Protecting software environment in isolated execution
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/04
G06F-007/02
출원번호
US-0668610
(2000-09-22)
발명자
/ 주소
Ellison,Carl M.
Golliver,Roger A.
Herbert,Howard C.
Lin,Derrick C.
McKeen,Francis X.
Neiger,Gilbert
Reneris,Ken
Sutton,James A.
Thakkar,Shreekant S.
Mittal,Millind
출원인 / 주소
Intel Corporation
인용정보
피인용 횟수 :
41인용 특허 :
171
초록▼
The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the
The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the OSNK to protect usage of a subset of the software environment.
대표청구항▼
What is claimed is: 1. An apparatus comprising: a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a rin
What is claimed is: 1. An apparatus comprising: a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and a usage protector coupled to the key generator to protect usage of a subset of a software environment using the OSNK; the key generator to generate the OSNK based at least in part on a master binding key (BK0) of the platform and an identification of the OS nub; wherein the usage protector performs at least one operation selected from the group consisting of: encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. 2. The apparatus of claim 1, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub. 3. The apparatus of claim 1 wherein the usage protector comprises: an encryptor to encrypt the subset of the software environment using the OSNK, the encrypted subset being stored in a storage; and a decryptor to decrypt the encrypted subset using the OSNK, the encrypted subset being retrieved from the storage. 4. The apparatus of claim 1 wherein the usage protector comprises: an encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; a decryptor to decrypt the encrypted first hash value using the OSNK, the encrypted first hash value being retrieved from the storage; and a comparator to compare the decrypted first hash value to a second hash value to generate a compared result, the compared result indicating whether the subset of the software environment has been modified. 5. The apparatus of claim 1 wherein the usage protector comprises: a first encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; a second encryptor to encrypt a second hash value using the OSNK; and a comparator to compare the encrypted second hash value to the encrypted first hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 6. The apparatus of claim 1 wherein the usage protector comprises: a decryptor to decrypt a protected private key to generate a private key using the OSNK; a signature generator coupled to the decryptor to generate a signature of the subset of the software environment using the private key, the signature being stored in a storage; and a signature verifier to verify the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset has been modified. 7. The apparatus of claim 1 wherein the usage protector comprises: a manifest generator to generate a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage; a signature generator coupled to the manifest generator to generate a manifest signature using a private key, the private key being decrypted by a decryptor using the OSNK, the manifest signature being stored in the storage; a signature verifier to verify the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and a manifest verifier to verify the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal to indicate whether the subset has been modified. 8. The apparatus of claim 1 wherein the subset of the software environment comprises a registry of an operating system. 9. The apparatus of claim 1, wherein the BK0 is generated at random on a first invocation of a processor nub. 10. A method comprising: generating an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and protecting usage of a subset of the software environment using the OSNK; wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of: encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode; and wherein the operation of generating an OSNK comprises generating the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. 11. The method of claim 10, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub. 12. The method of claim 10 wherein protecting usage comprises: encrypting the subset of the software environment using the OSNK; storing the encrypted subset in a storage; and decrypting the encrypted subset from the storage using the OSNK. 13. The method of claim 10 wherein protecting usage comprises: encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; decrypting the encrypted first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being retrieved from the storage; and comparing the decrypted first hash value to a second hash value to generate a compared result, the decrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 14. The method of claim 10 wherein protecting usage comprises: encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; encrypting a second hash value using the OSNK; and comparing the encrypted first hash value to the encrypted second hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 15. The method of claim 10 wherein protecting usage comprises: decrypting a protected private key to generate a private key using the OSNK; generating a signature of the subset of the software environment using the private key, the signature being stored in a storage; and verifying the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset of the software environment has been modified. 16. The method of claim 10 wherein detecting comprises: generating a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage; generating a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage; verifying the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and verifying the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal, the pass/fail signal indicating whether the subset of the software environment has been modified. 17. The method of claim 10 wherein the subset of the software environment comprises a registry of the operating system. 18. The method of claim 10, wherein the BK0 is generated at random on a first invocation of a processor nub. 19. A computer program product comprising: a computer usable medium having computer program code embodied therein, the computer program product having: computer readable program code to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and computer readable program code to protect usage of a subset of the software environment using the OSNK; wherein the computer readable program code to generate the OSNK comprises computer readable program code to generate the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform; and wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of: encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. 20. The computer program product of claim 19, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub. 21. