-
公开(公告)号:US20190215161A1
公开(公告)日:2019-07-11
申请号:US16354253
申请日:2019-03-15
CPC分类号: H04L9/30 , G06F9/45558 , G06F12/1408 , G06F21/00 , G06F21/57 , G06F2009/45583 , G06F2009/45587 , G06F2009/45591 , G06F2212/1052 , H04L9/0822 , H04L9/0894 , H04L9/14 , H04L9/3247 , H04L9/3271
摘要: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.
-
公开(公告)号:US10019279B2
公开(公告)日:2018-07-10
申请号:US14972280
申请日:2015-12-17
CPC分类号: G06F9/45558 , G06F3/0622 , G06F3/0623 , G06F3/065 , G06F3/067 , G06F3/0683 , G06F21/53 , G06F21/57 , G06F21/60 , G06F21/604 , G06F2009/45583 , G06F2009/45587 , H05K999/99
摘要: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.
-
公开(公告)号:US20170003996A1
公开(公告)日:2017-01-05
申请号:US14788992
申请日:2015-07-01
CPC分类号: G06F9/45558 , G06F12/145 , G06F2009/45562 , G06F2009/4557 , G06F2009/45583 , G06F2009/45587 , G06F2212/1052 , G06F2212/151
摘要: A computer-implemented method includes receiving a definition of a source guest memory area for utilization by a virtual machine on a source system, wherein the source system includes a source trusted firmware and a source hypervisor. The method restricts write access to the source guest memory area of the virtual machine. The method receives repeatedly a source guest memory page location, content for each of a plurality of source guest memory pages, and an integrity value for each of a plurality of source guest memory page locations. The method receives a global integrity value for integrity values associated with the plurality of source guest memory page locations, wherein a latest integrity values for each of the plurality of source guest memory page locations is utilized. Subsequent to verifying the global integrity value, the method initializes the virtual machine on the source hypervisor.
-
公开(公告)号:US20160283258A1
公开(公告)日:2016-09-29
申请号:US14666566
申请日:2015-03-24
发明人: Utz Bacher , Dominik Dingel , Thomas P. Grosser
CPC分类号: G06F9/45558 , G06F9/45545 , G06F13/1663 , G06F2009/45583
摘要: In an approach to sharing memory between a first guest and a second guest both running on a data processing system, one or more computer processors provide a virtual device to a first guest for proxying memory accesses between the first guest and a second guest, where the first guest is associated with the second guest, and where the first guest is running a first operating system and the second guest is running a second operating system. The one or more computer processors send one or more device related functions to the second guest, wherein the virtual device enables sharing memory between the first guest and the second guest.
摘要翻译: 在一种在数据处理系统上运行的第一客户机和第二客户端之间共享存储器的方法中,一个或多个计算机处理器向第一客户机提供虚拟设备以代理在第一客户机和第二客户机之间的存储器访问,其中 第一客人与第二客人相关联,并且第一客人在哪里运行第一操作系统,而第二客人正在运行第二操作系统。 所述一个或多个计算机处理器向所述第二访客发送一个或多个与设备有关的功能,其中所述虚拟设备使得能够在所述第一访客和所述第二访客之间共享存储器。
-
公开(公告)号:US10719352B2
公开(公告)日:2020-07-21
申请号:US15877045
申请日:2018-01-22
发明人: Utz Bacher , Dominik Dingel , Karsten Graul , Michael Holzheu , Rene Trumpp
摘要: A system and method for sharing services provides for generating one or more trigger conditions associated with a process executable in a source container having a source namespace in a source pod, executing the process in the source container, and when a trigger condition occurs, interrupting the executed process and moving the process into a target pod by switching from the source namespace of the source container to a target namespace of the target pod. The trigger condition may be associated with a service executable in a target container having the target namespace in the target pod.
