Patents by Inventor Kuo-Lang Tseng
Kuo-Lang Tseng has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956571Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: GrantFiled: December 24, 2015Date of Patent: March 23, 2021Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Patent number: 10248786Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.Type: GrantFiled: December 24, 2015Date of Patent: April 2, 2019Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
-
Patent number: 10169254Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.Type: GrantFiled: August 2, 2017Date of Patent: January 1, 2019Assignee: Intel CorporationInventors: Ramesh Thomas, Kuo-Lang Tseng, Ravi L. Sahita, David M. Durham, Madhukar Tallam
-
Patent number: 9990494Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: GrantFiled: September 19, 2016Date of Patent: June 5, 2018Assignee: INTEL CORPORATIONInventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Patent number: 9965403Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.Type: GrantFiled: May 11, 2015Date of Patent: May 8, 2018Assignee: Intel CorporationInventors: Ramesh Thomas, Kuo-Lang Tseng, Ravi L. Sahita, David M. Durham, Madhukar Tallam
-
Publication number: 20170344494Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.Type: ApplicationFiled: August 2, 2017Publication date: November 30, 2017Inventors: Ramesh Thomas, Kuo-Lang Tseng, Ravi L. Sahita, David M. Durham, Madhukar Tallam
-
Publication number: 20170142131Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: ApplicationFiled: September 19, 2016Publication date: May 18, 2017Applicant: Intel CorporationInventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Publication number: 20160335436Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: ApplicationFiled: December 24, 2015Publication date: November 17, 2016Inventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Publication number: 20160308903Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.Type: ApplicationFiled: December 24, 2015Publication date: October 20, 2016Applicant: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
-
Patent number: 9449173Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: GrantFiled: September 23, 2014Date of Patent: September 20, 2016Assignee: INTEL CORPORATIONInventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Patent number: 9372812Abstract: Embodiments of systems, apparatuses, and methods for determining if an instruction of a virtual machine is allowed to modify a protected memory region are described. In some embodiments, a system detects an indication of an attempt by the instruction to write to the protected memory region. In addition, the system determines if the instruction is allowed to write to the protected memory region based on a starting address and data length of the instruction. Furthermore, if the instruction is allowed to write to the protected memory region, the system updates the protected memory region with the instruction results.Type: GrantFiled: December 22, 2011Date of Patent: June 21, 2016Assignee: Intel CorporationInventors: Kuo-Lang Tseng, Baohong Liu, Ritu Sood, Manohar Ruben Castelino, Madhukar Tallam
-
Patent number: 9298639Abstract: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.Type: GrantFiled: June 30, 2015Date of Patent: March 29, 2016Assignee: Intel CorporationInventors: Baohong Liu, Ritu Sood, Kuo-Lang Tseng, Madhukar Tallam
-
Publication number: 20160085967Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: ApplicationFiled: September 23, 2014Publication date: March 24, 2016Inventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Publication number: 20150301947Abstract: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.Type: ApplicationFiled: June 30, 2015Publication date: October 22, 2015Applicant: Intel CorporationInventors: Baohong Liu, Ritu Sood, Kuo-Lang Tseng, Madhukar Tallam
-
Patent number: 9141559Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.Type: GrantFiled: January 4, 2013Date of Patent: September 22, 2015Assignee: Intel CorporationInventors: Ramesh Thomas, Kuo-Lang Tseng, Ravi L. Sahita, David M. Durham, Madhukar Tallam
-
Publication number: 20150242333Abstract: Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.Type: ApplicationFiled: May 11, 2015Publication date: August 27, 2015Inventors: Ramesh Thomas, Kuo-Lang Tseng, Ravi L. Sahita, David M. Durham, Madhukar Tallam
-
Patent number: 9098427Abstract: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.Type: GrantFiled: December 17, 2012Date of Patent: August 4, 2015Assignee: Intel CorporationInventors: Baohong Liu, Ritu Sood, Kuo-Lang Tseng, Madhukar Tallam
-
Publication number: 20140201422Abstract: Embodiments of systems, apparatuses, and methods for determining if an instruction of a virtual machine is allowed to modify a protected memory region are described. In some embodiments, a system detects an indication of an attempt by the instruction to write to the protected memory region. In addition, the system determines if the instruction is allowed to write to the protected memory region based on a starting address and data length of the instruction. Furthermore, if the instruction is allowed to write to the protected memory region, the system updates the protected memory region with the instruction results.Type: ApplicationFiled: December 22, 2011Publication date: July 17, 2014Inventors: Kuo-Lang Tseng, Baohong Liu, Ritu Sood, Manohar Ruben Castelino, Madhukar Tallam
-
Publication number: 20140173169Abstract: Embodiments of an invention for controlling access to groups of memory pages in a virtualized environment are disclosed. In one embodiment, a processor includes a virtualization unit and a memory management unit. The virtualization unit is to transfer control of the processor to a virtual machine. The memory management unit is to perform, in response to an attempt to execute on the virtual machine an instruction stored on a first page, a page walk through a paging structure to find a second page and to allow access to the second page without exiting the virtual machine based at least in part on a bit being set in a leaf level entry corresponding to the second page in the paging structure and a corresponding bit being set in each entry corresponding to the first page in each level of the paging structure.Type: ApplicationFiled: December 17, 2012Publication date: June 19, 2014Inventors: Baohong Liu, Ritu Sood, Kuo-Lang Tseng, Duke Tallam
-
Patent number: 8719546Abstract: Embodiments of techniques and systems for using substitute virtualized-memory page tables are described. In embodiments, a virtual machine monitor (VMM) may determine that a virtualized memory access to be performed by an instruction executing on a guest software virtual machine is not allowed in accordance with a current virtualized-memory page table (VMPT). The VMM may select a substitute VMPT that permits the virtualized memory access, In scenarios where a data access length for the instruction is known, the substitute VMPT may include full execute, read, and write permissions for the entire guest software address space. In scenarios where a data access length for the instruction is not known, the substitute VMPT may include less than full execute, read, and write permissions for the entire guest software address space, and may be modified to allow the requested virtualized memory access. Other embodiments may be described and claimed.Type: GrantFiled: January 4, 2013Date of Patent: May 6, 2014Assignee: Intel CorporationInventors: Baohong Liu, Manohar R. Castelino, Kuo-Lang Tseng, Ritu Sood, Madhukar Tallam