Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
2011-07-05
2011-07-05
Elmore, Reba I (Department: 2189)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S153000
Reexamination Certificate
active
07975117
ABSTRACT:
Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
REFERENCES:
patent: 4459954 (1984-07-01), Slavik et al.
patent: 4837674 (1989-06-01), Takane
patent: 5621912 (1997-04-01), Borruso et al.
patent: 5652853 (1997-07-01), Duvalsaint et al.
patent: 5668997 (1997-09-01), Lynch-Freshner et al.
patent: 5764984 (1998-06-01), Loucks
patent: 5771383 (1998-06-01), Magee et al.
patent: 5835764 (1998-11-01), Platt et al.
patent: 5842226 (1998-11-01), Barton et al.
patent: 5875487 (1999-02-01), Schwartz et al.
patent: 5892900 (1999-04-01), Ginter et al.
patent: 5940869 (1999-08-01), Schwartz
patent: 5991797 (1999-11-01), Futral et al.
patent: 6049854 (2000-04-01), Bedarida
patent: 6075938 (2000-06-01), Bugnion et al.
patent: 6195710 (2001-02-01), Borgendale et al.
patent: 6308247 (2001-10-01), Ackerman et al.
patent: 6374401 (2002-04-01), Curtis
patent: 6397242 (2002-05-01), Devine et al.
patent: 6466962 (2002-10-01), Bollella
patent: 6496847 (2002-12-01), Bugnion et al.
patent: 2002/0010811 (2002-01-01), Arndt et al.
patent: 2002/0169987 (2002-11-01), Meushaw et al.
patent: 2003/0115443 (2003-06-01), Cepulis et al.
patent: 2003/0120706 (2003-06-01), Harjula
patent: 2003/0131067 (2003-07-01), Downer et al.
patent: 2003/0200402 (2003-10-01), Willman et al.
patent: 2003/0200405 (2003-10-01), Willman et al.
patent: 2003/0200412 (2003-10-01), Peinado et al.
patent: 2004/0203296 (2004-10-01), Moreton et al.
patent: 2004/0205755 (2004-10-01), Lescouet et al.
patent: 2004/0230794 (2004-11-01), England et al.
patent: 2005/0055470 (2005-03-01), Arndt et al.
patent: 2005/0060603 (2005-03-01), Pomaranski et al.
James P. Anderson, “Computer Security Technology Planning Study”, Oct. 1972, vol. 1-Executive Summary, 1-35.
James P. Anderson, “Computer Security Technology Planning Study”, Oct. 1972, vol. 2-1-134.
Bershad, B.N. et al., “Extensibility , Safety and Performance in theSPINOperating System”,Department of Computer Science and Engineering, Mar. 30, 1995, 1-16.
Bugnion, E. et al., “Disco: Running Commodity Operating Systems on Scalable Multiprocessors”,Proceedings of the 16thSymposium on Operating Systems Principles(SOSP), Oct. 1997, 1-14.
Coffing, C.L., “An x86 Protected Mode Virtual Machine Monitor for the MIT Exokernel”,Submitted to the Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, May 1999, 1-109.
Ganger, G.R. et al., “Fast and Flexible Application-Level Networking on Exokernel Systems”,ACM Transactions on Computer Systems, Feb. 2002, 20(1), 49-83.
Goldberg, R.P., “Survey of Virtual Machine Research”,Computer, 34-45, Jun. 1974.
Karger, P.A. et al., “A VMM Security Kernel for the VAX Architecture”,IEEE, 1990, 2-19.
Lampson, B.W., “Protection”,Proc. 5thPrinceton Conf. on Information Sciences and Systems, 1971, 437-Reprinted,ACM Operating Systems Rev., Jan. 1974, 8(1), 18, 10 pages.
Popek, G.J. et al., “Formal Requirements for Virtualizable Third Generation Architectures”,Communications of the ACM, Jul. 1974, 17(7), 412-421.
Robin, J.S. et al., “Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor”, 5 pages, 2000.
Shapiro, J.S. et al., “EROS: a fast capability system”,17thACM Symposium on Operating Systems Principles, Dec. 1999, 34(5), 170-185.
Smith, J.E., “An Overview of Virtual Machine Architectures”, Oct. 27, 2001, 1-20.
Sugerman, J. et al., “Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor”,Proceedings of the 2001 USENIX Annual Technical Conference, Jun. 25-30, 2001, USENIX Association, 15 pages.
Waldspurger, C.A., “Memory Resource Managament in VMware ESX Server”,Proceedings of the 5thSymposium on Operating Systems Design and Implementation, Dec. 9-11, 2002, 15 pages.
Secure Minicomputer Operating System (KSOS), Executive Summary-Phase 1: Design of the Department of Defense Kernelized Secure Operating System, Ford Aerospace & Communications Corporation, 15 pages, Apr. 1978.
Department of Defense Standard, “Department of Defense Trusted Computer System Evaluation Criteria”, Dec. 1985, Issued under the authority of an in accordance with DoD Directive 5200.28, 100 pages.
Common Criteria, “Common Criteria for Information Technology Security Evaluation”, Part 3: Security Assurance Requirements, Aug. 1999, Version 2.1, CCMIB-99-033, 208 pages.
Engler, D.R. et al., “Exokernel: An Operating System Architecture for Application-Level Resource Management”,Association for Computing Machinery, 1995, 1-16.
Pfitzmann, B. et al., “The PERSEUS System Architecture”,Computer Science/Mathemetics, Apr. 9, 2001, 15 pages.
Kaashoek, M.F. et al., “Application Performance and Flexibility on Exokernel Systems”,Proceedings of the 16thSymposium on Operating Systems Principles(SOSP), Oct. 1997, 1-14.
Chen Yuqun
England Paul
Peinado Marcus
Thornton Andrew John
Willman Bryan Mark
Elmore Reba I
Microsoft Corporation
Woodcock & Washburn LLP
LandOfFree
Enforcing isolation among plural operating systems does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Enforcing isolation among plural operating systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Enforcing isolation among plural operating systems will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2664345