公开(公告)号：US11799670B2

公开(公告)日：2023-10-24

申请号：US17119068

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455

CPC classification number: H04L9/3268 ,  G06F9/45558 ,  H04L9/3247 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

公开(公告)号：US20210019159A1

公开(公告)日：2021-01-21

申请号：US16511308

申请日：2019-07-15

Applicant: VMware, Inc.

Inventor： Xunjia Lu ,  Haoqiang Zheng ,  David Dunn ,  Fred Jacobs

IPC: G06F9/455 ,  G06F9/50

Abstract: Disclosed are various embodiments that utilize conflict cost for workload placements in datacenter environments. In some examples, a protected memory level is identified for a computing environment. The computing environment includes a number of processor resources. Incompatible processor workloads are prohibited from concurrently executing on parallel processor resources. Parallel processor resources share memory at the protected memory level. A number of conflict costs are determined for a processor workload. Each conflict cost is determined based on a measure of compatibility between the processor workload and a parallel processor resource that shares a particular memory with the respective processor resource. The processor workload is assigned to execute on a processor resource associated with a minimum conflict cost.

公开(公告)号：US11182183B2

公开(公告)日：2021-11-23

申请号：US16511308

申请日：2019-07-15

Applicant: VMware, Inc.

Inventor： Xunjia Lu ,  Haoqiang Zheng ,  David Dunn ,  Fred Jacobs

IPC: G06F9/455 ,  G06F9/50

Abstract: Disclosed are various embodiments that utilize conflict cost for workload placements in datacenter environments. In some examples, a protected memory level is identified for a computing environment. The computing environment includes a number of processor resources. Incompatible processor workloads are prohibited from concurrently executing on parallel processor resources. Parallel processor resources share memory at the protected memory level. A number of conflict costs are determined for a processor workload. Each conflict cost is determined based on a measure of compatibility between the processor workload and a parallel processor resource that shares a particular memory with the respective processor resource. The processor workload is assigned to execute on a processor resource associated with a minimum conflict cost.

公开(公告)号：US10592267B2

公开(公告)日：2020-03-17

申请号：US15402243

申请日：2017-01-10

Applicant: VMWARE, INC.

Inventor： David Dunn ,  Alok Nemchand Kataria ,  Wei Xu ,  Jeffrey W. Sheldon

IPC: G06F9/455 ,  G06F21/55 ,  G06F12/14 ,  G06F21/57

Abstract: Mechanisms to protect the integrity of a data structure that is traversed to locate protected memory pages are provided. Leaf nodes of the data structure store mappings that indicate which memory pages are protected. Both the pages indicated by the mappings and the pages that store the data structure are monitored by a tracing service that sends a notification to the hypervisor when a write to a traced page occurs. When system software receives such a notification, the system software traverses the data structure to determine whether any of the memory pages of the data structure is the traced page that was written to. If so, the alert action for that page is performed. If not, the system software determines whether any of the mappings in the leaf nodes include such a page and, if so, the alert action for that page is performed.

公开(公告)号：US20220191046A1

公开(公告)日：2022-06-16

申请号：US17119068

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

公开(公告)号：US10768962B2

公开(公告)日：2020-09-08

申请号：US15383605

申请日：2016-12-19

Applicant: VMware, Inc.

Inventor： David Dunn ,  Doug Covelli

IPC: G06F9/455 ,  G06F12/1009 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F12/1027

Abstract: A method of emulating nested page table (NPT) mode-based execute control in a virtualized computing system includes: providing NPT mode-based execute control from a hypervisor to a virtual machine (VM) executing in the virtualized computing system; generating a plurality of shadow NPT hierarchies at the hypervisor based on an NPT mode-based execute policy obtained from the VM; configuring a processor of the virtualized computing system to exit from the VM to the hypervisor in response to an escalation from a user privilege level to a supervisor privilege level caused by guest code of the VM; and exposing a first shadow NPT hierarchy of the plurality of shadow NPT hierarchies to the processor in response to an exit from the VM to the hypervisor due to the escalation from the user privilege level to the supervisor privilege level.

公开(公告)号：US11379385B2

公开(公告)日：2022-07-05

申请号：US15444350

申请日：2017-02-28

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Wei Xu ,  Radu Rugina ,  Jeffrey W. Sheldon ,  James S. Mattson ,  Rakesh Agarwal ,  David Dunn

IPC: G06F12/14 ,  G06F21/50 ,  G06F9/455 ,  G06F9/46 ,  G06F21/74

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

公开(公告)号：US20220191025A1

公开(公告)日：2022-06-16

申请号：US17118978

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455 ,  H04L9/08 ,  G06F21/62

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

公开(公告)号：US10678909B2

公开(公告)日：2020-06-09

申请号：US15818783

申请日：2017-11-21

Applicant: VMWARE, INC.

Inventor： Alok Nemchand Kataria ,  Doug Covelli ,  Jeffrey W. Sheldon ,  Frederick Joseph Jacobs ,  David Dunn

IPC: G06F21/53 ,  G06F3/06 ,  G06F9/455

Abstract: Techniques for securely supporting a global view of system memory in a physical/virtual computer system comprising a plurality of physical/virtual CPUs are provided. In one set of embodiments, the physical/virtual computer system can receive an interrupt indicating that a first physical/virtual CPU should enter a privileged CPU operating mode. The physical/virtual computer system can further determine that none of the plurality of physical/virtual CPUs are currently in the privileged CPU operating mode. In response to this determination, the physical/virtual computer system can modify the global view of system memory to include a special memory region comprising program code to be executed while in the privileged CPU operating mode; communicate, to the other physical/virtual CPUs, a signal to enter a stop state in which execution is halted but interrupts are accepted for entering the privileged CPU operating mode; and cause the first physical/virtual CPU to enter the privileged CPU operating mode.

公开(公告)号：US10120738B2

公开(公告)日：2018-11-06

申请号：US15192642

申请日：2016-06-24

Applicant: VMware, Inc.

Inventor： Radu Rugina ,  Jeffrey W. Sheldon ,  James S. Mattson, Jr. ,  David Dunn

IPC: G06F11/00 ,  G06F11/07 ,  G06F3/06 ,  G06F21/52 ,  G06F9/455

Abstract: Guest memory data structures are read by one or more read operations which are set up to handle page faults and general protection faults generated during the read in various ways. If such a fault occurs while performing the one or more read operations, the fault is handled and the one or more read operation is terminated. The fault is handled by either dropping the fault and reporting an error instead of the fault, by dropping the fault and invoking an error handler that is set up prior to performing the read operations, or by forwarding the fault to a fault handler that is setup prior to performing the read operations. If no fault occurs, the read operations complete successfully. Thus, under normal circumstances, no fault is incurred in a read operation on guest memory data structures.