SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT
First Claim
1. A method comprising:
- controlling, by an operating system, operation of a component in a first execution environment;
identifying the component;
partitioning off a portion of the component to control access by the operating system to a portion of the component; and
allowing the component to request lock or unlock service of the portion of the component.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
-
Citations
27 Claims
-
1. A method comprising:
-
controlling, by an operating system, operation of a component in a first execution environment; identifying the component; partitioning off a portion of the component to control access by the operating system to a portion of the component; and allowing the component to request lock or unlock service of the portion of the component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A machine-readable medium containing instructions which, when executed by a processing system, cause the processing system to perform a method, the method comprising:
-
controlling, by an operating system, operation of a component in a first execution environment; identifying the component; partitioning off a portion of the component to control access by the operating system to a portion of the component; and allowing the component to request lock or unlock service of the portion of the component. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system comprising:
-
a component configured to be controlled by an operating system to operate within a first execution environment; a management module configured to identify the component and to partition off a portion of the component and to control access by the operating system to the portion of the component; and dynamic random access memory coupled to the management module, wherein the component to request lock or unlock service of the portion of the component. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification