公开(公告)号：US11509480B2

公开(公告)日：2022-11-22

申请号：US16917719

申请日：2020-06-30

Applicant: VMware, Inc.

Inventor： Samyuktha Subramanian ,  Jesse Pool

IPC: H04L29/06 ,  H04L9/32

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

公开(公告)号：US20220191025A1

公开(公告)日：2022-06-16

申请号：US17118978

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455 ,  H04L9/08 ,  G06F21/62

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

公开(公告)号：US10691341B2

公开(公告)日：2020-06-23

申请号：US15388591

申请日：2016-12-22

Applicant: VMware, Inc.

Inventor： Yury Baskakov ,  Alexander Garthwaite ,  Jesse Pool

IPC: G06F3/06 ,  G06F12/10

Abstract: One or more embodiments provide techniques for accessing a memory page of a virtual machine for which loading might have been deferred, according to an embodiment of the invention, includes the steps of examining metadata of the memory page and determining that a flag in the metadata for indicating that the contents of the memory page needs to be updated is set, and updating the contents of the memory page.

公开(公告)号：US20160253201A1

公开(公告)日：2016-09-01

申请号：US15148890

申请日：2016-05-06

Applicant: VMware, Inc.

Inventor： Irene Zhang ,  Kenneth Charles Barr ,  Ganesh Venkitachalam ,  Irfan Ahmad ,  Alex Garthwaite ,  Jesse Pool

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/461 ,  G06F9/485 ,  G06F9/5016 ,  G06F11/1438 ,  G06F12/08 ,  G06F2009/45575 ,  G06F2009/45583

Abstract: Methods and apparatus for saving and/or restoring state information for virtualized computing systems are described. An example apparatus includes a physical memory and a virtual machine monitor to: in response to a request to suspend operation of a virtual machine, place a trace on a memory page in the physical memory to detect at least one of a read access or a write access that occurs when state information of the virtual machine is saved in response to the request, the memory page associated with virtual memory hosted by the virtual machine, while the virtual machine continues to operate after the request, initiate storing of the virtual memory of the virtual machine, and in response to a trigger of the trace, store an indication that the memory page is an active memory page.

Abstract translation: 描述用于保存和/或恢复虚拟化计算系统的状态信息的方法和装置。 一种示例性装置包括：物理存储器和虚拟机监视器，用于：响应于暂停虚拟机的操作的请求，在物理存储器中的存储器页面上放置跟踪以检测读取访问或写入中的至少一个 响应于请求保存虚拟机的状态信息时发生的访问，与虚拟机托管的虚拟存储器相关联的存储器页面，同时虚拟机在请求之后继续操作，开始存储虚拟机的虚拟存储器 虚拟机，并且响应于跟踪的触发，存储指示存储器页面是活动存储器页面。

公开(公告)号：US09053064B2

公开(公告)日：2015-06-09

申请号：US13710185

申请日：2012-12-10

Applicant: VMware, Inc.

Inventor： Alexander Thomas Garthwaite ,  Yury Baskakov ,  Irene Zhang ,  Kevin Scott Christopher ,  Jesse Pool

IPC: G06F12/00 ,  G06F12/16

CPC classification number: G06F12/16 ,  G06F11/00

Abstract: A process for lazy checkpointing a virtual machine is enhanced to reduce the number of read/write accesses to the checkpoint file and thereby speed up the checkpointing process. The process for saving a state of a virtual machine running in a physical machine to a checkpoint file maintained in persistent storage includes the steps of copying contents of a block of memory pages, which may be compressed, into a staging buffer, determining after the copying if the buffer is full, and upon determining that the buffer is full, saving the buffer contents in a storage block of the checkpoint file.

Abstract translation: 增强了对虚拟机进行懒惰检查点的过程，以减少对检查点文件的读/写访问次数，从而加快了检查点处理过程。 将在物理机器中运行的虚拟机的状态保存到持久存储器中维护的检查点文件的过程包括以下步骤：将可压缩的存储器页块的内容复制到暂存缓冲器中，在复制之后确定 如果缓冲区已满，并且在确定缓冲区已满时，将缓冲区内容保存在检查点文件的存储块中。