Enabling byte-code based image isolation
First Claim
Patent Images
1. A method comprising:
- initializing a bytecode driver and setting an extensible policy mechanism to protect at least one root data structure including a page table;
interpreting a bytecode of a pre-boot driver associated with a memory access in a byte code interpreter and mapping between a virtual address and a physical address of a memory page of the memory access, wherein the physical address is to be accessed using a page directory entry of a page directory and a page table entry of the page table; and
controlling access to the memory page based on a plurality of protection bits of the page table entry of the page table.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
20 Citations
15 Claims
-
1. A method comprising:
-
initializing a bytecode driver and setting an extensible policy mechanism to protect at least one root data structure including a page table; interpreting a bytecode of a pre-boot driver associated with a memory access in a byte code interpreter and mapping between a virtual address and a physical address of a memory page of the memory access, wherein the physical address is to be accessed using a page directory entry of a page directory and a page table entry of the page table; and controlling access to the memory page based on a plurality of protection bits of the page table entry of the page table. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article comprising a machine-accessible storage medium including instructions that when executed cause a system to:
-
initialize a bytecode driver and set an extensible policy mechanism to protect at least one root data structure including a page table; interpret a bytecode of a pre-boot driver associated with a memory access in a byte code interpreter and map between a virtual address and a physical address of a memory page of the memory access, wherein the physical address is to be accessed using a page directory entry of a page directory and a page table entry of the page table; and control access to the memory page based on a plurality of protection bits of the page table entry of the page table. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor; and a memory coupled to the processor to store instructions to cause the processor to initialize a bytecode driver and set an extensible policy mechanism to protect at least one root data structure including a page table, interpret a bytecode of a pre-boot driver associated with a memory access to a memory page via a byte code interpreter, and prior to allowing the memory access, determine whether the pre-boot driver is allowed to access to the memory page based on a plurality of protection bits of a page table entry of a page table associated with the memory page. - View Dependent Claims (13, 14, 15)
-
Specification