Patents by Inventor Manohar R. Castelino
Manohar R. Castelino has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956571Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: GrantFiled: December 24, 2015Date of Patent: March 23, 2021Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Publication number: 20200250343Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: ApplicationFiled: December 27, 2019Publication date: August 6, 2020Applicant: Intel CorporationInventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat
-
Patent number: 10552638Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: GrantFiled: December 24, 2015Date of Patent: February 4, 2020Assignee: Intel CorporationInventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat
-
Patent number: 10445009Abstract: Systems and methods that manage memory usage by a virtual machine are provided. These systems and methods compact the virtual machine's memory footprint, thereby promoting efficient use of memory and gaining performance benefits of increased data locality. In some embodiments, a guest operating system running within the virtual machine is enhanced to allocate its VM memory in a compact manner. The guest operating system includes a memory manager that is configured to reference an artificial access cost when identifying memory areas to allocate for use by applications. These access costs are described as being artificial because they are not representative of actual, hardware based access costs, but instead are fictitious costs that increase as the addresses of the memory areas increase. Because of these increasing artificial access costs, the memory manager identifies memory areas with lower addresses for allocation and use prior to memory areas with higher addresses.Type: GrantFiled: June 30, 2017Date of Patent: October 15, 2019Assignee: INTEL CORPORATIONInventors: Graham Whaley, Adriaan van de Ven, Manohar R. Castelino, Jose C. Venegas Munoz, Samuel Ortiz
-
Patent number: 10402343Abstract: Various embodiments are generally directed to instrumenting an interrupt service routine. A non-executable address may be provisioned and added to an execution stack to cause a page fault on a known address after execution of an interrupt service routine. The page fault on the known address can be used to trigger instrumentation operations and also to return to the interrupted process.Type: GrantFiled: November 20, 2017Date of Patent: September 3, 2019Assignee: INTEL CORPORATIONInventors: Manohar R. Castelino, John Hinman
-
Patent number: 10248786Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.Type: GrantFiled: December 24, 2015Date of Patent: April 2, 2019Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
-
Publication number: 20190004720Abstract: Systems and methods that manage memory usage by a virtual machine are provided. These systems and methods compact the virtual machine's memory footprint, thereby promoting efficient use of memory and gaining performance benefits of increased data locality. In some embodiments, a guest operating system running within the virtual machine is enhanced to allocate its VM memory in a compact manner. The guest operating system includes a memory manager that is configured to reference an artificial access cost when identifying memory areas to allocate for use by applications. These access costs are described as being artificial because they are not representative of actual, hardware based access costs, but instead are fictitious costs that increase as the addresses of the memory areas increase. Because of these increasing artificial access costs, the memory manager identifies memory areas with lower addresses for allocation and use prior to memory areas with higher addresses.Type: ApplicationFiled: June 30, 2017Publication date: January 3, 2019Inventors: Graham Whaley, Adriaan van de Ven, Manohar R. Castelino, Jose C. Venegas Munoz, Samuel Ortiz
-
Patent number: 9990494Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: GrantFiled: September 19, 2016Date of Patent: June 5, 2018Assignee: INTEL CORPORATIONInventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Publication number: 20180143910Abstract: Various embodiments are generally directed to instrumenting an interrupt service routine. A non-executable address may be provisioned and added to an execution stack to cause a page fault on a known address after execution of an interrupt service routine. The page fault on the known address can be used to trigger instrumentation operations and also to return to the interrupted process.Type: ApplicationFiled: November 20, 2017Publication date: May 24, 2018Applicant: INTEL CORPORATIONInventors: Manohar R. CASTELINO, John HINMAN
-
Patent number: 9858202Abstract: Methods and apparatus relating to low overhead paged memory runtime protection are described. In an embodiment, permission information for guest physical mapping are received prior to utilization of paged memory by an Operating System (OS) based on the guest physical mapping. The permission information is provided through an Extended Page Table (EPT). Other embodiments are also described.Type: GrantFiled: February 23, 2016Date of Patent: January 2, 2018Assignee: Intel CorporationInventors: Ravi L. Sahita, Xiaoning Li, Manohar R. Castelino
-
Patent number: 9852052Abstract: A copy is made of at least a part a stack. A caller return address of a calling function in the stack is verified as trusted. A caller return address of a called function in the stack is verified as matching a source address of the calling function in the copy of the stack. If verification is affirmative, then the called function may be executed in a trusted domain.Type: GrantFiled: March 31, 2016Date of Patent: December 26, 2017Assignee: Intel CorporationInventors: Ramesh Thomas, Manohar R. Castelino
-
Patent number: 9824019Abstract: Various embodiments are generally directed to instrumenting an interrupt service routine. A non-executable address may be provisioned and added to an execution stack to cause a page fault on a known address after execution of an interrupt service routine. The page fault on the known address can be used to trigger instrumentation operations and also to return to the interrupted process.Type: GrantFiled: June 25, 2015Date of Patent: November 21, 2017Assignee: INTEL CORPORATIONInventors: Manohar R. Castelino, John Hinman
-
Publication number: 20170286278Abstract: A copy is made of at least a part a stack. A caller return address of a calling function in the stack is verified as trusted. A caller return address of a called function in the stack is verified as matching a source address of the calling function in the copy of the stack. If verification is affirmative, then the called function may be executed in a trusted domain.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventors: Ramesh Thomas, Manohar R. Castelino
-
Patent number: 9747123Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: GrantFiled: September 25, 2015Date of Patent: August 29, 2017Assignee: Intel CorporationInventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20170142131Abstract: Various embodiments are directed enabling anti-malware software to co-exist with protective features of an operating system. An apparatus may include a processor component including an IDT register storing an indication of size of an IDT; a monitoring component to retrieve the indication and compare the indication to a size of a guard IDT in response to modification of the IDT register to determine whether the guard routine is to inspect the IDT and a set of ISRs; and a cache component to overwrite the IDT and set of ISRs with a cached IDT and cached set of ISRs, respectively, based on the determination and prior to the inspection to prevent the guard routine from detecting a modification by an anti-malware routine, the cached IDT and cached set of ISRs generated from the IDT and set of ISRs, respectively, prior to the modification. Other embodiments are described and claimed.Type: ApplicationFiled: September 19, 2016Publication date: May 18, 2017Applicant: Intel CorporationInventors: Ramesh Thomas, Manohar R. Castelino, Kuo-Lang Tseng
-
Publication number: 20170090963Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20160378677Abstract: Various embodiments are generally directed to instrumenting an interrupt service routine. A non-executable address may be provisioned and added to an execution stack to cause a page fault on a known address after execution of an interrupt service routine. The page fault on the known address can be used to trigger instrumentation operations and also to return to the interrupted process.Type: ApplicationFiled: June 25, 2015Publication date: December 29, 2016Applicant: Intel CorporationInventors: Manohar R. CASTELINO, John HINMAN
-
Publication number: 20160359921Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.Type: ApplicationFiled: August 19, 2016Publication date: December 8, 2016Inventors: Hong C. Li, Mark D. Boucher, Conor P. Cahill, Manohar R. Castelino, Steve Orrin, Vinay Phegade, John E. Simpson, JR.
-
Publication number: 20160335436Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: ApplicationFiled: December 24, 2015Publication date: November 17, 2016Inventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Publication number: 20160335429Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: ApplicationFiled: December 24, 2015Publication date: November 17, 2016Inventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat