| 发明名称 |
Integrity protection of a mandatory access control policy in an operating system using virtual machine extension root operations |
| 摘要 |
Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot. |
| 申请公布号 |
US2016335429(A1) |
申请公布日期 |
2016.11.17 |
| 申请号 |
US201514757948 |
申请日期 |
2015.12.24 |
| 申请人 |
Intel Corporation |
发明人 |
Smith Ned M.;Castelino Manohar R.;Vipat Harshawardhan |
| 分类号 |
G06F21/52;G06F21/62 |
主分类号 |
G06F21/52 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system comprising:
a system processor; and a virtual machine extension root component including an extension monitor to:
conduct a signature verification of a mandatory access control policy;provision the mandatory access control policy into a kernel memory if the signature verification is successful; andprotect the kernel memory from unauthorized write operations by one or more processes that lack privilege, wherein the extension monitor does not require the system processor to reboot to configure the mandatory access control policy. |
| 地址 |
Santa Clara CA US |