-
公开(公告)号:US20190104115A1
公开(公告)日:2019-04-04
申请号:US16173903
申请日:2018-10-29
CPC分类号: H04L63/0428 , G06F9/45545 , G06F9/45558 , G06F21/00 , G06F21/57 , G06F2009/45587
摘要: A method includes a trusted component of a host computing system, obtaining, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor. The request includes a unique identifier of the guest image, contents of the guest image, and a communication key. The request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor. The trusted component generates an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance. The authorization request includes the unique identifier, a use counter, and a unique challenge. The trusted component encrypts the authorization request with the communication key and communicates the authorization request to the authorizing entity, via the hypervisor.
-
公开(公告)号:US20170177392A1
公开(公告)日:2017-06-22
申请号:US14972280
申请日:2015-12-17
CPC分类号: G06F9/45558 , G06F3/0622 , G06F3/0623 , G06F3/065 , G06F3/067 , G06F3/0683 , G06F21/53 , G06F21/57 , G06F21/60 , G06F21/604 , G06F2009/45583 , G06F2009/45587
摘要: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.
-
公开(公告)号:US20170004001A1
公开(公告)日:2017-01-05
申请号:US14919791
申请日:2015-10-22
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F12/145 , G06F2009/45562 , G06F2009/4557 , G06F2009/45583 , G06F2009/45587 , G06F2212/1052 , G06F2212/151
摘要: A computer-implemented method includes receiving a definition of a source guest memory area for utilization by a virtual machine on a source system, wherein the source system includes a source trusted firmware and a source hypervisor. The method restricts write access to the source guest memory area of the virtual machine. The method receives repeatedly a source guest memory page location, content for each of a plurality of source guest memory pages, and an integrity value for each of a plurality of source guest memory page locations. The method receives a global integrity value for integrity values associated with the plurality of source guest memory page locations, wherein a latest integrity values for each of the plurality of source guest memory page locations is utilized. Subsequent to verifying the global integrity value, the method initializes the virtual machine on the source hypervisor.
摘要翻译: 计算机实现的方法包括接收源客户机存储区域的定义以供源系统上的虚拟机利用,其中源系统包括源可信固件和源管理程序。 该方法限制对虚拟机的源客户机存储区域的写入访问。 该方法重复地接收源客户存储器页面位置,多个源访客存储器页面中的每一个的内容以及多个源访客存储器页面位置中的每一个的完整性值。 所述方法接收与所述多个源客户机存储器页面位置相关联的完整性值的全局完整性值,其中利用所述多个源客户机存储器页面位置中的每一个的最新完整性值。 在验证全局完整性值之后,该方法将初始化源虚拟机管理程序上的虚拟机。
-
9.发明授权Migrating processes between source host and destination host using a shared virtual file system 有权使用共享虚拟文件系统在源主机和目标主机之间迁移进程公开(公告)号:US09529616B2
公开(公告)日:2016-12-27
申请号:US14101498
申请日:2013-12-10
CPC分类号: G06F9/45558 , G06F9/45533 , G06F9/4856 , G06F9/5077 , G06F12/1009 , G06F2009/4557 , G06F2009/45583 , G06F2009/45595 , H04L67/1008
摘要: A process can be scheduled between first and second hosts that using a virtual file system that is shared between the hosts can be used. The process, running on a first hypervisor of the first host, can be scheduled to run on a second hypervisor of the second host. A file can be created that includes the data content of the process address space for the file. The file can be mapped address space of the virtual file system. Data from the physical memory of the first host can be transferred to physical memory of the second host using page fault routines.
摘要翻译: 可以在第一和第二主机之间安排进程,使用可以使用主机之间共享的虚拟文件系统。 运行在第一主机的第一虚拟机管理程序上的进程可被安排在第二主机的第二管理程序上运行。 可以创建一个包含文件的进程地址空间的数据内容的文件。 该文件可以映射虚拟文件系统的地址空间。 来自第一主机的物理存储器的数据可以使用页面故障例程传送到第二主机的物理存储器。
-
公开(公告)号:US20180150409A1
公开(公告)日:2018-05-31
申请号:US15898936
申请日:2018-02-19
CPC分类号: G06F12/14 , G06F9/45558 , G06F2009/45583 , G06F2009/45587 , G06F2009/45591 , G06F2212/1052 , H04L9/0822 , H04L9/14 , H04L9/30 , H04L9/3247 , H04L9/3271
摘要: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.02 秒)
