公开(公告)号：US20240004681A1

公开(公告)日：2024-01-04

申请号：US17809859

申请日：2022-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Graf ,  Ioannis Aslanidis ,  Deepak Gupta ,  Jonathan Daniel Bean

IPC: G06F9/455 ,  G06F21/44

CPC classification number: G06F9/45558 ,  G06F21/44 ,  G06F2009/45587 ,  G06F2009/45579 ,  G06F2009/45595

Abstract: A virtualized computing service provides a computing instance capable of requesting attestation of the authenticity of the hypervisor implementing the computing instances. An attestation device included in a virtualization host maintains a log of hash values representing hypervisor versions that have been implemented at the virtualization host. Also, an independent auditor (e.g., attestation service) is provided software configurations that are known to be authentic. The independent auditor generates hash values for the authentic hypervisor versions. The computing instance receives a response from the local attestation device indicating hash values of hypervisor versions currently and/or previously deployed on the virtualization host, and the computing instance forwards the hash values to the independent auditor to authenticate that they match the hash values of the known authentic hypervisor versions. In some embodiments, a similar process may also be used to attest to the authenticity of operating systems used by the computing instance.