Systems and Methods Involving Features of Hardware Virtualization Such as Separation Kernel Hypervisors, Hypervisors, Hypervisor Guest Context, Hypervisor Contest, Rootkit Detection/Prevention, and/or Other Features
First Claim
1. A method for processing information securely, the method comprising:
- partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; and
isolating and/or securing the domains in time and/or space from each other.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.
-
Citations
25 Claims
-
1. A method for processing information securely, the method comprising:
-
partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; and isolating and/or securing the domains in time and/or space from each other. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11)
-
-
4. (canceled)
-
12. A method for processing information securely involving a separation kernel hypervisor, the method comprising:
-
partitioning hardware platform resources to isolate and/or secure in time and/or space a plurality of guest operating system virtual machine protection domains; and executing the guest operating system virtual machine protection domains to provide an isolated and secure software execution environment. - View Dependent Claims (13)
-
-
14. (canceled)
-
15. A method for processing information securely involving a separation kernel hypervisor, the method comprising:
-
partitioning hardware platform resources to isolate and/or secure in time and/or space a plurality of guest operating system virtual machine protection domains; executing the guest operating system virtual machine protection domains to provide an isolated and secure software execution environment, wherein at least one the guest operating system virtual machine protection domains includes a minimal runtime environment and/or virtualization assistance layer and/or malicious code/root kit defense mechanism(s). - View Dependent Claims (16)
-
-
17-18. -18. (canceled)
-
19. A method for processing information securely involving a separation kernel hypervisor, the method comprising:
-
partitioning hardware platform resources to isolate and/or secure in time and/or space a plurality of guest operating system virtual machine protection domains; executing the guest operating system virtual machine protection domains to provide an isolated and secure software execution environment, wherein each of the guest operating system virtual machine protection domains include a guest operating system, virtualization assistance layer and malicious code/root kit defense mechanism(s), wherein the guest operating systems include computing components with data/programming associated with low privilege execution environments, high privilege execution environments, and shared code and data between the low privilege and high privilege execution environments. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25-115. -115. (canceled)
Specification