-
公开(公告)号:US20230368193A1
公开(公告)日:2023-11-16
申请号:US17741353
申请日:2022-05-10
发明人: Mark Eugene RUSSINOVICH , Sylvan W. CLEBSCH , Kahren TEVOSYAN , Antoine Jean Denis DELIGNAT-LAVAUD , Cédric Alain Marie Christophe FOURNET , Hervey Oliver WILSON , Manuel Silverio da Silva COSTA
IPC分类号: G06Q20/38
CPC分类号: G06Q20/3829 , G06Q2220/00
摘要: The disclosed technology is generally directed to code transparency. In one example of the technology, a claim associated with an application is received. The claim is a document that is signed with a claim signature and that includes evidence associated with a policy, and further includes an expected set of at least one binary measurement associated with the application. The evidence is cryptographically verifiable evidence associated with the application. A trusted execution environment (TEE) is used to provide a distributed ledger. The claim is verified. Verifying the claim includes verifying the expected set of at least one binary measurement associated with the application, verifying the claim signature, and, based at least on the evidence, verifying that the application meets the policy. Upon successful verification of the claim, the claim is appended to the distributed ledger. A ledger countersignature associated with the claim is generated.
-
公开(公告)号:US20230370273A1
公开(公告)日:2023-11-16
申请号:US17741348
申请日:2022-05-10
发明人: Mark Eugene RUSSINOVICH , Sylvan W. CLEBSCH , Kahren TEVOSYAN , Antoine Jean Denis DELIGNAT-LAVAUD , Cédric Alain Marie Christophe FOURNET , Hervey Oliver WILSON , Manuel Silverio da Silva COSTA
CPC分类号: H04L9/3236 , H04L9/3247 , H04L9/0819
摘要: The disclosed technology is generally directed to code transparency. In one example of the technology, evidence associated with a policy is obtained. The evidence includes data that includes cryptographically verifiable evidence associated with initial source code in accordance with the policy. The initial source code is source code for a CTS. The initial binary is based on the initial source code is executed in a TEE such that a CTS instance begins operation. The CTS instance is configured to register guarantee(s) associated with code approved by the CTS instance. The TEE is used to provide a ledger. The evidence is stored on the ledger. Measurement(s) associated with the binary are provided. A service key associated with CTS instance is generated. TEE attestation of the measurement(s), the evidence, and the service key is provided.
-
公开(公告)号:US20240104193A1
公开(公告)日:2024-03-28
申请号:US17953169
申请日:2022-09-26
发明人: Jin LIN , Jason Stewart WOHLGEMUTH , Michael Bishop EBERSOL , Aditya BHANDARI , Steven Adrian WEST , Emily Cara CLEMENS , Michael Halstead KELLEY , Dexuan CUI , Attilio MAINETTI , Sarah Elizabeth STEPHENSON , Carolina Cecilia PEREZ-VARGAS , Antoine Jean Denis DELIGNAT-LAVAUD , Kapil VASWANI , Alexander Daniel GREST , Steve Michel PRONOVOST , David Alan HEPKIN
CPC分类号: G06F21/53 , G06F21/602 , G06F21/79
摘要: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.
-
-
搜索结果
3 条记录 (耗时 0.018 秒)
