SERVICE PARTITION VIRTUALIZATION SYSTEM AND METHOD HAVING A SECURE APPLICATION

SERVICE PARTITION VIRTUALIZATION SYSTEM AND METHOD HAVING A SECURE APPLICATION

A secure application system and method for a host computing device. The system includes an ultraboot application that operates in the less privileged user memory and divides the host computing device into a resource management partition, at least one virtual service partition and at least one virtua...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DIDOMENICO MICHAEL J, SLIWA ROBERT J, BURCHETT BRITTNEY
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A secure application system and method for a host computing device. The system includes an ultraboot application that operates in the less privileged user memory and divides the host computing device into a resource management partition, at least one virtual service partition and at least one virtual guest partition. The virtual guest partition provides a virtualization environment for at least one guest operating system. The virtual service partition provides a virtualization environment for the basic operations of the virtualization system. The resource management partition maintains a resource database for use in managing the use of the host processor and the system resources. The virtual service partition is an isolated secure partition having a secure application executing therein. The isolated secure partition includes a security manifest portion for controlling the execution of the secure application within the isolated secure partition. The isolated secure partition also includes a secure application operating system (OS) portion that supports only the execution of the secure application within the isolated secure partition. The secure application operating system (OS) portion includes a secure application runtime portion that provides the runtime needed to execute the secure application within the isolated secure partition. The secure application is executed within the isolated secure partition without the need for any standard operating system (OS). The system also includes at least one monitor that operates in the most privileged system memory. The monitor maintains guest applications in the virtual guest partition within memory space allocated by the virtual service partition to the virtual guest partition. The system also includes a context switch between the monitor and the respective virtual guest partitions and the virtual service partition. The context switch controls multitask processing in the partitions on the at least one host processor.