WO2007050797A3 - Secure virtual-machine monitor - Google Patents
Secure virtual-machine monitor Download PDFInfo
- Publication number
- WO2007050797A3 WO2007050797A3 PCT/US2006/041851 US2006041851W WO2007050797A3 WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3 US 2006041851 W US2006041851 W US 2006041851W WO 2007050797 A3 WO2007050797 A3 WO 2007050797A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virtual
- secure
- machine
- operating systems
- machine monitor
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45566—Nested virtual machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
Embodiments of the present invention provide secure virtual-machine monitors and secure, base-level operating systems that, in turn, provide secure execution environments for guest operating systems and certain special functions that can interface directly to base-level operating systems. Security is accomplished by employing a small, verifiable component of a secure foundation that executes at highest privilege between the hardware interface and the virtual-machine monitor. The virtual-machine monitor and secure foundation employ virtual-machine-monitor-resident guest-operating-system monitors, memory compartmentalization, and authenticated calls to securely isolate computational entities from one another within the computer system.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008537955A JP2009514104A (en) | 2005-10-25 | 2006-10-25 | Secure virtual machine monitor |
EP06826781A EP1955154A2 (en) | 2005-10-25 | 2006-10-25 | Secure virtual-machine monitor |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US73047805P | 2005-10-25 | 2005-10-25 | |
US60/730,478 | 2005-10-25 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007050797A2 WO2007050797A2 (en) | 2007-05-03 |
WO2007050797A3 true WO2007050797A3 (en) | 2009-05-07 |
Family
ID=37968567
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/041851 WO2007050797A2 (en) | 2005-10-25 | 2006-10-25 | Secure virtual-machine monitor |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1955154A2 (en) |
JP (1) | JP2009514104A (en) |
WO (1) | WO2007050797A2 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2929733B1 (en) * | 2008-04-08 | 2010-08-27 | Eads Defence And Security Syst | SYSTEM AND METHOD FOR SECURING A COMPUTER HAVING A MICRONOYAU |
CN101770410B (en) * | 2009-01-07 | 2016-08-17 | 联想(北京)有限公司 | System reducing method based on client operating system, virtual machine manager and system |
US8806231B2 (en) | 2009-12-22 | 2014-08-12 | Intel Corporation | Operating system independent network event handling |
CN102770846B (en) * | 2010-12-21 | 2016-08-31 | 松下电器(美国)知识产权公司 | Virtual computer system controls device and virtual computer system control method |
GB2490738A (en) | 2011-05-13 | 2012-11-14 | En Twyn Ltd | A power line communications network controlled by an operating system in which network terminals include a processor. |
KR101259716B1 (en) | 2011-07-08 | 2013-04-30 | 주식회사 엘지유플러스 | System and method for strengthening security of mobile terminal |
CN102779250B (en) * | 2012-06-29 | 2016-04-13 | 腾讯科技(深圳)有限公司 | The detection method of file controllable execution and virtual machine |
WO2014021919A2 (en) * | 2012-08-03 | 2014-02-06 | North Carolina State University | Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices |
US11954337B2 (en) | 2021-08-26 | 2024-04-09 | International Business Machines Corporation | Encryption monitor register and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5596739A (en) * | 1994-02-08 | 1997-01-21 | Meridian Semiconductor, Inc. | Method and apparatus for detecting memory segment violations in a microprocessor-based system |
US5790804A (en) * | 1994-04-12 | 1998-08-04 | Mitsubishi Electric Information Technology Center America, Inc. | Computer network interface and network protocol with direct deposit messaging |
US6944699B1 (en) * | 1998-05-15 | 2005-09-13 | Vmware, Inc. | System and method for facilitating context-switching in a multi-context computer system |
US20050210180A1 (en) * | 2004-03-19 | 2005-09-22 | Intel Corporation | Isolation and protection of firmware-only disk areas |
-
2006
- 2006-10-25 EP EP06826781A patent/EP1955154A2/en not_active Withdrawn
- 2006-10-25 JP JP2008537955A patent/JP2009514104A/en active Pending
- 2006-10-25 WO PCT/US2006/041851 patent/WO2007050797A2/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5596739A (en) * | 1994-02-08 | 1997-01-21 | Meridian Semiconductor, Inc. | Method and apparatus for detecting memory segment violations in a microprocessor-based system |
US5790804A (en) * | 1994-04-12 | 1998-08-04 | Mitsubishi Electric Information Technology Center America, Inc. | Computer network interface and network protocol with direct deposit messaging |
US6944699B1 (en) * | 1998-05-15 | 2005-09-13 | Vmware, Inc. | System and method for facilitating context-switching in a multi-context computer system |
US20050210180A1 (en) * | 2004-03-19 | 2005-09-22 | Intel Corporation | Isolation and protection of firmware-only disk areas |
Also Published As
Publication number | Publication date |
---|---|
JP2009514104A (en) | 2009-04-02 |
EP1955154A2 (en) | 2008-08-13 |
WO2007050797A2 (en) | 2007-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007050797A3 (en) | Secure virtual-machine monitor | |
WO2008051842A3 (en) | Methods and systems for accessing remote user files associated with local resources | |
WO2007048062A3 (en) | Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources | |
GB2421101B (en) | Distributed lock | |
WO2005086802A3 (en) | Linked account system using personal digital key (pdk-las) | |
WO2007001635A3 (en) | Active content trust model | |
WO2007095097A3 (en) | Secure authentication facility | |
WO2006133383A3 (en) | Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies | |
WO2011058552A3 (en) | Secure kvm system having multiple emulated edid functions | |
WO2007018919A3 (en) | Dynamically balancing user experiences in a multi-user computing system | |
WO2009122296A3 (en) | System for mitigating the unauthorized use of a device | |
WO2011145095A3 (en) | Computer motherboard having peripheral security functions | |
WO2008005948A3 (en) | A method and system for determining and sharing a user's web presence | |
WO2005029249A3 (en) | Secure network system and associated method of use | |
WO2009131959A3 (en) | Component-oriented architecture for web mashups | |
TW200620930A (en) | Stsyem and method for managing access to protected content by untrusted applications | |
TW200701722A (en) | Context limited shared secret | |
JP2014533395A5 (en) | ||
WO2011001371A3 (en) | Method for remotely controlling and monitoring the data produced on desktop on desktop software | |
WO2008103778A3 (en) | Password protection system and method | |
PH12014502633A1 (en) | Network based management of protected data sets | |
GB2442902A (en) | Quiescing a processor BUS agent | |
DE602005021098D1 (en) | BUS CONNECTION DEVICE | |
GB2573422A (en) | Protecting a web server against an unauthorized client application | |
TW200627285A (en) | Hierarchical management for multiprocessor system with real time attributes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref document number: 2008537955 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006826781 Country of ref document: EP |