Abstract: A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent during integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.

Abstract: Methods, apparatuses, articles, and systems for comparing a first security domain of a first memory page of a physical device to a second security domain of a second memory page of the physical device, the security domains being stored in one or more registers of a processor of the physical device, are described herein. Based on the comparison, the processor disallows an instruction from the first memory page to access the second memory page if the first security domain is different from the second security domain. Resultantly, software agents, in particular, critical software agents, may be protected in a VT environment more efficiently and effectively.

Abstract: Methods, apparatuses, articles, and systems for observing, by a virtual machine manager of a physical device, execution of a target process of a virtual machine of the physical device, including virtual addresses of the virtual machine referenced during the execution, are described herein. The virtual machine manager further determines whether the target process is executing in an expected manner based at least in part on the observed virtual address references and expected virtual address references.

Abstract: Embodiments described herein disclose a method and apparatus for secure page swapping in a virtual memory system. An integrity check value mechanism is used to protect software programs from run-time attacks against memory pages while those pages are swapped to secondary memory. A hash value is computed for an agent page as it is swapped from primary memory to secondary memory. When the page is swapped back into primary memory from secondary memory, that hash value is recomputed to verify that the page was not modified while stored in secondary memory. Alternatively, the hash value is pre-computed and placed in an integrity manifest wherein it is retrieved and verified when the page is loaded back into primary memory from secondary memory.

Abstract: Apparatuses, methods, and media for page coloring with color inheritance for memory pages are disclosed. Some embodiments may include an interface to access a memory and a paging unit including translation logic, inheritance logic, and comparison logic. The translation logic translates a first address to a second address based on an entry in a data structure, wherein the first address is provided by an instruction stored in a first page in the memory and the entry includes a base address of a second page in the memory including the second address and a color of the second page. The inheritance logic may determine an effective current page color of the first page based on a color of the first page. The comparison logic may compare the effective current page color of the first page to the color of the second page. Other embodiments are disclosed and claimed.

Abstract: In one embodiment, the present invention includes a method for receiving a request from a caller code portion of a first color to color at least a portion of a stack with a second color, determining if the request is valid, and if so remapping the stack portion from a first mapping colored with the first color to a second mapping colored with the second color. Other embodiments are described and claimed.

Abstract: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

Abstract: A processing unit analyzes network traffic using a multi-timescale heuristic having multiple traffic windows. Each traffic window has a respective threshold value and a respective timescale. When a threshold value is exceeded, the processing unit triggers a network circuit breaker, causing a host platform to be isolated from the network.

Abstract: An embodiment of the present invention is a technique to protect memory. A memory identifiers storage stores memory identifiers associated with protected components. The memory identifiers include exclusive memory identifiers and shared memory identifiers. The memory identifier storage is protected from access by a host operating system. A memory identifier management service (MMS) manages the memory identifiers. The MMS resides in a protected environment. An access control enforcer (ACE) enforces an access control policy with the memory identifiers.

Abstract: A method and apparatus for adding integrity information to portable executable object files after compile and link steps is described. In one embodiment, the invention is a method. The method includes compiling and linking a portable executable file with a data section for aiding in integrity measurement of a measured program when the measured program is loaded into memory. The method further includes overwriting data fields of the data section with an offset before the file is loaded into the memory.

Abstract: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

Abstract: In response to an attempt to execute an instruction to specify memory type, deciding if the instruction was attempted by a registered program.

Abstract: Registering a first program operable to access a first address of a first protected region of memory in a registry and in response to a second program making a request to access a second address of a second protected region of memory, deciding whether the second program is registered in the registry; if the second program is registered, translating the second address to a physical address; checking the validity of a control register associated with a page table and if the control register is valid, relaxing a restriction on access to a field in a page table associated with the second address.

Abstract: The present disclosure relates to providing a remediation scheme for a compromised system and, more specifically, to providing a memory filtration scheme using an isolated partition within a system.

Abstract: Provided are a method, system, program and device for maintaining shadow page tables in a sequestered memory region. A first processor executing an application invokes a second processor to create a shadow page table used for address translation for the application in a sequestered memory region non-alterable by processes controlled by an operating system executed by the first processor. The shadow page table references at least one page in an operating system memory region accessible to processes controlled by the operating system.

Abstract: Systems and methods are described herein to provide for host virtual memory reconstitution. Virtual memory reconstitution is the ability to translate the host device's virtual memory addresses to the host device's physical memory addresses. The virtual memory reconstitution methods are independent of the operating system running on the host device.

Abstract: Systems and methods are described herein to provide for host virtual memory reconstitution.

Abstract: Provided is a method, system, and program for generating and communicating information on locations of program sections in memory. Source code is generated for an agent program. The source code includes start and end variables for selected sections of the program, wherein the start and end variables for each selected section are used to indicate the start and end address in a memory at which the section is loaded. The selected sections are capable of including less than all the sections in the program. The source code is compiled and linked to generate an object file including the sections. The object file causes, in response to being loaded into the memory of a computer, a relocation of at least one of the start and end memory addresses of the selected sections into at least one of the start and end variables for the selected sections when memory addresses are assigned to sections as part of relocation operations. Other embodiments are disclosed and claimed.

Abstract: Systems and methods are described herein to provide for remote triggering of page faults.

Abstract: Embodiments of apparatuses, articles, methods, and systems for intra-partitioning components within an execution environment are generally described herein. Other embodiments may be described and claimed.