A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment's sealing functionality to seal data items for the file locker's exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the re...

Special purpose heaps are created to store different classes of data to which different rules apply. A library of functions is provided which is designed to respect the different classes of rules that apply to the different heaps, by storing data only on a heap that is designated for use with the proper class of data, and by resisting the performance of actions on data in a heap that is inconsistent with the rules that apply to the heap. The use of plural heaps in this manner discourages program...

Methods of providing and limiting access to trusted memory are provided. Trusted memory pages are not mapped with page map pages. When a central processor is operated in a page-mapping mode, access to the trusted memory is limited. In particular, without mapping information, software and hardware modules cannot access and modify the contents of trusted memory sections.

Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these eva...

The debugging of bifurcated processes allows a debugger to: (1) read and/or write process memory for the debuggee process; (2) get and/or set the thread context for the debuggee process threads; (3) control running threads of the debuggee process; and (4) handle debug events. Bifurcated processes include a shadow process whereby threads are scheduled and a corresponding work process which handles the actual work to be done by the process. The reading and writing of process memory and the getting...

A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain t...

A method in a computer system for loading an operating system into memory through use of a file system that is stored on secondary storage. The operating system is stored on secondary storage as files with file names. Before the operating system is loaded into memory, a bootstrap program loads the file system from secondary storage into memory. The file system is stored at locations in secondary storage that are known to the bootstrap program. The file system also has a mapping of file names of ...

A method and apparatus interfaces a computer operating system with a storage volume, which is all or part of a data storage media such as a removable floppy-type disk or a hard disk. In a preferred embodiment, the method and apparatus select and associate the appropriate one of a plurality of system drivers with a respective storage volume to permit data communication between the storage volume and the operating system. The method and apparatus permit a single operating system to access a storag...

A system and method are provided for encoding data in accordance with the present invention. The system includes a first subsystem for encoding a second data protocol within a formatted data protocol without disrupting display operations associated with the first data protocol. An encapsulation sequence is provided to isolate the second data protocol from the formatted data protocol, wherein a monitoring subsystem receives status from the first subsystem via the second data protocol.

In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft.RTM.'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows.RTM. operating system) hosts a secure operating system (e.g., the nexus).