BRPI0404095A - Entrada e saìda segura para um agente confiável em um sistema com um ambiente de execução de alta segurança - Google Patents

Entrada e saìda segura para um agente confiável em um sistema com um ambiente de execução de alta segurança

Info

Publication number
BRPI0404095A
BRPI0404095A BR0404095-3A BRPI0404095A BRPI0404095A BR PI0404095 A BRPI0404095 A BR PI0404095A BR PI0404095 A BRPI0404095 A BR PI0404095A BR PI0404095 A BRPI0404095 A BR PI0404095A
Authority
BR
Brazil
Prior art keywords
trusted
output
input
exit
nexus
Prior art date
Application number
BR0404095-3A
Other languages
English (en)
Inventor
Bryan M Willman
Christine M Chew
Kenneth D Ray
Paul C Roberts
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of BRPI0404095A publication Critical patent/BRPI0404095A/pt

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • User Interface Of Digital Computer (AREA)
  • Multi Processors (AREA)

Abstract

"ENTRADA E SAìDA SEGURA PARA UM AGENTE CONFIáVEL EM UM SISTEMA COM UM AMBIENTE DE EXECUçãO DE ALTA SEGURANçA". Tratam-se de técnicas que são reveladas para proporcionar segurança para a entrada e saída do usuário, nas quais um primeiro sistema operacional hospedeiro é utilizado junto com um segundo sistema operacional de alta segurança (nexus), onde o primeiro sistema proporciona pelo menos parte da infra-estrutura para o segundo sistema. Um mecanismo UI confiável possui um gerenciador de entrada confiável e um gerenciador de saída confiável. O gerenciador de entrada confiável controla o acesso para a entrada confiável, distribuindo entrada decriptografa para o sistema operacional hospedeiro onde apropriado, ou para o processo apropriado funcionando no nexus. O gerenciador de saída confiável gerencia a saída para o meio de exibição e permite aos agentes confiáveis no nexus emitirem dados para exibição sem precisarem estar a par dos detalhes dependentes do dispositivo de saída.
BR0404095-3A 2003-10-24 2004-09-23 Entrada e saìda segura para um agente confiável em um sistema com um ambiente de execução de alta segurança BRPI0404095A (pt)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/693,407 US7496768B2 (en) 2003-10-24 2003-10-24 Providing secure input and output to a trusted agent in a system with a high-assurance execution environment

Publications (1)

Publication Number Publication Date
BRPI0404095A true BRPI0404095A (pt) 2005-06-21

Family

ID=34394590

Family Applications (1)

Application Number Title Priority Date Filing Date
BR0404095-3A BRPI0404095A (pt) 2003-10-24 2004-09-23 Entrada e saìda segura para um agente confiável em um sistema com um ambiente de execução de alta segurança

Country Status (10)

