-
公开(公告)号:US20200218792A1
公开(公告)日:2020-07-09
申请号:US16296273
申请日:2019-03-08
Applicant: VMWARE, INC.
Inventor: ALOK NEMCHAND KATARIA , Achindra Bhatnagar , Sachin Shinde , Martim Carbone , Deep Shah
Abstract: Techniques for verifying the integrity of application data using secure hardware enclaves are provided. In one set of embodiments, a client system can create a secure hardware enclave on the client system and load program code for an integrity verifier into the secure hardware enclave. The client system can further receive a dataset from a server system and store the dataset at a local storage or memory location, and receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash, determine that the stored dataset has been modified.
-
Patent Agency Ranking
公开(公告)号:US11507415B2
公开(公告)日:2022-11-22
申请号:US16822054
申请日:2020-03-18
Applicant: VMWARE, INC.
Inventor: Vivek Mohan Thampi , Alok Nemchand Kataria , Martim Carbone , Deep Shah
Abstract: Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.
-
公开(公告)号:US11178105B2
公开(公告)日:2021-11-16
申请号:US16442579
申请日:2019-06-17
Applicant: VMWARE, INC.
Inventor: Shirish Vijayvargiya , Alok Nemchand Kataria , Deep Shah
Abstract: Techniques for implementing a secure enclave-based guest firewall are provided. In one set of embodiments, a host system can load a policy enforcer for a firewall into a secure enclave of a virtual machine (VM) running on the host system, where the secure enclave corresponds to a region of memory in the VM's guest memory address space that is inaccessible by processes running in other regions of the guest memory address space (including privileged processes that are part of the VM's guest operating system (OS) kernel). The policy enforcer can then, while running within the secure enclave: (1) obtain one or more security policies from a policy manager for the firewall, (2) determine that an event has occurred pertaining to a new or existing network connection between the VM and another machine, and (3) apply the one or more security policies to the network connection.
-
公开(公告)号:US11327782B2
公开(公告)日:2022-05-10
申请号:US16561051
申请日:2019-09-05
Applicant: VMWARE, INC.
Inventor: Alok Nemchand Kataria , Martim Carbone , Deep Shah
Abstract: The present disclosure provides an approach for migrating the contents of an enclave, together with a virtual machine comprising the enclave, from a source host to a destination host. The approach provides a technique that allows the contents of the enclave to remain secure during the migration process, and also allows the destination host to decrypt the contents of the enclave upon receiving the contents and upon receiving the VM that includes the enclave. The approach allows for the VM to continue execution on the destination host. The enclave retains its state from source host to destination host. Applications using the enclave in the source host are able to continue using the enclave on the destination host using the data migrated from the source host to the destination host.
-
公开(公告)号:US11170077B2
公开(公告)日:2021-11-09
申请号:US16296273
申请日:2019-03-08
Applicant: VMWARE, INC.
Inventor: Alok Nemchand Kataria , Achindra Bhatnagar , Sachin Shinde , Martim Carbone , Deep Shah
Abstract: Techniques for verifying the integrity of application data using secure hardware enclaves are provided. In one set of embodiments, a client system can create a secure hardware enclave on the client system and load program code for an integrity verifier into the secure hardware enclave. The client system can further receive a dataset from a server system and store the dataset at a local storage or memory location, and receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash, determine that the stored dataset has been modified.
-
公开(公告)号:US20210019166A1
公开(公告)日:2021-01-21
申请号:US16561051
申请日:2019-09-05
Applicant: VMWARE, INC.
Inventor: ALOK NEMCHAND KATARIA , Martim Carbone , Deep Shah
Abstract: The present disclosure provides an approach for migrating the contents of an enclave, together with a virtual machine comprising the enclave, from a source host to a destination host. The approach provides a technique that allows the contents of the enclave to remain secure during the migration process, and also allows the destination host to decrypt the contents of the enclave upon receiving the contents and upon receiving the VM that includes the enclave. The approach allows for the VM to continue execution on the destination host. The enclave retains its state from source host to destination host. Applications using the enclave in the source host are able to continue using the enclave on the destination host using the data migrated from the source host to the destination host.
-
-
-
-
-
Search Results
6
records
(took 0.01 seconds)
