SYSTEMS AND METHODS FOR SECURE ASSOCIATION OF HARDWARD DEVICES
First Claim
Patent Images
1. An apparatus to protect hardware devices from malicious software attacks, comprising:
- a virtual machine manager interposed between one or more operating system virtual machines and one or more hardware devices;
a memory protection module executed within the virtual machine manager to monitor the memory state of the virtual machine manager; and
an integrity measurement manager to measure and manage the integrity of one or more device drivers executed within the one or more operating system virtual machines, the device drivers accessing enumerated memory space managed by the memory protection module.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.
81 Citations
15 Claims
-
1. An apparatus to protect hardware devices from malicious software attacks, comprising:
-
a virtual machine manager interposed between one or more operating system virtual machines and one or more hardware devices; a memory protection module executed within the virtual machine manager to monitor the memory state of the virtual machine manager; and an integrity measurement manager to measure and manage the integrity of one or more device drivers executed within the one or more operating system virtual machines, the device drivers accessing enumerated memory space managed by the memory protection module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
modifying a page table so that the physical address for a hardware device is inaccessible to an operating system virtual machine; verifying the integrity of a device driver attempting to access the physical address of the hardware device; and providing memory protection and device memory registers to the device driver if the integrity is verified. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium having machine-executable instructions contained therein, which when executed perform the following operations
modifying a page table so that the physical address for a hardware device is inaccessible to an operating system virtual machine; -
verifying the integrity of a device driver attempting to access the physical address of the hardware device; and providing memory protection and device memory registers to the device driver if the integrity is verified. - View Dependent Claims (14, 15)
-
Specification