Country Link
US (1) US7496768B2 (pt)
EP (1) EP1526425A3 (pt)
JP (1) JP4838505B2 (pt)
KR (1) KR101109361B1 (pt)
CN (1) CN1609810A (pt)
AU (1) AU2004214620B2 (pt)
BR (1) BRPI0404095A (pt)
CA (1) CA2481040C (pt)
MX (1) MXPA04010157A (pt)
RU (1) RU2365045C2 (pt)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7464412B2 (en) 2003-10-24 2008-12-09 Microsoft Corporation Providing secure input to a system with a high-assurance execution environment
US7690033B2 (en) * 2004-09-28 2010-03-30 Exobox Technologies Corp. Electronic computer system secured from unauthorized access to and manipulation of data
US20060075236A1 (en) * 2004-09-30 2006-04-06 Marek James A Method and apparatus for high assurance processing
US7721094B2 (en) * 2005-05-06 2010-05-18 Microsoft Corporation Systems and methods for determining if applications executing on a computer system are trusted
US7752436B2 (en) 2005-08-09 2010-07-06 Intel Corporation Exclusive access for secure audio program
US20070179897A1 (en) * 2006-01-27 2007-08-02 Stefan Andersson Conditional stream access
US20070192826A1 (en) * 2006-02-14 2007-08-16 Microsoft Corporation I/O-based enforcement of multi-level computer operating modes
US8214296B2 (en) * 2006-02-14 2012-07-03 Microsoft Corporation Disaggregated secure execution environment
JP4233585B2 (ja) 2006-07-25 2009-03-04 株式会社エヌ・ティ・ティ・ドコモ ペリフェラル切替装置及びペリフェラル切替制御装置
US7913292B2 (en) * 2006-10-18 2011-03-22 Microsoft Corporation Identification and visualization of trusted user interface objects
JP4998019B2 (ja) * 2007-03-06 2012-08-15 富士通株式会社 状態表示制御装置
JP5066112B2 (ja) * 2009-02-19 2012-11-07 株式会社エヌ・ティ・ティ・ドコモ 情報処理装置
US9588803B2 (en) 2009-05-11 2017-03-07 Microsoft Technology Licensing, Llc Executing native-code applications in a browser
US9323921B2 (en) * 2010-07-13 2016-04-26 Microsoft Technology Licensing, Llc Ultra-low cost sandboxing for application appliances
US9495183B2 (en) 2011-05-16 2016-11-15 Microsoft Technology Licensing, Llc Instruction set emulation for guest operating systems
WO2013030967A1 (ja) * 2011-08-30 2013-03-07 富士通株式会社 バックアップ方法、およびバックアッププログラム
US9413538B2 (en) 2011-12-12 2016-08-09 Microsoft Technology Licensing, Llc Cryptographic certification of secure hosted execution environments
US9389933B2 (en) * 2011-12-12 2016-07-12 Microsoft Technology Licensing, Llc Facilitating system service request interactions for hardware-protected applications
US9781118B2 (en) * 2013-03-14 2017-10-03 Intel Corporation Differentiated containerization and execution of web content based on trust level and other attributes
US9477823B1 (en) 2013-03-15 2016-10-25 Smart Information Flow Technologies, LLC Systems and methods for performing security authentication based on responses to observed stimuli
KR102210995B1 (ko) * 2013-04-24 2021-02-02 삼성전자 주식회사 전자 장치에서 보안 정보를 통지하기 위한 장치와 방법 및 이를 위한 컴퓨터로 판독 가능한 기록 매체
US9633210B2 (en) 2013-09-13 2017-04-25 Microsoft Technology Licensing, Llc Keying infrastructure
US20150113241A1 (en) * 2013-10-21 2015-04-23 Jason Martin Establishing physical locality between secure execution environments
US10097513B2 (en) 2014-09-14 2018-10-09 Microsoft Technology Licensing, Llc Trusted execution environment extensible computing device interface
CN104317651A (zh) * 2014-10-13 2015-01-28 浪潮电子信息产业股份有限公司 一种基于可信软件栈的接口调用方法
RU2606556C2 (ru) * 2015-02-20 2017-01-10 Закрытое акционерное общество "Лаборатория Касперского" Способ ввода конфиденциальных данных
CN108702357B (zh) * 2017-01-13 2021-01-05 华为技术有限公司 一种授权凭据迁移的方法、终端设备及业务服务器
WO2020107104A1 (en) * 2018-11-30 2020-06-04 BicDroid Inc. Personalized and cryptographically secure access control in operating systems

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT1250834B (it) 1991-07-31 1995-04-21 Fiat Auto Spa Sonda per impianti di climatizzazione per veicoli.
US5596718A (en) * 1992-07-10 1997-01-21 Secure Computing Corporation Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
US5537544A (en) 1992-09-17 1996-07-16 Kabushiki Kaisha Toshiba Portable computer system having password control means for holding one or more passwords such that the passwords are unreadable by direct access from a main processor
DE19539700C1 (de) * 1995-10-25 1996-11-28 Siemens Ag Sicherheitschip
US6630926B2 (en) * 2000-12-07 2003-10-07 International Business Machines Corporation Apparatus and method for verifying keystrokes within a computing system
GB2376761A (en) * 2001-06-19 2002-12-24 Hewlett Packard Co An arrangement in which a process is run on a host operating system but may be switched to a guest system if it poses a security risk
JP2003258795A (ja) * 2002-02-28 2003-09-12 Hitachi Ltd コンピュータ集合体運用方法及びその実施システム並びにその処理プログラム
US7464412B2 (en) * 2003-10-24 2008-12-09 Microsoft Corporation Providing secure input to a system with a high-assurance execution environment

