[특허]System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory

System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-009/46 H04L-029/06
출원번호	UP-0428279 (2003-05-02)
등록번호	US-7788669 (2010-09-20)
발명자 / 주소	England, Paul Peinado, Marcus Willman, Bryan Mark
출원인 / 주소	Microsoft Corporation
대리인 / 주소	Woodcock Washburn LLP
인용정보	피인용 횟수 : 18 인용 특허 : 10

초록 ▼

Techniques are disclosed to support hosting of a first operating system by a second operating system, where the first system provides at least some of the infrastructure for the second system. A facility is provided whereby the second system can receive data from the first system without the first system being able to modify that data. The second system may use the first system's scheduler by creating shadow threads and synchronization objects known to the first system, while the second system makes the final decision as to whether a thread runs. Separate memory may be allocated to both systems at boot time, or dynamically during their operation. The techniques herein may be used to protect the second system from actions arising in the first system. Preferably, the interaction between the first and second systems is facilitated by a security monitor, which assists in protecting the second system from the first.

대표청구항 ▼

What is claimed: 1. A method for isolating a plurality of computing environments interacting on a computing device, comprising acts of: running a first computing environment and a second computing environment on the computing device, wherein the first computing environment hosts the second computing environment by sharing computing resources of the first computing environment with the second computing environment; enabling interaction between the first and second computing environments to share the computing resources of the first computing environment with the second computing environment while isolating the first computing environment from the second computing environment, wherein enabling interaction comprises: receiving data by the second computing environment from the first computing environment in a first state that is writeable by the first computing environment; isolating the first computing environment from the second computing environment by placing the data into a second state that is readable by the second computing environment but not modifiable by the first computing environment during a time in which the first computing environment and second computing environment are allowed to interact; and performing a validation test by the second computing environment on the data to ensure that the second computing environment will continue to operate according to a predetermined specification. 2. The method of claim 1, wherein said first state and said second state are mutually distinct data storage areas, and wherein the act of placing the data into the second state comprises: copying the data from the first state to the second state. 3. The method of claim 1, wherein said first state and said second state are the same physical data storage area, and wherein the act of placing the data into the second state comprises depriving the first computing environment of the ability to write said physical data storage area. 4. The method of claim 3, wherein the act of placing the data into the second state is performed without copying any of the data. 5. The method of claim 1, wherein said first state and said second state each comprise a set of registers on a processor, wherein said first computing environment executes on the processor to write the data into the set of registers, and wherein the second computing environment executes on the processor to read the set of registers; the first computing environment and the second computing environment not being able to execute on the processor at the same time, whereby the set of registers constitute the first state while the first computing environment is executing on the processor, and the set of registers constitutes the second state while the second computing environment is executing on the processor. 6. The method of claim 1, wherein the first computing environment accesses a memory through a mapping, the mapping being configurable such that at least some part of the memory can be made unwriteable by the first computing environment, the computing environment to which the mapping corresponds, and wherein the act of placing the data into the second state comprises: configuring the mapping such that said some part of the memory is unwriteable by the first computing environment. 7. The method of claim 6, wherein each unit of the memory has a physical address, wherein the first computing environment access the memory based on virtual addresses, and wherein the mapping maps the virtual addresses to the physical addresses. 8. The method of claim 7, wherein the memory is divided into pages, wherein the mapping maps virtual addresses to physical addresses with per-page granularity, said some part of the memory comprising one or more the pages. 9. The method of claim 6, wherein the mapping can designate one or more parts of the memory as being only readable by the first computing environment, and wherein the act of configuring the mapping comprises: configuring the mapping to designate said some part of the memory as being only readable by the first computing environment. 10. The method of claim 6, wherein the mapping can designate one or more parts of the memory as being not present, and wherein the act of configuring the mapping comprises: configuring the mapping to designate said some part of the memory as being not present. 11. The method of claim 6, wherein the act of configuring the mapping comprises: removing, from the mapping, a reference to said some part of the memory. 12. The method of claim 1, wherein said act of placing the data into the second state comprises: copying the data from the first state to a third state that is different both from said first state and from said second state; and copying the data from the third state to the second state. 