Method and system for securely sharing content
First Claim
Patent Images
1. A method of securely sharing content in a system including a hardware platform, comprising:
- a first domain, which has content that requires security, among a plurality of domains logically generated on the hardware platform by a virtualization layer unit, sharing the content with at least one second domain of the plurality of domains, wherein the sharing comprises indicating, by the first domain, to the virtualization layer unit, an external transmission type to which writing of the content of the first domain is not permitted and setting a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content of the first domain is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted; and
preventing, by the virtualization layer unit, the writing of the content if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for securely sharing content are provided, which can securely share the content without allowing access by unauthorized third parties. The method of securely sharing content includes a first domain, which has content that requires security among a plurality of domains logically generated on a hardware platform, sharing the content with at least one second domain, and if the second domain intends to write the content in a region in which writing is not permitted, preventing the writing of the content.
59 Citations
22 Claims
-
1. A method of securely sharing content in a system including a hardware platform, comprising:
-
a first domain, which has content that requires security, among a plurality of domains logically generated on the hardware platform by a virtualization layer unit, sharing the content with at least one second domain of the plurality of domains, wherein the sharing comprises indicating, by the first domain, to the virtualization layer unit, an external transmission type to which writing of the content of the first domain is not permitted and setting a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content of the first domain is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted; and preventing, by the virtualization layer unit, the writing of the content if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for securely sharing content, comprising:
-
a hardware platform; and a virtualization layer unit which logically generates a plurality of domains on the hardware platform; wherein the plurality of domains include a first domain having content that requires security and at least one second domain sharing the content with the first domain; and wherein the virtualization layer unit receives, from the first domain, information on an external transmission type to which writing of the content of the first domain is not permitted and sets a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted, and if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content, the virtualization layer unit prevents the writing of the content. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification