IN2014DN09465A - - Google Patents
Info
- Publication number
- IN2014DN09465A IN2014DN09465A IN9465DEN2014A IN2014DN09465A IN 2014DN09465 A IN2014DN09465 A IN 2014DN09465A IN 9465DEN2014 A IN9465DEN2014 A IN 9465DEN2014A IN 2014DN09465 A IN2014DN09465 A IN 2014DN09465A
- Authority
- IN
- India
- Prior art keywords
- key
- computing resource
- security
- computing
- provisioner
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
In a method of provisioning a virtual machine (VM) to a computing network (401), a VM manager or provisioner (403, 408) encrypts a virtual machine using a key bound to at least one security profile indicative of one or more security requirements that a computing resource (402) of the computing network (401) must satisfy in order to be able to decrypt the VM. A key for use in decrypting the VM has previously been sealed into multiple (and preferably into all) computing resources (402) in the network into which the VM is to be provisioned, and has been sealed such that a computing resource can obtain the key only if it is in a state that satisfies the security profile, or at least one security, profile to which the key is bound The VM manager or provisioner (403, 408) creates a VM launch package that includes the encrypted VM and that also includes a key that may be used in decrypting the encrypted VM. When the VM launch package is received at a computing resource (402), the computing resource will not be able to recover the key for use in decrypting the VM- and hence will be unable to decrypt the VM- unless the computing resource satisfies the security requirements indicated by the security profile. The VM manager or provisioner can thus be sure that the VM will not be launched on a computing resource that does not meet the desired security profile. Alternatively the VM manager or provisioner (403 , 408) may send a token corresponding to a desired security profile with an encrypted VM. A computing resource uses the token to obtain a key to decrypt the VM but the computing resource will not be able to recover the key unless the computing resource satisfies the security requirements indicated by the token.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/EP2012/059768 WO2013174437A1 (en) | 2012-05-24 | 2012-05-24 | Enhanced secure virtual machine provisioning |
Publications (1)
Publication Number | Publication Date |
---|---|
IN2014DN09465A true IN2014DN09465A (en) | 2015-07-17 |
Family
ID=46168479
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
IN9465DEN2014 IN2014DN09465A (en) | 2012-05-24 | 2012-05-24 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20150134965A1 (en) |
EP (1) | EP2856386A1 (en) |
IN (1) | IN2014DN09465A (en) |
WO (1) | WO2013174437A1 (en) |
Families Citing this family (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9515999B2 (en) | 2011-12-21 | 2016-12-06 | Ssh Communications Security Oyj | Automated access, key, certificate, and credential management |
US8924720B2 (en) * | 2012-09-27 | 2014-12-30 | Intel Corporation | Method and system to securely migrate and provision virtual machine images and content |
US9519498B2 (en) | 2013-12-24 | 2016-12-13 | Microsoft Technology Licensing, Llc | Virtual machine assurances |
US9792427B2 (en) * | 2014-02-07 | 2017-10-17 | Microsoft Technology Licensing, Llc | Trusted execution within a distributed computing system |
EP3108365A1 (en) * | 2014-02-20 | 2016-12-28 | Telefonaktiebolaget LM Ericsson (publ) | Methods, apparatuses, and computer program products for deploying and managing software containers |
US9753768B2 (en) * | 2014-03-08 | 2017-09-05 | Vmware, Inc. | Instant xvmotion using a private storage virtual appliance |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US9652276B2 (en) | 2014-09-17 | 2017-05-16 | International Business Machines Corporation | Hypervisor and virtual machine protection |
US9584317B2 (en) | 2014-10-13 | 2017-02-28 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US10229272B2 (en) | 2014-10-13 | 2019-03-12 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US9519787B2 (en) * | 2014-11-14 | 2016-12-13 | Microsoft Technology Licensing, Llc | Secure creation of encrypted virtual machines from encrypted templates |
US9952790B2 (en) * | 2015-06-13 | 2018-04-24 | Avocado Systems Inc. | Application security policy actions based on security profile exchange |
US10129220B2 (en) | 2015-06-13 | 2018-11-13 | Avocado Systems Inc. | Application and data protection tag |
US10270810B2 (en) | 2015-06-14 | 2019-04-23 | Avocado Systems Inc. | Data socket descriptor based policies for application and data behavior and security |
US10193889B2 (en) | 2015-06-14 | 2019-01-29 | Avocado Systems Inc. | Data socket descriptor attributes for application discovery in data centers |
US10397277B2 (en) | 2015-06-14 | 2019-08-27 | Avocado Systems Inc. | Dynamic data socket descriptor mirroring mechanism and use for security analytics |
US10148697B2 (en) | 2015-06-16 | 2018-12-04 | Avocado Systems Inc. | Unified host based security exchange between heterogeneous end point security agents |
US10193930B2 (en) | 2015-06-29 | 2019-01-29 | Avocado Systems Inc. | Application security capability exchange via the application and data protection layer |
US10990428B2 (en) | 2015-07-03 | 2021-04-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Virtual machine integrity |
US10356068B2 (en) | 2015-07-14 | 2019-07-16 | Avocado Systems Inc. | Security key generator module for security sensitive applications |
US10354070B2 (en) | 2015-08-22 | 2019-07-16 | Avocado Systems Inc. | Thread level access control to socket descriptors and end-to-end thread level policies for thread protection |
US10042749B2 (en) | 2015-11-10 | 2018-08-07 | International Business Machines Corporation | Prefetch insensitive transactional memory |
JP6734760B2 (en) | 2015-11-10 | 2020-08-05 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Prefetch insensitive transaction memory |
EP3398073B1 (en) * | 2016-02-10 | 2023-03-29 | Mobileiron, Inc. | Securely storing and distributing sensitive data in a cloud-based application |
CN107133520B (en) * | 2016-02-26 | 2021-05-14 | 华为技术有限公司 | Credibility measuring method and device for cloud computing platform |
US10684839B2 (en) | 2016-06-15 | 2020-06-16 | Red Hat Israel, Ltd. | Plugin for software deployment |
US10177910B2 (en) | 2016-08-31 | 2019-01-08 | Microsoft Technology Licensing, Llc | Preserving protected secrets across a secure boot update |
US11270193B2 (en) | 2016-09-30 | 2022-03-08 | International Business Machines Corporation | Scalable stream synaptic supercomputer for extreme throughput neural networks |
US10528746B2 (en) * | 2016-12-27 | 2020-01-07 | Intel Corporation | System, apparatus and method for trusted channel creation using execute-only code |
US10228965B2 (en) * | 2017-05-15 | 2019-03-12 | Synopsys, Inc. | Architecture, system and method for creating and employing trusted virtual appliances |
US10958424B1 (en) * | 2017-11-02 | 2021-03-23 | Amazon Technologies, Inc. | Mechanism to allow third party to use a shared secret between two parties without revealing the secret |
US10686891B2 (en) * | 2017-11-14 | 2020-06-16 | International Business Machines Corporation | Migration of applications to a computing environment |
US11036532B2 (en) * | 2017-11-29 | 2021-06-15 | Microsoft Technology Licensing, Llc | Fast join and leave virtual network |
CN111201529A (en) * | 2018-01-24 | 2020-05-26 | 英特尔公司 | Security configuration files for OCF devices and trusted platforms |
CN108599936A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of OpenStack increases income the safety certifying method of cloud user |
CN108737171B (en) * | 2018-05-10 | 2021-08-27 | 网宿科技股份有限公司 | Method and system for managing cloud service cluster |
US11044238B2 (en) | 2018-10-19 | 2021-06-22 | International Business Machines Corporation | Secure communications among tenant virtual machines in a cloud networking environment |
CN110012076B (en) * | 2019-03-12 | 2022-07-01 | 新华三技术有限公司 | Connection establishing method and device |
US11210128B2 (en) * | 2019-09-26 | 2021-12-28 | At&T Intellectual Property I, L.P. | Device virtualization security layer |
US11575513B2 (en) * | 2020-04-18 | 2023-02-07 | Cisco Technology, Inc. | Applying attestation tokens to multicast routing protocols |
CN116134795A (en) * | 2021-06-28 | 2023-05-16 | 微软技术许可有限责任公司 | Virtual machine provisioning and directory service management |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9606821B2 (en) * | 2004-12-17 | 2017-03-28 | Intel Corporation | Virtual environment manager for creating and managing virtual machine environments |
US8468230B2 (en) * | 2007-10-18 | 2013-06-18 | Fujitsu Limited | Method, apparatus and recording medium for migrating a virtual machine |
US20090133097A1 (en) * | 2007-11-15 | 2009-05-21 | Ned Smith | Device, system, and method for provisioning trusted platform module policies to a virtual machine monitor |
WO2011075484A2 (en) * | 2009-12-14 | 2011-06-23 | Citrix Systems, Inc. | A secure virtualization environment bootable from an external media device |
WO2011152910A1 (en) * | 2010-06-02 | 2011-12-08 | Vmware, Inc. | Securing customer virtual machines in a multi-tenant cloud |
US8856504B2 (en) * | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
-
2012
- 2012-05-24 IN IN9465DEN2014 patent/IN2014DN09465A/en unknown
- 2012-05-24 EP EP12723680.0A patent/EP2856386A1/en not_active Withdrawn
- 2012-05-24 US US14/399,393 patent/US20150134965A1/en not_active Abandoned
- 2012-05-24 WO PCT/EP2012/059768 patent/WO2013174437A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
EP2856386A1 (en) | 2015-04-08 |
US20150134965A1 (en) | 2015-05-14 |
WO2013174437A1 (en) | 2013-11-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
IN2014DN09465A (en) | ||
BR112015026372B8 (en) | Communication device that enforces security for a file stored on a virtual drive | |
WO2017034642A3 (en) | Optimizable full-path encryption in a virtualization environment | |
AU2018256568A1 (en) | Systems and methods for software based encryption | |
SG10201901366WA (en) | Key exchange through partially trusted third party | |
BR112017020675A2 (en) | authentication agreement and key with perfect issuance secrecy | |
GB2496354B (en) | A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors | |
BR112019003520A2 (en) | secure communication of network traffic | |
WO2016057086A3 (en) | Common modulus rsa key pairs for signature generation and encryption/decryption | |
WO2016126332A3 (en) | Data security operations with expectations | |
NZ746653A (en) | Access control for encrypted data in machine-readable identifiers | |
BR112017002747A2 (en) | computer implemented method, and, computer system. | |
WO2014070134A3 (en) | Quorum-based virtual machine security | |
WO2014182727A3 (en) | Selectively performing man in the middle decryption | |
WO2014207581A3 (en) | Processing guest event in hypervisor-controlled system | |
GB2512249A (en) | Secure peer discovery and authentication using a shared secret | |
GB2533727A (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
BR112015030544A2 (en) | electronic authentication systems | |
BR112017003018A2 (en) | secure provision of an authentication credential | |
GB2526240A (en) | Key management in multi-tenant environments | |
WO2014047135A3 (en) | Method and device for a generalized cryptographic framework | |
MX2016009066A (en) | Systems and methods with cryptography and tamper resistance software security. | |
WO2014027263A3 (en) | Attribute-based encryption | |
MX2018014312A (en) | Using hardware based secure isolated region to prevent piracy and cheating on electronic devices. | |
BR112017001424A2 (en) | encryption pin receiver |