13. The method of claim 12, wherein the third state is accessible only by a security monitor that is distinct from both the first computing environment and the second computing environment, the security monitor being trusted by the second computing environment, and wherein the security monitor performs the acts of copying the data from the first state to the third state, and of copying the data from the third state to the second state. 14. The method of claim 12, wherein the first computing environment and the second computing environment have shared access to the first state, and wherein the second computing environment copies the data into the second state. 15. The method of claim 1, wherein the first computing environment comprises a first execution environment, and wherein the second computing environment comprises a second execution environment. 16. The method of claim 15, wherein the first execution environment comprises a first operating system, and wherein the second execution environment comprises a second operating system. 17. The method of claim 16, wherein the first operating system hosts the second operating system by providing at least some infrastructure used by the second operating system. 18. The method of claim 17, wherein said infrastructure comprises at least one of: a memory; and a processor. 19. The method of claim 17, wherein a security monitor that is distinct both from the first operating system and from the second operating system and that is trusted by the second operating system performs the act of placing the data into the second state, wherein the security monitor enforces a separation between the first and second computing environments. 20. The method of claim 16, wherein the first execution environment is expected to conform its behavior to a first specification, wherein the second execution environment is expected to conform its behavior to a second specification, wherein the expectation that the second execution environment will behave according to the second specification is relatively greater than the expectation that the first execution environment will conform its behavior to the first specification, and wherein the method further comprises: performing said validation test, wherein said validation test provides a level of assurance that the data will not cause the second execution environment to behave in a manner that would violate the second specification. 21. A computer-readable storage medium comprising computer executable instructions that are executable by a computer to perform acts for isolating a plurality of computing environments interacting on a computing device, the acts comprising: running a first computing environment and a second computing environment on the computing device, wherein the first computing environment hosts the second computing environment by sharing computing resources of the first computing environment with the second computing environment; enabling interaction between the first and second computing environments to share the computing resources of the first computing environment with the second computing environment while isolating the first computing environment from the second computing environment, wherein enabling interaction comprises: accepting data into a first state that is writeable by the first computing environment; placing the data into a second state that is readable by the second computing environment; and ensuring that the second state is not writeable by the first computing environment during a time in which the first computing environment and second computing environment are allowed to interact; and performing a validation test on the data to ensure that the second computing environment will continue to operate according to a predetermined specification, wherein: the first state comprises a first portion of memory; the second state comprises a second portion of memory different from said first portion of memory; and the act of placing the data into the second state comprises copying the data from the first portion of memory to the second portion of memory. 22. The computer-readable medium of claim 21, wherein the instructions to perform the act of placing the data into the second state comprise instructions to perform acts comprising: running the second computing environment on a processor that comprises a set of registers, wherein the first state comprises the set of registers when the first entity is running on the processor, and wherein the second state comprises the set of registers when the second computing environment is running on the processor, whereby the second computing environment retrieves the data from the set of registers; copying the data from a first portion of a memory to a second portion of the memory that is different from said first portion of the memory, wherein the first state comprises the first portion of the memory, and wherein the second state comprises the second portion of the memory; and configuring a mapping to make the first state unwriteable by the first computing environment, wherein the first state comprises a third portion of the memory, wherein the first computing environment accesses the memory through the mapping, and wherein the mapping is configurable so as to make at least some part of the memory unwriteable by the first computing environment. 23. The computer-readable medium of claim 22, wherein the computer-executable instructions are adapted to perform acts further comprising: determining whether the communication of data from the first computing environment to the second computing environment is to be performed by said running act, said copying act, or said configuration act, based on a criterion. 24. The computer-readable medium of claim 23, wherein said criterion comprises a size of the data. 25. The computer-readable medium of claim 21, wherein the act of copying the data from the first state to the second state comprises: copying the data from the first portion of the memory to a third portion of the memory that is different both from the first portion of the memory and from the second portion of the memory; and copying the data from the third portion of the memory to the second portion of the memory. 