-
1.
公开(公告)号:US20130054948A1
公开(公告)日:2013-02-28
申请号:US13222379
申请日:2011-08-31
申请人: Himanshu Raj , Stefan Saroiu , Alastair Wolman , Paul England , Anh M. Nguyen , Shravan Rayanchu
发明人: Himanshu Raj , Stefan Saroiu , Alastair Wolman , Paul England , Anh M. Nguyen , Shravan Rayanchu
IPC分类号: G06F15/177
CPC分类号: G06F9/4406 , G06F9/4416 , G06F9/45533 , G06F9/45558 , G06F21/50 , G06F21/53 , G06F21/57 , G06F21/575 , G06F2009/45587 , G06F2221/034 , G06F2221/2105 , G06F2221/2149
摘要: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.
摘要翻译: 在云计算环境中,最小化生产服务器虚拟化堆栈,以减少在虚拟机中运行的恶意软件的安全漏洞。 最小的虚拟化堆栈包括对客户操作系统的操作所需的那些虚拟设备的支持,这些虚拟设备的代码基础进一步减少。 此外,专用的隔离引导服务器提供安全引导客户机操作系统的功能。 引导服务器通过使用认证协议进行隔离,引导服务器向网络交换机提供秘密,以证明引导服务器以干净的模式运行。 认证协议可以进一步采用安全协处理器来密封秘密,使得仅当引导服务器以干净模式操作时才可访问。
-
2.
公开(公告)号:US08812830B2
公开(公告)日:2014-08-19
申请号:US13222379
申请日:2011-08-31
申请人: Himanshu Raj , Stefan Saroiu , Alastair Wolman , Paul England , Anh M. Nguyen , Shravan Rayanchu
发明人: Himanshu Raj , Stefan Saroiu , Alastair Wolman , Paul England , Anh M. Nguyen , Shravan Rayanchu
IPC分类号: G06F9/00 , G06F15/177 , G06F9/455 , G06F7/04
CPC分类号: G06F9/4406 , G06F9/4416 , G06F9/45533 , G06F9/45558 , G06F21/50 , G06F21/53 , G06F21/57 , G06F21/575 , G06F2009/45587 , G06F2221/034 , G06F2221/2105 , G06F2221/2149
摘要: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.
摘要翻译: 在云计算环境中,最小化生产服务器虚拟化堆栈,以减少在虚拟机中运行的恶意软件的安全漏洞。 最小的虚拟化堆栈包括对客户操作系统的操作所需的那些虚拟设备的支持,这些虚拟设备的代码基础进一步减少。 此外,专用的隔离引导服务器提供安全引导客户机操作系统的功能。 引导服务器通过使用认证协议进行隔离,引导服务器向网络交换机提供秘密,以证明引导服务器以干净的模式运行。 认证协议可以进一步采用安全协处理器来密封秘密,使得仅当引导服务器以干净模式操作时才可访问。
-
公开(公告)号:US20120331550A1
公开(公告)日:2012-12-27
申请号:US13167699
申请日:2011-06-24
申请人: Himanshu Raj , Nuno Santos , Paul England , Stefan Saroiu , Alastair Wolman
发明人: Himanshu Raj , Nuno Santos , Paul England , Stefan Saroiu , Alastair Wolman
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , G06F21/53
摘要: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.
摘要翻译: 公开了一种可信赖语言运行时(TLR)架构,其提供用于开发用于在移动设备(例如,智能电话机)上执行可信应用或其部分的运行时的抽象。 TLR至少向移动开发人员提供两个抽象:一个信托框和一个信托。 trustbox是提供代码和数据完整性以及机密性的运行时环境。 在信托箱内运行的代码和数据不能被任何在信托箱外部运行的代码读取或修改。 trustlet是在一个信任框内运行的应用程序的代码部分。 使用TLR,程序员可以在.NET中编写应用程序,并指定应用程序的哪些部分处理敏感数据,从而在trustbox内运行。 使用TLR,开发人员将这些部件放置在trustlet类中,并且TLR提供在trustbox中运行部件所需的所有支持。
-
公开(公告)号:US20110307888A1
公开(公告)日:2011-12-15
申请号:US12815415
申请日:2010-06-15
申请人: Himanshu Raj , Paul England
发明人: Himanshu Raj , Paul England
CPC分类号: G06F21/74 , G06F9/45558 , G06F2009/45587
摘要: Technology is described for protection of virtual machines executing on a host device having host processors and host memory. The system can include a hypervisor configured to enable the virtual machines to execute concurrently on the host device. An emancipated partition can be provided with a communication channel to the hypervisor. A primary partition can be configured to interface with the emancipated partition through the communication channel via the hypervisor. In addition, an emancipated memory space and virtual register state for the emancipated partition can be protected from direct access by the primary partition.
摘要翻译: 描述了用于保护在具有主机处理器和主机存储器的主机设备上执行的虚拟机的技术。 该系统可以包括配置为使虚拟机能够在主机设备上同时执行的管理程序。 可以向解放的分区提供与管理程序的通信信道。 主分区可以配置为通过管理程序通过通信通道与解放的分区进行接口。 此外,解放的分区的解放存储空间和虚拟寄存器状态可以被保护免受主分区的直接访问。
-
公开(公告)号:US08839239B2
公开(公告)日:2014-09-16
申请号:US12815415
申请日:2010-06-15
申请人: Himanshu Raj , Paul England
发明人: Himanshu Raj , Paul England
CPC分类号: G06F21/74 , G06F9/45558 , G06F2009/45587
摘要: Technology is described for protection of virtual machines executing on a host device having host processors and host memory. The system can include a hypervisor configured to enable the virtual machines to execute concurrently on the host device. An emancipated partition can be provided with a communication channel to the hypervisor. A primary partition can be configured to interface with the emancipated partition through the communication channel via the hypervisor. In addition, an emancipated memory space and virtual register state for the emancipated partition can be protected from direct access by the primary partition.
