VIRTUALIZATION-BASED PLATFORM PROTECTION TECHNOLOGY
First Claim
1. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement a virtual machine monitor (VMM) to:
- enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, by;
using a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application; and
using a second EPT to translate the GPA into a second HPA for the trusted application;
wherein the first and second EPTs map the same GPA to different HPAs.
2 Assignments
0 Petitions
Accused Products
Abstract
A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.
60 Citations
30 Claims
-
1. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement a virtual machine monitor (VMM) to:
-
enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, by; using a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application; and using a second EPT to translate the GPA into a second HPA for the trusted application; wherein the first and second EPTs map the same GPA to different HPAs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
-
load a trusted application to execute on top of an operating system (OS) that uses a guest page table (GPT) to translate guest virtual addresses (GVAs) into a guest physical addresses (GPAs); create an asserted page table (APT) for the trusted application, the APT to translate GVAs into GPAs for the trusted application; prevent the OS from modifying the APT; configure the processor of the device to use the APT instead of the GPT; and after configuring the processor to use the APT instead of the GPT, execute the trusted application. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
-
enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application, wherein the OS comprises an untrusted interrupt descriptor table (IDT) with gates that associate interrupt vectors with untrusted interrupt service routines (ISRs); create a virtual IDT (VIDT) with gates that associate interrupt vectors with trusted ISRs, wherein the trusted ISRs comprise a TA-enter ISR that causes the device to switch from an untrusted memory view associated with the untrusted application to a trusted memory view associated with the trusted application; configure the processor of the device to use the VIDT instead of the untrusted IDT (UIDT); and after configuring the processor to use the VIDT instead of the UIDT, respond to a TA-enter interrupt by invoking the TA-enter ISR. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
-
generate a secret cookie value (SCV) for a trusted application to run on top of an operating system (OS) in a virtual machine (VM); save the SCV to a PPT data structure associated with the trusted application; patch the SCV into trampoline code that provides for transferring control from an untrusted application to the trusted application; in response to the untrusted application calling the trusted application, before allowing the trusted application to execute, determine whether the trampoline code and the PPT data structure contain matching SCVs; and allow the trusted application to execute only if the trampoline code and the PPT structure contain matching SCVs. - View Dependent Claims (27, 28)
-
-
29. One or more tangible computer-readable media storing non-transitory computer-executable instructions that, when executed by a processor of a device, implement platform protection technology (PPT) to:
-
enable an untrusted application to run on top of an operating system (OS) in a rich execution environment (REE); enable a trusted application to run on top of the OS in a in a trusted execution environment (TEE) that prevents the untrusted application from accessing memory used by the trusted application; before allowing the trusted application to execute in the TEE, create a dump buffer in the TEE; in response to a fault during execution of the trusted application, saving fault data from the TEE to the dump buffer; and sharing the dump buffer with the REE. - View Dependent Claims (30)
-
Specification