发明公开
- 专利标题: VERIFYING SECURITY FOR VIRTUAL MACHINES IN CLOUD STREAMING SYSTEMS AND APPLICATIONS
-
申请号: US18151175申请日: 2023-01-06
-
公开(公告)号: US20240232360A1公开(公告)日: 2024-07-11
- 发明人: Lucien Dunning , Seth Schneider , Dwayne Swoboda , Marko Mitic , Adam Zabrocki
- 申请人: NVIDIA Corporation
- 申请人地址: US CA Santa Clara
- 专利权人: NVIDIA Corporation
- 当前专利权人: NVIDIA Corporation
- 当前专利权人地址: US CA Santa Clara
- 主分类号: G06F21/57
- IPC分类号: G06F21/57 ; A63F13/73
摘要:
In examples, a VM may receive and aggregate a first attestation report corresponding to a
CPU and a second attestation report corresponding to a GPU. The aggregated data may be provided to an attestation service, which may verify the attestation reports indicate a TCB is to include the VM and GPU state data and is to isolate the GPU state data and the VM from an untrusted host OS. Based at least on the TCB being verified, the VM may perform one or more operations using the TCB. The TCB may include a trusted hypervisor to isolate the VM and GPU state data within the GPU(s) from the untrusted host OS. The trusted hypervisor may prevent the host OS from accessing device memory assigned to the VM based at least on controlling an IOMMU and/or second-level address translation (SLAT) used to access the data.
CPU and a second attestation report corresponding to a GPU. The aggregated data may be provided to an attestation service, which may verify the attestation reports indicate a TCB is to include the VM and GPU state data and is to isolate the GPU state data and the VM from an untrusted host OS. Based at least on the TCB being verified, the VM may perform one or more operations using the TCB. The TCB may include a trusted hypervisor to isolate the VM and GPU state data within the GPU(s) from the untrusted host OS. The trusted hypervisor may prevent the host OS from accessing device memory assigned to the VM based at least on controlling an IOMMU and/or second-level address translation (SLAT) used to access the data.
信息查询
