| 摘要 |
An independent computation environment (ICE) that is isolated from tampering is contained in at least one hardware component of a general purpose computing device (CD). The CD includes at least one processor and memory operable to store instructions, which when executed by the at least one processor direct the CD to execute a module being monitored by the ICE. The ICE is operable to access the memory independent of an operating system of the CD. A policy engine is maintained within the ICE to monitor metadata related to the module and manage the execution of the module in accordance with the contents of a memory addresses and/or data registers of the CD that are referenced by the metadata. The ICE is operable to activate an enforcement mechanism to control an operating state of the CD in response to the monitoring of the module.
|