26. The computer-readable medium of claim 25, wherein the computer-readable medium further contains: logic that implements a security monitor that is trusted by the second computing environment, the security monitor being adapted to make the third portion of the memory inaccessible to the first computing environment and the second computing environment, the security monitor being further adapted to perform the acts of copying the data from the first portion of the memory to the third portion of the memory, and of copying the data from the third portion of the memory to the second portion of the memory. 27. The computer-readable medium of claim 21, wherein the first state and the second state each comprise a common portion of a memory, wherein the first computing environment accesses the memory through a mapping, the mapping being configurable so as to make at least some part of the memory unwriteable by the first computing environment, and wherein the act of placing the data into the second state comprises: configuring the mapping so as to make said portion of the memory unwriteable by the first computing environment. 28. The computer-readable medium of claim 27, wherein the act of configuring the mapping comprises: removing, from the mapping, a reference to said portion of the memory. 29. The computer-readable medium of claim 27, wherein the mapping can designate one or more parts of the memory as being only readable by the first computing environment, and wherein the act of configuring the mapping comprises: configuring the mapping to designate said portion of the memory as being only readable by the first computing environment. 30. The computer-readable medium of claim 27, wherein the mapping can designate one or more part of the memory as being not present, and wherein the act of configuring the mapping comprises: configuring the mapping to designate said portion of the memory as being not present. 31. The computer-readable medium of claim 21, wherein said first state and said second state comprise a set of registers on a processor, wherein said act of accepting the data into the first state comprises: executing the first computing environment on the processor, whereby the first computing environment places the data into the set of registers; and wherein the act of placing the data into the second state comprises: executing the second computing environment on the processor, whereby the second computing environment retrieves the data from the set of registers; the set of registers constituting the first state when the first computing environment executes on the processor, and the set of registers constituting the second state when the second computing environment executes on the processor. 32. The computer-readable medium of claim 21, wherein the first computing environment comprises a first execution environment, and wherein the second computing environment comprises a second execution environment. 33. The computer-readable medium of claim 32, wherein the first computing environment comprises a first operating system, and wherein the second computing environment comprises a second operating system. 34. The computer-readable medium of claim 32, wherein said first execution environment is expected to conform its behavior to a first specification, wherein the second execution environment is expected to conform its behavior to a second specification, wherein the expectation that the second execution environment will behave according to the second specification is relatively greater than the expectation that the first execution environment will conform its behavior to the first specification, and wherein the computer-executable instructions are further adapted to perform acts comprising: performing said validation test to ensure that the data will not cause the second execution environment to behave in a manner that would violate the second specification. 35. The computer-readable medium of claim 21, wherein the computer-readable medium further contains: logic to implement a security monitor which is trusted by the second computing environment, the security monitor being adapted to perform the act of placing the data into the second state, wherein the security monitor enforces the separation between the first and second computing environments. 36. A method for isolating a plurality of computing environments interacting on a computing device, comprising acts of: running a first computing environment and a second computing environment on the computing device, wherein the first computing environment is a host operating system of the computing device which shares computing resources of the first computing environment with the second computing environment; enabling interaction between the first and second computing environments to share the computing resources of the first computing environment with the second computing environment while isolating the first computing environment from the second computing environment, wherein enabling interaction comprises: receiving data from the first computing environment in a first state that is writeable by the first computing environment; and isolating the first computing environment from the second computing environment by placing the data into a second state that is readable by the second computing environment but not modifiable by the first computing environment during a time in which the first computing environment and second computing environment are allowed to interact; and performing a validation test on the data to ensure that the second computing environment will continue to operate according to a predetermined specification, wherein: the first state comprises a first portion of memory; the second state comprises a second portion of memory different from said first portion of memory; and the act of placing the data into the second state comprises copying the data from the first portion of memory to the second portion of memory.

