Methods and systems for preventing access to display graphics generated by a trusted virtual machine

US 8,627,456 B2
Filed: 12/14/2010
Issued: 01/07/2014
Est. Priority Date: 12/14/2009
Status: Active Grant

First Claim

Patent Images

1. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a method for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:

receiving, by a graphics manager executed by a processor of the computing device, a first request from the trusted virtual machine executed by the computing device to render graphical data using a graphics processing unit of the computing device;

assigning, by the graphics manager to the trusted virtual machine, a secure section of a memory of the graphics processing unit;

rendering, by the graphics manager, graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory;

receiving, by the graphics manager, a second request from the non-trusted virtual machine executed by the computing device to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory;

preventing, by the graphics manager responsive to receiving the second request, the non- trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory;

receiving, by the graphics manager, a third request from an application executing on the non-trusted virtual machine to render a second set of graphical data using the graphics processing unit, the application generating the second set of graphical data; and

rendering, by the graphics manager, graphics from the second set of graphical data to a section of the graphics processing unit memory not comprising the secure section of the graphics processing unit memory.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The methods and systems provide for preventing a non-trusted virtual machine from reading the graphical output of a trusted virtual machine. A graphics manager receives a request from a trusted virtual machine to render graphical data using a graphics processing unit. The graphics manager assigns, to the trusted virtual machine, a secure section of a memory of the graphics processing unit. The graphics manager renders graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory. The graphics manager receives a request from a non-trusted virtual machine to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory, and prevents the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory.

43 Citations

View as Search Results

14 Claims

1. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a method for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:
- receiving, by a graphics manager executed by a processor of the computing device, a first request from the trusted virtual machine executed by the computing device to render graphical data using a graphics processing unit of the computing device;
  
  assigning, by the graphics manager to the trusted virtual machine, a secure section of a memory of the graphics processing unit;
  
  rendering, by the graphics manager, graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory;
  
  receiving, by the graphics manager, a second request from the non-trusted virtual machine executed by the computing device to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory;
  
  preventing, by the graphics manager responsive to receiving the second request, the non- trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory;
  
  receiving, by the graphics manager, a third request from an application executing on the non-trusted virtual machine to render a second set of graphical data using the graphics processing unit, the application generating the second set of graphical data; and
  
  rendering, by the graphics manager, graphics from the second set of graphical data to a section of the graphics processing unit memory not comprising the secure section of the graphics processing unit memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein receiving the first request from a trusted virtual machine further comprises receiving, by the graphics manager, a fourth request generated by an application executing on the trusted virtual machine, the application generating the graphical data.
  - 3. The method of claim 1, wherein assigning the secure section of memory further comprises assigning a policy to a range of memory addresses.
  - 4. The method of claim 1, wherein preventing the non-trusted virtual machine from reading the secure section of the graphics processing unit memory further comprises:
    - identifying, by the graphics manager, a security credential of the non-trusted virtual machine; and
      
      determining, by the graphics manager based on the security credential, the non-trusted virtual machine does not have permission to access the secure section of the graphics processing unit memory.
  - 5. The method of claim 4, wherein determining the non-trusted virtual machine does not have permission further comprises applying a policy of the secure section of the graphics processing unit memory to the security credential.
  - 6. The method of claim 1, wherein rendering graphics further comprises storing the rendered graphics to the secure section of the graphics processing unit memory.
  - 7. The method of claim 1, further comprising:
    - identifying, by the graphics manager, a security credential of the application executing on the non-trusted virtual machine;
      
      determining, by the graphics manager based on the security credential, the non-trusted virtual machine does not have permission to access the secure section of the graphics processing unit memory; and
      
      preventing, by the graphics manager, the graphics processing unit from rendering the graphics to the secure section of the graphics processing unit memory.

8. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a system for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:
- the computing device comprising;
  
  a processor executing a graphics manager and the hypervisor hosting the trusted virtual machine and the non-trusted virtual machine, anda graphics processing unit, comprising a memory; and
  
  wherein the graphics manager is configured to;
  
  receive a first request from the trusted virtual machine to render graphical data using the graphics processing unit,assign, to the trusted virtual machine, a secure section of the memory of the graphics processing unit,render graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory,receive a second request from the non-trusted virtual machine to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory,prevent the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory, responsive to receiving the second request,receive a third request from the application to render a second set of graphical data using the graphics processing unit, the application generating the second set of graphical data, andrender graphics from the second set of graphical data to a section of the graphics processing unit memory not comprising the secure section of the graphics processing unit memory.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising an application executing on the trusted virtual machine generating the graphical data, and wherein the graphics manager is further configured to receive a request generated by the application.
  - 10. The system of claim 8, wherein the graphics manager is further configured to assign a policy to a range of memory addresses.
  - 11. The system of claim 8, wherein the graphics manager is further configured to:
    - identify a security credential of the non-trusted virtual machine, anddetermine, based on the security credential, the non-trusted virtual machine does not have permission to access the secure section of the graphics processing unit memory.
  - 12. The system of claim 11, wherein the graphics manager is further configured to apply a policy of the secure section of the graphics processing unit memory to the security credential.
  - 13. The system of claim 8, wherein the graphics manager is further configured to store the rendered graphics to the secure section of the graphics processing unit memory.
  - 14. The system of claim 8, wherein the graphics manager is further configured to:
    - identify a security credential of the application executing on the non-trusted virtual machine,determine, based on the security credential, the non-trusted virtual machine does not have permission to access the secure section of the graphics processing unit memory, andprevent the graphics processing unit from rendering the graphics to the secure section of the graphics processing unit memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
McKenzie, James, Guyader, Jean
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Elmore, Gregory M

Application Number

US12/967,348
Publication Number

US 20110145916A1
Time in Patent Office

1,120 Days
Field of Search

345/531, 718/1, 726/19
US Class Current

726/19
CPC Class Codes

G06F 2009/45575   Starting, stopping, suspend...

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/556   involving covert channels, ...

G06F 21/57   Certifying or maintaining t...

G06F 21/629   to features or functions of...

G06F 21/79   in semiconductor storage me...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/84   output devices, e.g. displa...

G06F 21/85   interconnection devices, e....

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2107   File encryption

G06F 2221/2115   Third party

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2147   Locking files

G06F 2221/2149   Restricted operating enviro...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558 : Hypervisor-specific managem...

H04L 63/20 : for managing network securi...

View All

Methods and systems for preventing access to display graphics generated by a trusted virtual machine

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for preventing access to display graphics generated by a trusted virtual machine

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links