摘要翻译: 描述了用于保护在具有主机处理器和主机存储器的主机设备上执行的虚拟机的技术。 该系统可以包括配置为使虚拟机能够在主机设备上同时执行的管理程序。 可以向解放的分区提供与管理程序的通信信道。 主分区可以配置为通过管理程序通过通信通道与解放的分区进行接口。 此外,解放的分区的解放存储空间和虚拟寄存器状态可以被保护免受主分区的直接访问。
-
公开(公告)号:US20120324236A1
公开(公告)日:2012-12-20
申请号:US13161520
申请日:2011-06-16
申请人: Abhinav Srivastava , Himanshu Raj , Paul England , Parag Sharma
发明人: Abhinav Srivastava , Himanshu Raj , Paul England , Parag Sharma
IPC分类号: G06F21/24
CPC分类号: G06F21/64 , G06F9/45558 , G06F21/57 , G06F2009/45587 , G06F2221/2103 , G06F2221/2153 , H04L9/3234 , H04L63/0823 , H04L63/0876 , H04L2209/127
摘要: A hypervisor provides a snapshot protocol that generates a verifiable snapshot of a target machine. The verifiable snapshot includes a snapshot and a signed quote. In one implementation, a challenger requests a snapshot of the target machine. In response to the snapshot request, the hypervisor initiates Copy-on-Write (CoW) protection for the target machine. The hypervisor snapshots and hashes each of the memory pages and the virtual central processing unit (CPU) of the target machine. The hypervisor generates a composite hash by merging all individual memory page hashes and the CPU state hash. The hypervisor requests a quote including integrity indicators of all trusted components and the composite hash. The quote uses a cryptographic signature from a trusted platform module, which ensures that any compromise of the integrity of the snapshot is detectable. The snapshot and signed quote are returned to the challenger for verification.
摘要翻译: 虚拟机管理程序提供生成目标计算机的可验证快照的快照协议。 可验证的快照包括快照和签名报价。 在一个实现中,挑战者请求目标机器的快照。 响应于快照请求,管理程序启动目标机器的写时复制(CoW)保护。 管理程序快照并对目标机器的每个存储器页面和虚拟中央处理单元(CPU)进行散列。 管理程序通过合并所有单独的内存页哈希和CPU状态哈希值来生成复合散列。 虚拟机管理程序请求包括所有可信组件和组合散列的完整性指示符的引用。 报价使用来自可信平台模块的加密签名,可确保对快照完整性的任何妥协都是可检测的。 快照和签名报价返回给挑战者进行验证。
-
公开(公告)号:US09183406B2
公开(公告)日:2015-11-10
申请号:US13012573
申请日:2011-01-24
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只有满足一个或多个条件,才允许从密文获得数据。 根据另一方面,从调用程序接收位串。 使用公钥解密解密比特串中的数据,只有满足包含在比特串中的一个或多个条件时才返回给调用程序。
-
公开(公告)号:US08738890B2
公开(公告)日:2014-05-27
申请号:US13178908
申请日:2011-07-08
申请人: Paul England , Jork Loeser , Luis Irun-Briz
发明人: Paul England , Jork Loeser , Luis Irun-Briz
CPC分类号: G06F12/1036 , G06F9/545 , G06F12/109 , G06F2212/656
摘要: A single application can be executed across multiple execution environments in an efficient manner if at least a relevant portion of the virtual memory assigned to the application was equally accessible by each of the multiple execution environments. A request by a process in one execution environment can, thereby, be directed to an operating system, or other core software, in another execution environment and can be made by a shadow of the requesting process in the same manner as the original request was made by the requesting process itself. Because of the memory invariance between the execution environments, the results of the request will be equally accessible to the original requesting process even though the underlying software that responded to the request may be executing in a different execution environment. A similar thread invariance can be maintained to provide for accurate translation of requests between execution environments.
摘要翻译: 如果分配给应用的虚拟存储器的至少相关部分可以被多个执行环境中的每个执行环境同等地访问,则可以以有效的方式在多个执行环境中执行单个应用。 一个执行环境中的进程的请求可以由此被引导到另一执行环境中的操作系统或其他核心软件,并且可以以与原始请求相同的方式通过请求进程的阴影来进行 通过请求过程本身。 由于执行环境之间的内存不变性,即使响应请求的底层软件可能在不同的执行环境中执行,原始请求进程的请求结果也可以同样访问。 可以维护类似的线程不变性,以便在执行环境之间提供精确的请求转换。
-
公开(公告)号:US08619971B2
公开(公告)日:2013-12-31
申请号:US11097697
申请日:2005-04-01
CPC分类号: G06F21/57 , G06F9/5077 , G06F2221/2149
摘要: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
摘要翻译: 系统和方法提供了诸如管理程序之类的隔离技术上托管的多个分区,其中至少一个分区本地安全服务分区(LSSP)为其他分区提供安全服务。 服务分区(LSSP)承载需要严格安全隔离的高保证服务,即使在用户未连接到网络时,也可以跨分区共享服务并进行访问。 LSSP还可以使用由TPM认证身份密钥(AIK)签名的密钥或由管理程序或服务分区安全地保存的其他密钥来证明任何计算的结果。 可以将LSSP配置为提供可信的审核日志,可信的安全扫描,可信密码服务,可信的编译和测试,可信登录服务等。
-
公开(公告)号:US08601286B2
公开(公告)日:2013-12-03
申请号:US13015440
申请日:2011-01-27
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译: 根据某些方面,接收数据并生成并输出数字签名。 数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件,或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名 一个或多个处理器。
-
-
-
-
-
-
-
-
-