System and Method for Providing Address Protection in a Virtual Environment
First Claim
1. A method, comprising:
- identifying an address space in a memory element of a system configured to operate in a virtual environment, wherein the address space includes at least one system address, and wherein the address space is provided to a virtual machine monitor; and
generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process, wherein the page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example implementation includes identifying an address space in a memory element of a system configured to operate in a virtual environment. The address space includes at least one system address, and the address space is provided to a virtual machine monitor. The method also includes generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process. The page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. In more specific embodiments, the method may include evaluating a page fault to determine access to the address space, where access to a writeable area of the memory element is denied.
-
Citations
20 Claims
-
1. A method, comprising:
-
identifying an address space in a memory element of a system configured to operate in a virtual environment, wherein the address space includes at least one system address, and wherein the address space is provided to a virtual machine monitor; and generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process, wherein the page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
identifying an address space in a memory element of a system configured to operate in a virtual environment, wherein the address space includes at least one system address, and wherein the address space is provided to a virtual machine monitor; and generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process, wherein the page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a virtual machine monitor; a memory element configured to store data; and a processor operable to execute instructions associated with the data, wherein the virtual machine monitor includes an address protection module configured to; identify an address space in the memory element of a system configured to operate in a virtual environment, wherein the address space includes at least one system address, and wherein the address space is provided to the virtual machine monitor; and generate a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process, wherein the page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification