154A2 (en)
JP (1) JP2009514104A (en)
WO (1) WO2007050797A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2929733B1 (en) * 2008-04-08 2010-08-27 Eads Defence And Security Syst SYSTEM AND METHOD FOR SECURING A COMPUTER HAVING A MICRONOYAU
CN101770410B (en) * 2009-01-07 2016-08-17 联想(北京)有限公司 System reducing method based on client operating system, virtual machine manager and system
US8806231B2 (en) 2009-12-22 2014-08-12 Intel Corporation Operating system independent network event handling
CN102770846B (en) * 2010-12-21 2016-08-31 松下电器(美国)知识产权公司 Virtual computer system controls device and virtual computer system control method
GB2490738A (en) 2011-05-13 2012-11-14 En Twyn Ltd A power line communications network controlled by an operating system in which network terminals include a processor.
KR101259716B1 (en) 2011-07-08 2013-04-30 주식회사 엘지유플러스 System and method for strengthening security of mobile terminal
CN102779250B (en) * 2012-06-29 2016-04-13 腾讯科技(深圳)有限公司 The detection method of file controllable execution and virtual machine
WO2014021919A2 (en) * 2012-08-03 2014-02-06 North Carolina State University Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices
US11954337B2 (en) 2021-08-26 2024-04-09 International Business Machines Corporation Encryption monitor register and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5596739A (en) * 1994-02-08 1997-01-21 Meridian Semiconductor, Inc. Method and apparatus for detecting memory segment violations in a microprocessor-based system
US5790804A (en) * 1994-04-12 1998-08-04 Mitsubishi Electric Information Technology Center America, Inc. Computer network interface and network protocol with direct deposit messaging
US6944699B1 (en) * 1998-05-15 2005-09-13 Vmware, Inc. System and method for facilitating context-switching in a multi-context computer system
US20050210180A1 (en) * 2004-03-19 2005-09-22 Intel Corporation Isolation and protection of firmware-only disk areas

Also Published As

Publication number Publication date
JP2009514104A (en) 2009-04-02
EP1955154A2 (en) 2008-08-13
WO2007050797A2 (en) 2007-05-03

Similar Documents

Publication Publication Date Title
WO2007050797A3 (en) Secure virtual-machine monitor
WO2008051842A3 (en) Methods and systems for accessing remote user files associated with local resources
WO2007048062A3 (en) Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources
GB2421101B (en) Distributed lock
WO2005086802A3 (en) Linked account system using personal digital key (pdk-las)
WO2007001635A3 (en) Active content trust model
WO2007095097A3 (en) Secure authentication facility
WO2006133383A3 (en) Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
WO2011058552A3 (en) Secure kvm system having multiple emulated edid functions
WO2007018919A3 (en) Dynamically balancing user experiences in a multi-user computing system
WO2009122296A3 (en) System for mitigating the unauthorized use of a device
WO2011145095A3 (en) Computer motherboard having peripheral security functions
WO2008005948A3 (en) A method and system for determining and sharing a user's web presence
WO2005029249A3 (en) Secure network system and associated method of use
WO2009131959A3 (en) Component-oriented architecture for web mashups
TW200620930A (en) Stsyem and method for managing access to protected content by untrusted applications
TW200701722A (en) Context limited shared secret
JP2014533395A5 (en)
WO2011001371A3 (en) Method for remotely controlling and monitoring the data produced on desktop on desktop software
WO2008103778A3 (en) Password protection system and method
PH12014502633A1 (en) Network based management of protected data sets
GB2442902A (en) Quiescing a processor BUS agent
DE602005021098D1 (en) BUS CONNECTION DEVICE
GB2573422A (en) Protecting a web server against an unauthorized client application
TW200627285A (en) Hierarchical management for multiprocessor system with real time attributes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2008537955

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006826781

Country of ref document: EP