-
公开(公告)号:US20180373879A1
公开(公告)日:2018-12-27
申请号:US15934621
申请日:2018-03-23
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Adam Cain , Nitin Bahadur , John K. Edwards , Kevin George , William McGovern , Andrew G. Tucker
Abstract: In an embodiment, a secure boot method comprises writing a wrapped data encryption key (DEK) and a wrapped key encryption key (KEK) onto a label of a wrapped operating system image prior to uploading the wrapped operating system image to a virtual data center using one or more computing devices.
-
Patent Agency Ranking
公开(公告)号:US10356128B1
公开(公告)日:2019-07-16
申请号:US15661618
申请日:2017-07-27
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VM is at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10999328B2
公开(公告)日:2021-05-04
申请号:US16430344
申请日:2019-06-03
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VMIs at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10896257B2
公开(公告)日:2021-01-19
申请号:US15934621
申请日:2018-03-23
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Adam Cain , Nitin Bahadur , John K. Edwards , Kevin George , William McGovern , Andrew G. Tucker
Abstract: In an embodiment, a secure boot method comprises writing a wrapped data encryption key (DEK) and a wrapped key encryption key (KEK) onto a label of a wrapped operating system image prior to uploading the wrapped operating system image to a virtual data center using one or more computing devices.
-
公开(公告)号:US10552606B2
公开(公告)日:2020-02-04
申请号:US15863574
申请日:2018-01-05
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Dennis Ramdass , James J. Voll
Abstract: In an approach, an intermediary guest manager operates within a virtual machine hosted by a host machine and managed by a hypervisor. The intermediary guest manager manages one or more guest operating systems operating within the virtual machine and implements one or more security services for the guest operating systems. The security services provided to the guest operating systems may include system call filtering, memory protections, secure memory dumps, and others. In some cases, the intermediary guest manager consults a threat defense policy which contains a number of records, where each record has one or more triggers representing suspicious activity and one or more actions to take in response to being triggered. When the intermediary guest manager identifies a request, such as a system call or memory access, that meets the trigger of a particular record, the intermediary guest manager executes the associated actions to remediate the suspicious activity.
-
公开(公告)号:US10509914B1
公开(公告)日:2019-12-17
申请号:US15796264
申请日:2017-10-27
Applicant: VMware, Inc.
Inventor: Rohan Desai , Jason A. Lango , Vinay Wagh , Nolan Karpinski , Antoine Pourchet
Abstract: A technique implements data policy deployed in a tag-based policy architecture of a virtualized computing environment. Implementation of the data policy may include applying volume tags to data stored on virtualized storage resources, such as disks organized as volumes, based on instances that generate the data, contents of the data, and/or sensitivity of the data. The volume tags may be applied in a cryptographically strong manner to prevent tampering of the tagged data. To that end, the volume tags are cryptographically associated with the data, wherein such association is effected by binding the tags to a data encryption key stored on the volumes (disks) and used to encrypt/decrypt the data stored on the volumes.
-
-
-
-
-
Search Results
6
records
(took 0.01 seconds)