이 특허에 인용된 특허 (10)

Takebe Makoto (Kanagawa JPX), Asynchronous data transmission system.
상세보기
Saito,Nobuyuki; Kubota,Shinsuke; Shimono,Hiroaki; Matsuda,Kuniaki, Data transfer control device including buffer controller with plurality of pipe regions allocated to plurality of endpoints.
상세보기
Tormasov,Alexander; Pudgorodsky,Yuri; Lunev,Dennis; Beloussov,Serguei; Protassov,Stanislav, Hosting service platform system and method.
상세보기
Baker Ernest D. (Boca Raton FL) Dinwiddie ; Jr. John M. (West Palm Beach FL) Grice Lonnie E. (Boca Raton FL) Joyce James M. (Boca Raton FL) Loffredo John M. (Deerfield Beach FL) Sanderson Kenneth R. , Method and apparatus for the direct transfer of information between application programs running on distinct processors.
상세보기
Goodman,Reginald A.; Copeland,Scott R., Personal computer internet security system.
상세보기
Jacobson,Van, System and method for efficient input/output of a computer system.
상세보기
Edouard Bugnion ; Scott W. Devine ; Mendel Rosenblum, System and method for virtualizing computer systems.
상세보기
Albachten ; III Rudolph J. (Austin TX) O\Dell Robert W. (Austin TX), System for accessing the same memory location by two different devices.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Scott W. Devine ; Edouard Bugnion ; Mendel Rosenblum, Virtualization system including a virtual machine monitor for a computer with a segmented architecture.
상세보기

이 특허를 인용한 특허 (18)

Yokota, Daisuke, Accessing copy information of MMIO register by guest OS in both active and inactive state of a designated logical processor corresponding to the guest OS.
상세보기
Douceur, John R.; Howell, Jonathan R.; Seehra, Arun M., Application compatibility shims for minimal client computers.
상세보기
England, Paul; Loeser, Jork; Irun-Briz, Luis, Coupled symbiotic operating system.
상세보기
Baumann, Andrew A.; Hunt, Galen C.; Peinado, Marcus, Cryptographic certification of secure hosted execution environments.
상세보기
Baumann, Andrew A.; Hunt, Galen C.; Peinado, Marcus, Cryptographic certification of secure hosted execution environments.
상세보기
Howell, Jonathan R.; Lorch, Jacob R.; Elson, Jeremy E.; Douceur, John R., Executing native-code applications in a browser.
상세보기
Baumann, Andrew A.; Hunt, Galen C.; Peinado, Marcus, Facilitating system service request interactions for hardware-protected applications.
상세보기
Brochu, Christian; Laflamme, Benoit, Household for industrial device including programmable controller and method device and system for use in configuring same.
상세보기
Bond, Barry C.; Olinsky, Reuben R.; Hunt, Galen C., Instruction set emulation for guest operating systems.
상세보기
Hammarlund, Per; Crossland, James B.; Kaushik, Shivnandan D.; Aggarwal, Anil, Inter-processor interrupts.
상세보기
Brochu, Christian; Laflamme, Benoit, Light bulb and method and system for use in configuring same.
상세보기
Brochu, Christian; Laflamme, Benoit, Light bulb, intelligent lighting device and method and system for use in configuring same.
상세보기
Brochu, Christian; Laflamme, Benoit, Light bulb, intelligent lighting device and method and system for use in configuring same.
상세보기
Brochu, Christian; Robitaille, Mathieu, Method, device and system for use in configuring a bathing unit controller.
상세보기
Brochu, Christian; Robitaille, Mathleu, Method, device and system for use in configuring a bathing unit controller.
상세보기
Dawson, Martin, Safechannel encrypted messaging system.
상세보기
Asada, Shoichiro, Sample processing apparatus and data processing apparatus.
상세보기
Hunt, Galen C.; Porter, Donald, Ultra-low cost sandboxing for application appliances.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (10)

이 특허를 인용한 특허 (18)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

System for isolating first computing environment from second execution environment while sharing resources by copying data from first portion to second portion of memory 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (10)

이 특허를 인용한 특허 (18)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트