| 发明名称 | Virtual computer system having a first virtual computer that executes a protected process, a second virtual computer that executes an unprotected process, and a hypervisor that controls the first and second virtual computers | ||
| 摘要 | When a process judging unit judges that a target process is a protected process, a key judging unit judges whether a target key that is a key generated by a key generating unit is a first key or a second key. When the key judging unit judges that the target key is the first key, a VM communication managing unit notifies the target process of a memory ID of a protected memory region corresponding to the first key. When the process judging unit judges that the target process is an unprotected process, a key transforming unit transforms the target key from the first key to the second key based on the key transformation rule. An HV communication managing unit notifies the target process of a memory ID of an unprotected memory region corresponding to the second key. | ||
| 申请公布号 | US9032401(B2) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201213810024 | 申请日期 | 2012.03.30 |
| 申请人 | Panasonic Intellectual Property Corporation of America | 发明人 | Kamiyama Teruo;Amano Katsushige;Saito Masahiko;Tanikawa Tadao |
| 分类号 | G06F9/455;G06F12/14;G06F21/10 | 主分类号 | G06F9/455 |
| 代理机构 | Wenderoth, Lind & Ponack, L.L.P. | 代理人 | Wenderoth, Lind & Ponack, L.L.P. |
| 主权项 | 1. A virtual computer system comprising a processor, a first virtual computer that executes a protected process using the processor, a second virtual computer that executes an unprotected process, and a hypervisor that controls the first and second virtual computers, wherein the first and second virtual computers have: a key generating unit which generates a second key that has been transformed from a first key according to a predetermined key transformation rule when a communication request is issued by the protected process that communicates with the unprotected process and which generates the first key when a communication request is issued by another process; a process judging unit which judges whether a target process that is a process having issued the communication request is the protected process or the unprotected process; a key judging unit which judges whether a target key that is a key generated by the key generating unit is the first key or the second key when the process judging unit judges that the target process is the protected process; and a virtual machine communication managing unit which notifies the target process of a memory identification of a protected memory region corresponding to the first key when the key judging unit judges that the target key is the first key, the hypervisor comprises: a hypervisor communication managing unit which notifies the target process of a memory identification of an unprotected memory region corresponding to the second key when the key judging unit judges that the target key is the second key, the first and second virtual computers further comprise: a key transforming unit which transforms the target key from the first key to the second key based on the key transformation rule when the process judging unit judges that the target process is the unprotected process, and the hypervisor communication managing unit notifies the target process of a memory identification of an unprotected memory region corresponding to the second key transformed by the key transforming unit. | ||
| 地址 | Torrance CA US | ||