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises: computer readable program code for encrypting the subset of the software environment using the OSNK; computer readable program code for storing the encrypted subset; and computer readable program code for decrypting the encrypted subset from the storage using the OSNK. 22. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises: computer readable program code for encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; computer readable program code for decrypting the encrypted first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being retrieved from the storage; and computer readable program code for comparing the decrypted first hash value to a second hash value to generate a compared result, the decrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 23. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises: computer readable program code for encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; computer readable program code for encrypting a second hash value using the OSNK; and computer readable program code for comparing the encrypted first hash value to the encrypted second hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 24. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises: computer readable program code for decrypting a protected private key to generate a private key using the OSNK; computer readable program code for generating a signature of the subset of the software environment using the private key, the signature being stored in a storage; and computer readable program code for verifying the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the software environment has been modified. 25. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises: computer readable program code for generating a manifest of the subset of the software environment, the manifest being stored in a storage; computer readable program code for generating a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage; computer readable program code for verifying the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and computer readable program code for verifying the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal, the pass/fail signal indicating whether the subset of the software environment has been modified. 26. The computer program product of claim 19 wherein the subset of the software environment comprises a registry of an operating system. 27. The computer program product of claim 19, wherein the BK0 is generated at random on a first invocation of a processor nub. 28. A system comprising: a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; storage response to the processor, the storage storing at least a subset of a software environment to run on the system: an operating system (OS) nub; a key generator to generate an operating system nub key (OSNK) unique to the OS nub, based at least in part on an identification of the OS nub and a master binding key (BK0) of the system; and a usage protector coupled to the key generator to protect usage of a subset of the software environment using the OSNK; wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of: encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. 29. The system of claim 28, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub. 30. The system of claim 28 wherein the usage protector comprises: an encryptor to encrypt the subset of the software environment using the OSNK, the encrypted subset being stored in a storage; and a decryptor to decrypt the encrypted subset using the OSNK, the encrypted subset being retrieved from the storage. 31. The system of claim 28 wherein the usage protector comprises: an encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; a decryptor to decrypt the encrypted first hash value using the OSNK, the encrypted first hash value being retrieved from the storage; and a comparator to compare the decrypted first hash value to a second hash value to generate a compared result, the compared result indicating whether the subset of the software environment has been modified. 32. The system of claim 28 wherein the usage protector comprises: a first encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage; a second encryptor to encrypt a second hash value using the OSNK; and a comparator to compare the encrypted second hash value to the encrypted first hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified. 33. The system of claim 28 wherein the usage protector comprises: a decryptor to decrypt a protected private key to generate a private key using the OSNK; a signature generator coupled to the decryptor to generate a signature of the subset of the software environment using the private key, the signature being stored in a storage; and a signature verifier to verify the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset of the software environment has been modified. 34. The system of claim 28 wherein the usage protector comprises: a manifest generator to generate a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage; a signature generator coupled to the manifest generator to generate a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage; a signature verifier to verify the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and a manifest verifier to verify the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested by a test center, the test center generating a pass/fail signal indicating whether the subset has been modified. 35. The system of claim 28 wherein the subset of the software environment comprises a registry of an operating system. 36. The system of claim 28, wherein the BK0 is generated at random on a first invocation of a processor nub. 37. The system of claim 28, further comprising: a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and the isolated memory area operable to receive the OS nub during a boot process. 38. An apparatus according to claim 1, wherein: the platform comprises a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and the isolated memory area operable to receive the OS nub during a boot process. 39. A method according to claim 10, wherein: the platform comprises a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and the method further comprises loading the OS nub into the isolated memory area during a boot process for the platform. 40. A computer program product according to claim 19, comprising: computer readable program code to load the OS nub into an isolated memory area of the platform during a boot process for the platform, the isolated memory area to reside in a memory responsive to the processor, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (171)
Ryba Edward G. (Milpitas CA) Lipman Peter H. (Cupertino CA) Connell Jefferson J. (Cupertino CA) Weiss David (Palo Alto CA), Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB).
