首页>
外国专利>
SYSTEMS AND METHODS INVOLVING ASPECTS OF HARDWARE VIRTUALIZATION SUCH AS SEPARATION KERNEL HYPERVISORS, HYPERVISORS, HYPERVISOR GUEST CONTEXT, HYPERVISOR CONTEXT, ANTI-FINGERPRINTING, AND/OR OTHER FEATURES
SYSTEMS AND METHODS INVOLVING ASPECTS OF HARDWARE VIRTUALIZATION SUCH AS SEPARATION KERNEL HYPERVISORS, HYPERVISORS, HYPERVISOR GUEST CONTEXT, HYPERVISOR CONTEXT, ANTI-FINGERPRINTING, AND/OR OTHER FEATURES
Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or hypervisor fingerprinting. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a CPU ID instruction handler (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it). The CPU ID instruction handler may perform processing, inter alia, to return configurable values different from the actual values for the physical hardware. The virtualization assistance layer may further contain virtual devices, which when probed by guest operating system code, return the same values as their physical counterparts. In addition, the virtualization assistance layer may vary its internal I/O and memory addresses in a configurable manner.
展开▼
机译:与本文的创新一致的系统,方法,计算机可读介质和制品针对计算机虚拟化,计算机安全性和/或管理程序指纹。根据一些说明性实施方式,本文的创新可以利用和/或涉及分离内核管理程序,其可以包括使用客户操作系统虚拟机保护域,虚拟化辅助层和/或CPU ID指令处理器(可以是在时间和/或空间位置上接近恶意代码,但与恶意代码隔离)。 CPU ID指令处理器可以执行处理,以尤其返回与物理硬件的实际值不同的可配置值。虚拟化辅助层可以进一步包含虚拟设备,当通过客户操作系统代码进行探测时,这些虚拟设备返回与其物理对应物相同的值。另外,虚拟化辅助层可以以可配置的方式改变其内部I / O和内存地址。
展开▼
