Patent application number | Description | Published |
20080201540 | PRESERVATION OF INTEGRITY OF DATA ACROSS A STORAGE HIERARCHY - A method and apparatus for preservation of integrity of data across a storage hierarchy. An embodiment of a method includes verifying integrity of a memory page that is stored in primary computer memory. The memory page is swapped out of the primary computer memory to a secondary memory, wherein swapping the memory page out includes performing an integrity check of the memory page. The memory page is swapped in the primary computer memory from the secondary memory, wherein swapping in the memory page includes verifying the integrity of the memory page based at least in part on the integrity check performed for swapping out the memory page. | 08-21-2008 |
20090172341 | USING A MEMORY ADDRESS TRANSLATION STRUCTURE TO MANAGE PROTECTED MICRO-CONTEXTS - Embodiments of an invention for using a memory address translation structure to manage protected micro-contexts are disclosed. In one embodiment, an apparatus includes an interface and memory management logic. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, and determination logic. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage. | 07-02-2009 |
20090172343 | USING A TRANSLATION LOOKASIDE BUFFER TO MANAGE PROTECTED MICRO-CONTEXTS - Embodiments of an invention for using a translation lookaside buffer to manage protected micro-contexts are disclosed. In one embodiment, an apparatus includes an interface and memory management logic. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, determination logic, and a translation lookaside buffer. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage. The translation lookaside buffer is to store translations. | 07-02-2009 |
20090172346 | TRANSITIONING BETWEEN SOFTWARE COMPONENT PARTITIONS USING A PAGE TABLE POINTER TARGET LIST - Embodiments of apparatuses, articles, methods, and systems for intra-partitioning components within an execution environment, and transitioning between partitions using a page table pointer target list are generally described herein. Other embodiments may be described and claimed. | 07-02-2009 |
20090172814 | DYNAMIC GENERATION OF INTEGRITY MANIFEST FOR RUN-TIME VERIFICATION OF SOFTWARE PROGRAM - A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered. | 07-02-2009 |
20090222792 | AUTOMATIC MODIFICATION OF EXECUTABLE CODE - A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded. | 09-03-2009 |
20090241189 | EFFICIENT HANDLING OF INTERRUPTS IN A COMPUTING ENVIRONMENT - A method for efficiently handling interrupts in a virtual technology environment with integrity services is provided. The method comprises assigning an interrupt to a virtual machine that is running a software agent; suspending the software agent; invoking a protected interrupt handler; copying the interrupt's memory content to a protected location, in response to successfully verifying the integrity of the content; replacing the interrupt's return address with a return address for a protected function; switching from the software agent's protected context to its active context; executing the original interrupt handler; returning control to the protected function to ensure that execution of the software agent resumes safely; switching back to the software agent's protected context, in response to successfully verifying the integrity of the content; and passing control back to the software agent to resume execution. | 09-24-2009 |
20090323941 | SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described. | 12-31-2009 |
20090327648 | GENERATING MULTIPLE ADDRESS SPACE IDENTIFIERS PER VIRTUAL MACHINE TO SWITCH BETWEEN PROTECTED MICRO-CONTEXTS - Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, an apparatus includes privileged mode logic, an interface, and memory management logic. The privileged mode logic is to transfer control of the processor among a plurality of virtual machines. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, determination logic, and a translation lookaside buffer. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage. The translation lookaside buffer is to store translations. Each translation lookaside buffer entry includes an address source identifiers. Each address source identifier is to identify a unique micro-context. Each address source identifier is based on a virtual partition identifier. At least two of the of virtual partition identifiers are associated with one of the virtual machines | 12-31-2009 |
20100082926 | Restricted Component Access to Application Memory - Embodiments of the present disclosure provide methods, systems, and articles for restricting access to memory of an application by a component of the application, for example, pluggable code modules. Other embodiments may also be described and claimed. | 04-01-2010 |
20100262739 | IDENTIFIER ASSOCIATED WITH MEMORY LOCATIONS FOR MANAGING MEMORY ACCESSES - Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed. | 10-14-2010 |
20110154059 | CUMULATIVE INTEGRITY CHECK VALUE (ICV) PROCESSOR BASED MEMORY CONTENT PROTECTION - In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed. | 06-23-2011 |
20140089659 | Method and apparatus for key provisioning of hardware devices - Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform. | 03-27-2014 |