发明名称 |
System and method for protection of memory in a hypervisor |
摘要 |
Disclosed are systems and methods for enabling secure execution of code in hypervisor mode. An exemplary method comprises: loading a hypervisor configured to check integrity of protected virtual memory pages; loading a trusted program configured to make hypercalls to the hypervisor; making by the trusted program a first hypercall to the hypervisor; responsive to the first hypercall, generating by the hypervisor a token, which is used by the hypervisor to identify the trusted program during subsequent hypercalls; allocating a memory page for storing the token and a memory address of the hypervisor; and returning the allocated memory page address to the trusted program. |
申请公布号 |
US9536088(B1) |
申请公布日期 |
2017.01.03 |
申请号 |
US201514935852 |
申请日期 |
2015.11.09 |
申请人 |
AO Kaspersky Lab |
发明人 |
Igotti Nikolay N.;Ershov Mikhail A. |
分类号 |
G06F12/14;G06F21/56;G06F9/455 |
主分类号 |
G06F12/14 |
代理机构 |
Arent Fox LLP |
代理人 |
Arent Fox LLP ;Fainberg Michael |
主权项 |
1. A method for secure execution of a hypervisor, the method comprising:
loading, by a hardware processor of a computing device, a hypervisor configured to check integrity of protected virtual memory pages; loading, by the hardware processor, a trusted program configured to make hypercalls to the hypervisor; making by the trusted program a first hypercall to the hypervisor; responsive to the first hypercall, generating by the hypervisor a token, which is used by the hypervisor to identify the trusted program during subsequent hypercalls; allocating, by the hardware processor, a memory page for storing the token and a memory address of the hypervisor; and returning the allocated memory page address to the trusted program. |
地址 |
Moscow RU |