Tamper protection of software agents operating in a vitual technology environment methods and apparatuses
First Claim
Patent Images
1. A method comprising:
- assigning by a virtual machine manager disposed in a memory of a computing device and operated by a processor of the computing device, a first security domain to a first memory page of the memory of the computing device, and a second security domain to a second memory page of the memory of the computing device, wherein the virtual machine manager manages a plurality of virtual machines disposed in the memory and operated by the processor, wherein the virtual machines include a plurality of programs, and the processor is enhanced with a previous security domain register and a current security domain register;
storing by the virtual machine manager information indicative of the first security domain in a first extended page table entry structure that references the first memory page, and information indicative of the second security domain in a second extended page table entry structure that references the second memory page, the first and second extended page table entry structures being part of a page table structure managed by and disposed within the virtual machine manager;
copying by the processor, the information indicative of the first security domain and the information indicative of the second security domain to the previous security domain register and the current security domain register, respectively, if an instruction residing in the first memory page attempts to reference or access the second memory page, wherein the instruction belongs to one of the plurality of programs of the plurality of virtual machines;
comparing by the processor, using the previous security domain register and the current security domain register, the first and second security domains of the first and second memory pages; and
determining by the processor, whether to allow or to disallow the instruction from the first memory page to reference or access the second memory page based at least in part on said comparing.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatuses, articles, and systems for comparing a first security domain of a first memory page of a physical device to a second security domain of a second memory page of the physical device, the security domains being stored in one or more registers of a processor of the physical device, are described herein. Based on the comparison, the processor disallows an instruction from the first memory page to access the second memory page if the first security domain is different from the second security domain. Resultantly, software agents, in particular, critical software agents, may be protected in a virtual technology (VT) environment more efficiently and effectively.
118 Citations
28 Claims
-
1. A method comprising:
-
assigning by a virtual machine manager disposed in a memory of a computing device and operated by a processor of the computing device, a first security domain to a first memory page of the memory of the computing device, and a second security domain to a second memory page of the memory of the computing device, wherein the virtual machine manager manages a plurality of virtual machines disposed in the memory and operated by the processor, wherein the virtual machines include a plurality of programs, and the processor is enhanced with a previous security domain register and a current security domain register; storing by the virtual machine manager information indicative of the first security domain in a first extended page table entry structure that references the first memory page, and information indicative of the second security domain in a second extended page table entry structure that references the second memory page, the first and second extended page table entry structures being part of a page table structure managed by and disposed within the virtual machine manager; copying by the processor, the information indicative of the first security domain and the information indicative of the second security domain to the previous security domain register and the current security domain register, respectively, if an instruction residing in the first memory page attempts to reference or access the second memory page, wherein the instruction belongs to one of the plurality of programs of the plurality of virtual machines; comparing by the processor, using the previous security domain register and the current security domain register, the first and second security domains of the first and second memory pages; and determining by the processor, whether to allow or to disallow the instruction from the first memory page to reference or access the second memory page based at least in part on said comparing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A processor comprising:
-
a translation lookaside buffer; a previous security domain register and a current security domain register coupled with the translation lookaside buffer, and configured to; copy information indicative of first and second security domains of first and second memory pages into the previous and current security domain registers, respectively, from the translation lookaside buffer, if an instruction residing in the first memory page attempts to reference or access the second memory page, wherein the first and second memory pages are memory pages of a memory coupled with the processor, wherein the information indicative of the first and second security domains are assigned to the first and second memory pages, respectively, by a virtual machine manager disposed in the memory and operated by the processor, wherein the information indicative of the first and second security domains are stored by the virtual machine manager in a first and a second extended page table entry structures that reference the first and second memory pages respectively, wherein the first and second extended page table entry structures are part of the virtual memory manager disposed in the memory and operated by the processor, wherein the memory further includes a number of virtual machines managed by the virtual machine manager, and wherein the number of virtual machines have a plurality of programs, respectively, all operated by the processor, and wherein the instruction belongs to one of the plurality of programs; and a comparing logic configured to compare the first security domain of the first memory page to the second security domain of the second memory page, and not disallow an instruction from the first memory page to reference or access the second memory page in response to the first security domain having a privilege level higher than or equal to the second security domain. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
mass storage having stored therein a virtual machine manager, and at least one critical operating system component program instantiable into a critical operating system component agent of a virtual machine; and a processor coupled to the mass storage, the processor including a translation lookaside buffer; a previous security domain register and a current security domain register coupled to the translation lookaside buffer and configured to; copy information indicative of first and second security domains of first and second memory pages of the system into the previous and current security domain registers, respectively, from the translation lookaside buffer, if an instruction residing in the first memory page attempts to reference or access the second memory page, wherein the first and second memory pages are memory pages of a memory coupled with the processor, wherein the information indicative of the first and second security domains are assigned to the first and second memory pages, respectively, by the virtual machine manager disposed in the memory and operated by the processor, wherein the information indicative of the first and second security domains are stored by the virtual machine manager in a first and a second extended page table entry structures that reference the first and second memory pages respectively, wherein the first and second extended page table entry structures are part of a virtual memory manager disposed in the memory and operated by the processor, wherein the memory further includes a number of virtual machines having a plurality of programs, all operated by the processor, wherein the instruction belongs to one of the plurality of programs, and the second memory page having at least a portion of the critical operating system component agent of the virtual machine; and a comparing logic coupled to the registers and adapted to compare the first security domain of the first memory page to the second security domain of the second memory page, and not disallow an instruction from the first memory page to access the second memory page in response to the first security domain having a privilege level higher or equal to the second security domain. - View Dependent Claims (25, 26, 27, 28)
-
Specification