VIRTUALIZATION-BASED PLATFORM PROTECTION TECHNOLOGY

US 20160364341A1
Filed: 06/15/2015
Published: 12/15/2016
Est. Priority Date: 06/15/2015
Status: Active Grant

First Claim

Patent Images

1. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement a virtual machine monitor (VMM) to:

enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, by;

using a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application; and

using a second EPT to translate the GPA into a second HPA for the trusted application;

wherein the first and second EPTs map the same GPA to different HPAs.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

60 Citations

View as Search Results

30 Claims

1. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement a virtual machine monitor (VMM) to:
- enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, by;
  
  using a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application; and
  
  using a second EPT to translate the GPA into a second HPA for the trusted application;
  
  wherein the first and second EPTs map the same GPA to different HPAs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A computer-readable medium according to claim 1, wherein the VMM enables the OS, the untrusted application, and the trusted application to execute in a single virtual machine (VM).
  - 3. A computer-readable medium according to claim 1, wherein the OS uses a guest page table to translate guest virtual addresses (GVAs) into GPAs for the untrusted application and for the trusted application.
  - 4. A computer-readable medium according to claim 1, wherein the instructions, when executed, also implement an interrupt service routine (ISR) that enables the untrusted application to transfer control to the trusted application.
  - 5. A computer-readable medium according to claim 4, wherein the instructions in the machine-accessible medium, when executed, also implement a platform protection technology (PPT) driver to install the ISR.
  - 6. A computer-readable medium according to claim 1, wherein the VMM comprises a data structure that associates different view identifiers with different EPTs.
  - 7. A computer-readable medium according to claim 6, wherein the VMM comprises an EPT pointer that points to the EPT for the view that is currently active.
  - 8. A computer-readable medium according to claim 1, wherein the instructions, when executed, implement platform protection technology (PPT) to:
    - load the trusted application to execute on top of the OS, wherein the OS uses a guest page table (GPT) to translate guest virtual addresses (GVAs) into a guest physical addresses (GPAs);
      
      create an asserted page table (APT) for the trusted application, the APT to translate GVAs into GPAs for the trusted application;
      
      prevent the OS from modifying the APT;
      
      configure the processor of the device to use the APT instead of the GPT; and
      
      after configuring the processor to use the APT instead of the GPT, execute the trusted application.
  - 9. A computer-readable medium according to claim 8, wherein:
    - the OS comprises an untrusted interrupt descriptor table (IDT) with gates that associate interrupt vectors with untrusted interrupt service routines (ISRs); and
      
      further comprising the PPT to;
      
      create a virtual IDT (VIDT) with gates that associate interrupt vectors with trusted ISRs, wherein the trusted ISRs comprise a TA-enter ISR that causes the device to switch from an untrusted memory view associated with the untrusted application to a trusted memory view associated with the trusted application;
      
      configure the processor of the device to use the VIDT instead of the untrusted IDT (UIDT); and
      
      after configuring the processor to use the VIDT instead of the UIDT, respond to a TA-enter interrupt by invoking the TA-enter ISR.
  - 10. A computer-readable medium according to claim 9, further comprising:
    - the untrusted application to run on top of the OS in a virtual machine (VM) in a rich execution environment (REE); and
      
      the trusted application to run on top of the OS in the VM in a trusted execution environment (TEE) that prevents the untrusted application from accessing memory used by the trusted application; and
      
      the PPT to;
      
      generate a secret cookie value (SCV) for the trusted application;
      
      save the SCV to a PPT data structure associated with the trusted application;
      
      patch the SCV into trampoline code that provides for transferring control from the untrusted application to the trusted application;
      
      in response to the untrusted application calling the trusted application, before allowing the trusted application to execute, determine whether the trampoline code and the PPT data structure contain matching SCVs;
      
      allow the trusted application to execute only if the trampoline code and the PPT structure contain matching SCVs;
      
      before allowing the trusted application to execute in the TEE, create a dump buffer in the TEE;
      
      in response to a fault during execution of the trusted application, saving fault data from the TEE to the dump buffer; and
      
      sharing the dump buffer with the REE.

11. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
- load a trusted application to execute on top of an operating system (OS) that uses a guest page table (GPT) to translate guest virtual addresses (GVAs) into a guest physical addresses (GPAs);
  
  create an asserted page table (APT) for the trusted application, the APT to translate GVAs into GPAs for the trusted application;
  
  prevent the OS from modifying the APT;
  
  configure the processor of the device to use the APT instead of the GPT; and
  
  after configuring the processor to use the APT instead of the GPT, execute the trusted application.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A computer-readable medium according to claim 11, wherein the GPT is not write protected.
  - 13. A computer-readable medium according to claim 11, wherein the PPT comprises:
    - a virtual machine monitor (VMM) to create the APT; and
      
      an interrupt service routine (ISR) to configure the processor to use the APT instead of the GPT.
  - 14. A computer-readable medium according to claim 13, wherein the PPT comprises:
    - a PPT loader to load the trusted application into memory and to register each page of the trusted application with the VMM; and
      
      wherein the VMM creates the APT in response to the PPT loader.
  - 15. A computer-readable medium according to claim 14, further comprising:
    - the VMM to walk an OS page table for each TA page in response to the PPT loader registering said page with the VMM; and
      
      the VMM to replicate an OS page table entry for said page to the APT.
  - 16. A computer-readable medium according to claim 13, further comprising:
    - the VMM to lock the APT; and
      
      the trusted application to execute only after the VMM has locked the APT.

17. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
- enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, wherein the OS comprises an untrusted interrupt descriptor table (IDT) with gates that associate interrupt vectors with untrusted interrupt service routines (ISRs);
  
  create a virtual IDT (VIDT) with gates that associate interrupt vectors with trusted ISRs, wherein the trusted ISRs comprise a TA-enter ISR that causes the device to switch from an untrusted memory view associated with the untrusted application to a trusted memory view associated with the trusted application;
  
  configure the processor of the device to use the VIDT instead of the untrusted IDT (UIDT); and
  
  after configuring the processor to use the VIDT instead of the UIDT, respond to a TA-enter interrupt by invoking the TA-enter ISR.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. A computer-readable medium according to claim 17, further comprising:
    - the VMM to store the trusted ISRs in a trusted kernel context (TKC), wherein the VMM prevents the OS from modifying the TKC.
  - 19. A computer-readable medium according to claim 17, wherein the trusted ISRs further comprise a TA-exit ISR that, in response to a TA-exit interrupt, causes the device to switch from the trusted memory view associated with the trusted application to the untrusted memory view associated with the untrusted application.
  - 20. A computer-readable medium according to claim 17, wherein the trusted ISRs further comprise a TA-resume ISR that, in response to a TA-resume interrupt, causes the device to:
    - switch from the untrusted memory view associated with the untrusted application to the trusted memory view associated with the untrusted application; and
      
      restore context for the trusted application.
  - 21. A computer-readable medium according to claim 17, wherein the trusted ISRs further comprise a general purpose (GP) ISR to:
    - in response to an interrupt, determine whether the interrupt occurred while the trusted application is executing; and
      
      in response to determining that the interrupt occurred while the trusted application is executing;
      
      save state data from at least one register to a save state area (SSA) for the trusted application; and
      
      replace a return instruction pointer (RIP) on a current trusted stack with an asynchronous exit pointer (AEP) of an untrusted runtime associated with the untrusted application.
  - 22. A computer-readable medium according to claim 21, wherein the state data comprises the RIP from the current trusted stack.
  - 23. A computer-readable medium according to claim 21, further comprising, to GP ISR to:
    - switch from a trusted page table to an untrusted page table by switching a control register to pointing to the trusted page table; and
      
      switch from the trusted memory view to untrusted memory view.
  - 24. A computer-readable medium according to claim 21, further comprising, to GP ISR to:
    - replace a trusted runtime stack pointer (RSP) with an untrusted RSP; and
      
      after replacing the trusted RSP with the untrusted RSP, executing a interrupt return (iret) to cause control to jump to a known exit point in the untrusted runtime.
  - 25. A computer-readable medium according to claim 21, further comprising, to GP ISR to:
    - prepare synthetic general purpose register (GPR) state on an interrupt stack, wherein the synthetic GPR state comprises a flag indicating that, for control to return to the trusted application, the control must come from the TA-resume ISR;
      
      switch from the current trusted stack to an untrusted stack;
      
      copy the synthetic GPR state to the untrusted stack; and
      
      jump to an OS ISR by executing a return instruction.

26. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
- generate a secret cookie value (SCV) for a trusted application to run on top of an operating system (OS) in a virtual machine (VM);
  
  save the SCV to a PPT data structure associated with the trusted application;
  
  patch the SCV into trampoline code that provides for transferring control from an untrusted application to the trusted application;
  
  in response to the untrusted application calling the trusted application, before allowing the trusted application to execute, determine whether the trampoline code and the PPT data structure contain matching SCVs; and
  
  allow the trusted application to execute only if the trampoline code and the PPT structure contain matching SCVs.
- View Dependent Claims (27, 28)
- - 27. A computer-readable medium according to claim 26, wherein:
    - the PPT comprises trusted interrupt service routines (ISRs);
      
      the trusted ISRs comprises a TA-enter ISR that causes the device to switch from an untrusted memory view associated with the untrusted application to a trusted memory view associated with the trusted application; and
      
      the TA-enter ISR is to perform the operation of determining whether the trampoline code and the PPT data structure contain matching SCVs.
  - 28. A computer-readable medium according to claim 26, wherein:
    - the PPT data structure associated with the trusted application resides outside of the VM.

29. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
- enable an untrusted application to run on top of an operating system (OS) in a rich execution environment (REE);
  
  enable a trusted application to run on top of the OS in a in a trusted execution environment (TEE) that prevents the untrusted application from accessing memory used by the trusted application;
  
  before allowing the trusted application to execute in the TEE, create a dump buffer in the TEE;
  
  in response to a fault during execution of the trusted application, saving fault data from the TEE to the dump buffer; and
  
  sharing the dump buffer with the REE.
- View Dependent Claims (30)
- - 30. A computer-readable medium according to claim 29, wherein sharing the dump buffer with the REE comprises copying the dump buffer to untrusted memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Naropanth, Sumanth, Notalapati Prabhakara, Sunil K., Singh, Surendra K., Mohan, Arvind, Malhotra, Rahil, Bakshi, Aman, Kamma, Vasudevarao, Nayak, Jyothi, Thakkar, Vivek, Pinto, Royston A., Banginwar, Rajesh P., Sahita, Ravi L.

Granted Patent

US 9,842,065 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/023   Free address space management

G06F 12/109   for multiple virtual addres...

G06F 12/145   the protection being virtua...

G06F 12/1491   in a hierarchical protectio...

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2212/1052   Security improvement

G06F 2212/151   Emulated environment, e.g. ...

G06F 2212/651   Multi-level translation tables

G06F 2221/2149   Restricted operating enviro...

G06F 9/45545   Guest-host, i.e. hypervisor...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/485   Task life-cycle, e.g. stopp...

VIRTUALIZATION-BASED PLATFORM PROTECTION TECHNOLOGY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

VIRTUALIZATION-BASED PLATFORM PROTECTION TECHNOLOGY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others