Process Isolation Using Protection Domains

US 20080141266A1
Filed: 08/04/2006
Published: 06/12/2008
Est. Priority Date: 12/06/2004
Status: Active Grant

First Claim

Patent Images

1. A method of isolating a plurality of operating system processes, the method comprising:

using software protection to prevent each process of the plurality of operating system processes from accessing memory assigned to the other processes of the plurality of operating system processes;

grouping one or more processes of the plurality of operating system processes into a protection domain; and

using hardware protection to prevent the one or more processes from accessing memory assigned to the other processes of the plurality of operating system processes.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first plurality of operating system processes is assigned to a first protection domain, and a second plurality of operating system processes is assigned to a second protection domain. One or more hardware protection mechanisms are used to prevent the first plurality of operating system processes from accessing the memory space of the second plurality of operating system processes, and also to prevent the second plurality of operating system processes from accessing the memory space of the first plurality of operating system processes.

160 Citations

View as Search Results

20 Claims

1. A method of isolating a plurality of operating system processes, the method comprising:
- using software protection to prevent each process of the plurality of operating system processes from accessing memory assigned to the other processes of the plurality of operating system processes;
  
  grouping one or more processes of the plurality of operating system processes into a protection domain; and
  
  using hardware protection to prevent the one or more processes from accessing memory assigned to the other processes of the plurality of operating system processes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, the grouping comprising:
    - determining which of the plurality of operating system processes are to be included in the protection domain at runtime; and
      
      using the determined operating system processes as the one or more processes.
  - 3. A method as recited in claim 1, the hardware protection comprising assigning the protection domain a more-privileged processor privilege level than is assigned to other protection domains that include one or more of the other processes of the plurality of operating system processes, wherein a processor executing the plurality of operating system processes prevents the one or more of the other processes from accessing memory assigned to the one or more processes in the protection domain, and further prevents the one or more of the other processes from accessing virtual memory features of the processor.
  - 4. A method as recited in claim 1, the hardware protection comprising using virtual memory to isolate an address space of the protection domain from address spaces of other protection domains.
  - 5. A method as recited in claim 1, wherein an operating system that controls execution of the plurality of operating system processes can terminate execution of each of the plurality of operating system processes individually.
  - 6. A method as recited in claim 1, further comprising accessing a set of rules specifying which protection domains should include which operating system processes in order to identify the one or more processes to be grouped into the protection domain.
  - 7. A method as recited in claim 1, the using hardware protection comprising:
    - identifying the protection domain as a kernel domain;
      
      identifying a second protection domain into which is grouped an additional one or more processes of the plurality of operating system processes;
      
      identifying the second protection domain as the kernel domain; and
      
      identifying a third protection domain into which is grouped an additional process of the plurality of operating system processes, and identifying the third protection domain as not the kernel domain.
  - 8. A method as recited in claim 1, wherein the protection domain is a kernel domain, and wherein each of the one or more processes of the plurality of operating system processes is a software isolated process (SIP).
  - 9. A method as recited in claim 1, further comprising using the hardware protection to prevent an additional process from accessing memory assigned to the plurality of operating system processes without using the software protection to prevent the additional process from accessing memory assigned to the plurality of operating system processes.

10. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
- assign a first plurality of operating system processes to a first protection domain;
  
  assign a second plurality of operating system processes to a second protection domain; and
  
  using one or more hardware protection mechanisms to prevent the first plurality of operating system processes from accessing a memory space of the second plurality of operating system processes, and to prevent the second plurality of operating system processes from accessing a memory space of the first plurality of operating system processes.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. One or more computer readable media as recited in claim 10, wherein the instructions further cause the one or more processors to:
    - use software protection mechanisms to prevent each operating system process of the first plurality of operating system processes from accessing the memory spaces of any other operating system process of the first plurality of operating system processes and the second plurality of operating system processes; and
      
      use the software protection mechanisms to prevent each operating system process of the second plurality of operating system processes from accessing the memory spaces of any other operating system process of the first plurality of operating system processes and the second plurality of operating system processes.
  - 12. One or more computer readable media as recited in claim 10, the one or more hardware protection mechanisms comprising assigning the first protection domain a more-privileged processor privilege level than the second protection domain, wherein the one or more processors prevents the second plurality of operating system processes from accessing the memory space of the first plurality of operating system processes, and further prevents the second plurality of operating system processes from accessing virtual memory features of the one or more processors.
  - 13. One or more computer readable media as recited in claim 10, the one or more hardware protection mechanisms comprising identifying the first protection domain and the second protection domain as kernel domains, identifying a third protection domain to which is assigned a third plurality of operating system processes, and identifying the third protection domain as not a kernel domain.
  - 14. One or more computer readable media as recited in claim 10, the one or more hardware protection mechanisms comprising using virtual memory to isolate a virtual address space of the first protection domain from a virtual address space of the second protection domain.
  - 15. One or more computer readable media as recited in claim 10, wherein which operating system processes are to be assigned to the first protection domain and which operating system processes are to be assigned to the second protection domain changes over time.

16. A computing device comprising:
- a processor; and
  
  a memory, coupled to the processor, the memory storing a plurality of instructions that, when executed by the processor, cause the processor to isolate a plurality of operating system processes from each other by;
  
  using software protection to prevent each process of the plurality of operating system processes from accessing memory spaces of the other processes of the plurality of operating system processes;
  
  grouping one or more processes of the plurality of operating system processes into a protection domain; and
  
  using hardware protection to prevent the one or more processes from accessing the memory spaces of the other processes of the plurality of operating system processes.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computing device as recited in claim 16, the grouping comprising:
    - determining which of the plurality of operating system processes are to be included in the protection domain at runtime;
      
      using the determined operating system processes as the one or more processes.
  - 18. A computing device as recited in claim 16, the hardware protection comprising assigning the protection domain a more-privileged processor privilege level than is assigned to one or more of the other processes of the plurality of operating system processes, wherein the processor prevents the one or more of the other processes from accessing memory spaces of the one or more processes in the protection domain, and further prevents the one or more of the other processes from accessing virtual memory features of the processor.
  - 19. A computing device as recited in claim 16, the hardware protection comprising using virtual memory to isolate a virtual address space of the protection domain from one or more virtual address spaces of protection domains to which the other processes of the plurality of operating system processes are grouped.
  - 20. A computing device as recited in claim 19, the hardware protection further comprising using processor privilege levels to prevent the other processes of the plurality of operating system processes from circumventing the virtual memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hawblitzel, Chris K., Aiken, Mark, Hunt, Galen C., Fahndrich, Manuel A., Larus, James R.

Granted Patent

US 7,882,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/106
CPC Class Codes

G06F 12/1009   using page tables, e.g. pag...

G06F 12/109   for multiple virtual addres...

G06F 12/1491   in a hierarchical protectio...

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 2212/1016   Performance improvement

G06F 2212/1052   Security improvement

G06F 2212/651   Multi-level translation tables

G06F 2212/657   Virtual address space manag...

G06F 9/544   Buffers; Shared memory; Pipes

Process Isolation Using Protection Domains

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Process Isolation Using Protection Domains

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links