Gannon Patrick M. (Poughkeepsie NY) Gum Peter H. (Poughkeepsie NY) Hough Roger E. (Highland NY) Murray Robert E. (Woodstock NY), Apparatus and method for TLB purge reduction in a multi-level machine system.
Bealkowski Richard (Delray Beach FL) Blackledge ; Jr. John W. (Boca Raton FL) Cronk Doyle S. (Boca Raton FL) Dayan Richard A. (Boca Raton FL) Dixon Jerry D. (Boca Raton FL) Kinnear Scott G. (Boca Rat, Apparatus and method for preventing unauthorized access to BIOS in a personal computer system.
Brelsford David P. (Hyde Park NY) Cutler Melvin M. (Los Angeles CA) Lafitte Jean-Louis (Moens NY FRX) Gdaniec Joseph M. (Hyde Park NY) Osisek Damian L. (Vestal NY) Plambeck Kenneth E. (Poughkeepsie N, Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virt.
Heller Andrew R. (Morgan Hill CA) Worley ; Jr. William S. (Endicott NY), Authorization mechanism for transfer of program control or data between different address spaces having different storag.
Ermolovich Thomas R. (Lexington MA) Stewart Robert E. (Stow MA) Leonard Judson S. (Acton MA) Cutler David N. (Nashua NH), Communications device for data processing system.
Satou Mitsugu,JPX ; Iwata Shunichi,JPX, Computer system and semiconductor device on one chip including a memory and central processing unit for making interlock access to the memory.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple isolated memories in an isolated execution environment.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Controlling access to multiple memory zones in an isolated execution environment.
Curtis, Bryce Allen, Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment.
Morley Richard E. (Greenville NH), Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and met.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Executing isolated mode instructions in a secure system running in privilege rings.
Nakamura Kouji,JPX, Exposure apparatus, output control method for energy source, laser device using the control method, and method of producing microdevice.
Adams Phillip M. (Parowan UT) Holmstron Larry W. (Salt Lake City UT) Jacob Steve A. (South Weber UT) Powell Steven H. (Ogden UT) Condie Robert F. (Tuscon AZ) Culley Martin L. (Tuscon AZ), Kernels, description tables, and device drivers.
Johnson James Scott (Fort Worth TX) Short Tim (Duncanville TX) Intrater Gideon (Sunnyvale CA), Memory management circuit which provides simulated privilege levels.
Barnett Philip C.,GBX, Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges.
Harold L. McFarland ; David R. Stiles ; Korbin S. Van Dyke ; Shrenik Mehta ; John Gregory Favor ; Dale R. Greenley ; Robert A. Cargnoni, Method and apparatus for debugging an integrated circuit.
Miller David A. ; Jansen Kenneth A. ; Culley Paul R. ; Taylor Mark ; Izquierdo Javier F., Method and apparatus for independently resetting processors and cache controllers in multiple processor systems.
Cotichini Christian,CAX ; Cain Fraser,CAX ; Ashworth David G.,CAX ; Livingston Peter Michael Bruce,CAX ; Solymar Gabor,CAX ; Gardner Philip B.,CAX ; Woinoski Timothy S.,CAX, Method and apparatus to monitor and locate an electronic device using a secured intelligent agent.
Luiz Fernando A. (Monte Sereno CA) Snyder Harlan C. (Saratoga CA) Sorg ; Jr. John H. (Los Gatos CA), Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system.
Kahle James Allan ; Loper Albert J. ; Mallick Soummya ; Ogden Aubrey Deene ; Sell John Victor, Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions w.