Also Published As

Publication number Publication date
JP2005129034A (ja) 2005-05-19
US7496768B2 (en) 2009-02-24
KR20050039548A (ko) 2005-04-29
RU2365045C2 (ru) 2009-08-20
CA2481040A1 (en) 2005-04-24
EP1526425A2 (en) 2005-04-27
CN1609810A (zh) 2005-04-27
EP1526425A3 (en) 2005-07-20
KR101109361B1 (ko) 2012-01-31
JP4838505B2 (ja) 2011-12-14
MXPA04010157A (es) 2005-04-28
US20050091503A1 (en) 2005-04-28
RU2004131021A (ru) 2006-04-10
AU2004214620B2 (en) 2010-04-01
CA2481040C (en) 2012-03-13
AU2004214620A1 (en) 2005-05-12

Similar Documents

Publication Publication Date Title
BRPI0404095A (pt) Entrada e saìda segura para um agente confiável em um sistema com um ambiente de execução de alta segurança
Ling et al. Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes
Zhu et al. TaintEraser: Protecting sensitive data leaks using application-level taint tracking
US8732824B2 (en) Method and system for monitoring integrity of running computer system
Boivie et al. SecureBlue++: CPU support for secure execution
BR0300935A (pt) Métodos e sistemas para a autenticação de componentes em um sistema gráfico
BR0009921A (pt) Métodos e aparelhos para processamento de operação de registro de nome de domìnio e meio de leitura por computador
BR0114768A (pt) Sistema e método de segurança de dados criptografados
BR9915265A (pt) Método e sistema para autenticar e utilizarrecursos seguros em um sistema de computador
BR9809045A (pt) Processo e sistema para o processamento de transação on-line segura
BR0301721A (pt) Sistema e métodos para saìda de placa de vìdeo segura
BRPI0503036A (pt) método para prover acesso a um conteúdo criptografado para um de uma pluralidade de sistemas do consumidor, dispositivo para prover acesso a um conteúdo criptografado e método para gerar um pacote de conteúdo seguro
Tian et al. A practical intel sgx setting for linux containers in the cloud
Zhu et al. Privacy scope: A precise information flow tracking system for finding application leaks
CN109033824A (zh) 基于虚拟隔离机制的云盘安全访问方法
Unnibhavi et al. Secure and policy-compliant query processing on heterogeneous computational storage architectures
Hunt et al. Isolation and beyond: Challenges for system security
CN100452076C (zh) 一种构造透明编码环境的方法
Oyama et al. Detecting malware signatures in a thin hypervisor
WO2016112605A1 (zh) 一种四层计算虚拟化的方法与设备
Griffin et al. On the feasibility of intrusion detection inside workstation disks
Shinde et al. Besfs: Mechanized proof of an iago-safe filesystem for enclaves
BRPI0503226A (pt) sistema e método para gerar um indicador de estado seguro em uma tela
Pan et al. PMCAP: a threat model of process memory data on the windows operating system
Jiang et al. Tracing worm break-in and contaminations via process coloring: A provenance-preserving approach

Legal Events

Date Code Title Description
B08F Application fees: application dismissed [chapter 8.6 patent gazette]

Free format text: REFERENTE A 9A ANUIDADE.

B08K Patent lapsed as no evidence of payment of the annual fee has been furnished to inpi [chapter 8.11 patent gazette]

Free format text: REFERENTE AO DESPACHO 8.6 PUBLICADO NA RPI 2259 DE 22/04/2014.