公开(公告)号：US10853494B2

公开(公告)日：2020-12-01

申请号：US16042373

申请日：2018-07-23

Applicant: VMware, Inc.

Inventor： Samyuktha Subramanian ,  Daniel Muller ,  Mukund Gunti ,  Adrian Drzewiecki

IPC: G06F21/57 ,  G06F21/64 ,  H04L9/32 ,  G06F9/455 ,  G06F21/51

Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.

公开(公告)号：US11509480B2

公开(公告)日：2022-11-22

申请号：US16917719

申请日：2020-06-30

Applicant: VMware, Inc.

Inventor： Samyuktha Subramanian ,  Jesse Pool

IPC: H04L29/06 ,  H04L9/32

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

公开(公告)号：US10754952B2

公开(公告)日：2020-08-25

申请号：US16042338

申请日：2018-07-23

Applicant: VMware, Inc.

Inventor： Daniel Muller ,  Samyuktha Subramanian ,  Mukund Gunti

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/12 ,  H04L9/32

Abstract: An example method of authenticating software executing in a computer system includes: receiving, from the computer system over a network at a server computer, a trusted platform module (TPM) quote, an event log, and a metadata database, the TPM quote provided by a TPM in the computer system, the event log including first checksums for the software executing in the computer system, and the metadata database including second checksums of binary files stored in packages from which the software is installed; establishing a root of trust in the computer system at the server computer based on the TPM quote and the event log; and determining, at the server computer in response to establishing the root of trust, integrity of the software executing in the computer system by comparing the first checksums with the second checksums.