Melo Michael D. (Billerica MA), Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 8048.
Greenstein Paul Gregory ; Guyette Richard Roland ; Rodell John Ted, Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for.
Panwar Ramesh ; Chamdani Joseph I., Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency.
Scalzi Casper A. (Poughkeepsie NY) Starke William J. (Austin TX), Method of using a target processor to execute programs of a source architecture that uses multiple address spaces.
Ganapathy Narayanan ; Stevens Luis F. ; Schimmel Curt F., Method, system and computer program product for dynamically allocating large memory pages of different sizes.
Eugene Feng ; Gary Phillips, Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space.
Grimmer ; Jr. George G. ; Rhoades Michael W., Microcontroller with security logic circuit which prevents reading of internal memory by external program.
Goetz John W. ; Mahin Stephen W. ; Bergkvist John J., Microprocessor with an architecture mode control capable of supporting extensions of two distinct instruction-set archi.
Blomgren James S. (San Jose CA) Bracking Jimmy (San Jose CA) Richter David (San Jose CA) Spahn Francis (El Cerrito CA), Microprocessor with operation capture facility.
Hough Roger E. (Austin TX) Murray Robert E. (Kingston NY), Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals.
McDonald, Michael F.; Arora, Sumeet; Chu, Mark, Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore.
Reardon David C., Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place.
Neufeld E. David (Tomball TX), Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data trans.
Provanzano Salvatore R. (Melrose MA) Aldrich Wilbert H. (Winchester MA) D\Angelo Robert A. (Windham NH) Drottar Emil P. (Ipswich MA) Finnegan ; Jr. John J. (Hudson NH) Heom James (Bedford MA) Hill La, Programmable controller.
Robinson Paul T. (Arlington MA) Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA), Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces.
Browne Hendrik A., Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device.
Mark J. Foster ; Saifuddin T. Fakhruddin ; James L. Walker ; Matthew B. Mendelow ; Jiming Sun ; Rodman S. Brahman ; Michael P. Krau ; Brian D. Willoughby ; Michael D. Maddix ; Steven L. Belt, Suspend/resume capability for a protected mode microprocesser.
Hudson Jerome D. ; Champagne Jean-Paul,FRX ; Galindo Mary A. ; Hickerson Cynthia M. K. ; Hickman Donna R. ; Lockhart Robert P. ; Saddler Nancy B. ; Stange Patricia A., System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential.
Angelo Michael F. ; Olarig Sompong P. ; Wooten David R. ; Driscoll Dan J., System and method for performing secure device communications in a peer-to-peer bus architecture.
Inoue Taro (Sagamihara JPX) Umeno Hidenori (Kanagawa JPX) Tanaka Shunji (Sagamihara JPX) Yamamoto Tadashi (Kanagawa JPX) Ohtsuki Toru (Hadano JPX), System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard T. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant methods and apparatus.
Nardone Joseph M. ; Mangold Richard P. ; Pfotenhauer Jody L. ; Shippy Keith L. ; Aucsmith David W. ; Maliszewski Richard L. ; Graunke Gary L., Tamper resistant player for scrambled contents.
Mason Andrew H. (Hollis NH) Hall Judith S. (Sudbury MA) Robinson Paul T. (Arlington MA) Witek Richard T. (Littleton MA), Translation buffer for virtual machines with address space match.
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
Johnson, Richard C.; Morgan, Andrew; Anvin, H. Peter; Torvalds, Linus, Architecture, system, and method for operating on encrypted and/or hidden information.
Johnson, Richard C.; Morgan, Andrew; Anvin, H. Peter; Torvalds, Linus, Architecture, system, and method for operating on encrypted and/or hidden information.
Durham, David; Khosravi, Hormuzd M.; Blumenthal, Uri; Long, Men, Secure platform voucher service for software components within an execution environment.
Beloussov, Serguei M.; Protassov, Stanislav S.; Tormasov, Alexander G., Virtual private server with CPU time scheduler and isolation of system components.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.