CA3132756A1 - Starting a secure guest using an initial program load mechanism - Google Patents

Starting a secure guest using an initial program load mechanism Download PDF

Info

Publication number
CA3132756A1
CA3132756A1 CA3132756A CA3132756A CA3132756A1 CA 3132756 A1 CA3132756 A1 CA 3132756A1 CA 3132756 A CA3132756 A CA 3132756A CA 3132756 A CA3132756 A CA 3132756A CA 3132756 A1 CA3132756 A1 CA 3132756A1
Authority
CA
Canada
Prior art keywords
hypervisor
host server
secure
dispatching
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CA3132756A
Other languages
English (en)
French (fr)
Inventor
Viktor Mihajlovski
Claudio Imbrenda
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CA3132756A1 publication Critical patent/CA3132756A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45545Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Hardware Redundancy (AREA)
  • Retry When Errors Occur (AREA)
CA3132756A 2019-03-08 2020-03-06 Starting a secure guest using an initial program load mechanism Pending CA3132756A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,304 2019-03-08
US16/296,304 US10970100B2 (en) 2019-03-08 2019-03-08 Starting a secure guest using an initial program load mechanism
PCT/EP2020/055971 WO2020182642A1 (en) 2019-03-08 2020-03-06 Starting a secure guest using an initial program load mechanism

Publications (1)

Publication Number Publication Date
CA3132756A1 true CA3132756A1 (en) 2020-09-17

Family

ID=70189895

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3132756A Pending CA3132756A1 (en) 2019-03-08 2020-03-06 Starting a secure guest using an initial program load mechanism

Country Status (17)

Country Link
US (1) US10970100B2 (https=)
EP (1) EP3935498B1 (https=)
JP (1) JP7418093B2 (https=)
KR (1) KR102672577B1 (https=)
CN (1) CN113544643B (https=)
AU (1) AU2020235010B2 (https=)
BR (1) BR112021017782B1 (https=)
CA (1) CA3132756A1 (https=)
ES (1) ES3031590T3 (https=)
HU (1) HUE071272T2 (https=)
IL (1) IL285225B2 (https=)
MX (1) MX391163B (https=)
PL (1) PL3935498T3 (https=)
SG (1) SG11202105430SA (https=)
TW (1) TWI734379B (https=)
WO (1) WO2020182642A1 (https=)
ZA (1) ZA202106314B (https=)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11308215B2 (en) * 2019-03-08 2022-04-19 International Business Machines Corporation Secure interface control high-level instruction interception for interruption enablement
US11205003B2 (en) * 2020-03-27 2021-12-21 Intel Corporation Platform security mechanism
WO2022132184A1 (en) 2020-12-20 2022-06-23 Intel Corporation System, method and apparatus for total storage encryption
CN113434372B (zh) * 2021-06-10 2023-07-18 浙江大华技术股份有限公司 一种定位指示的方法、设备、系统及存储介质
US11874776B2 (en) 2021-06-25 2024-01-16 Intel Corporation Cryptographic protection of memory attached over interconnects
US12455701B2 (en) 2021-07-27 2025-10-28 Intel Corporation Scalable access control checking for cross-address-space data movement
US12541416B2 (en) 2021-09-23 2026-02-03 Intel Corporation Lane based normalized historical error counter view for faulty lane isolation and disambiguation of transient versus persistent errors
US12487762B2 (en) 2022-05-10 2025-12-02 Intel Corporation Flexible provisioning of coherent memory address decoders in hardware
WO2024005143A1 (ja) * 2022-06-29 2024-01-04 セーラ・ネットワークス株式会社 演算処理装置、演算処理システム、演算処理方法、及び演算処理プログラム
US20260099586A1 (en) * 2024-10-04 2026-04-09 Microsoft Technology Licensing, Llc Virtual machine host fast-switch between standard and confidential vm hosting modes

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4245302A (en) 1978-10-10 1981-01-13 Magnuson Computer Systems, Inc. Computer and method for executing target instructions
US5155809A (en) * 1989-05-17 1992-10-13 International Business Machines Corp. Uncoupling a central processing unit from its associated hardware for interaction with data handling apparatus alien to the operating system controlling said unit and hardware
US6138236A (en) 1996-07-01 2000-10-24 Sun Microsystems, Inc. Method and apparatus for firmware authentication
US6658562B1 (en) * 2000-08-25 2003-12-02 International Business Machines Corporation Method, system, and program for customizing a basic input/output system (“BIOS”) configuration according to the type of user
US7356677B1 (en) * 2001-10-19 2008-04-08 Flash Vos, Inc. Computer system capable of fast switching between multiple operating systems and applications
US20080177994A1 (en) * 2003-01-12 2008-07-24 Yaron Mayer System and method for improving the efficiency, comfort, and/or reliability in Operating Systems, such as for example Windows
EP1678617A4 (en) 2003-10-08 2008-03-26 Unisys Corp COMPUTER SYSTEM PARAVIRTUALIZATION BY USING A HYPERVISOR IMPLEMENTED IN A PARTITION OF THE HOST SYSTEM
CN1834912B (zh) * 2005-03-15 2011-08-31 蚬壳星盈科技有限公司 用于可扩展互联网引擎的iSCSI引导驱动系统及方法
US9086913B2 (en) 2008-12-31 2015-07-21 Intel Corporation Processor extensions for execution of secure embedded containers
US8387114B2 (en) 2009-01-02 2013-02-26 International Business Machines Corporation Secure workload partitioning in a server environment
JP2011048661A (ja) 2009-08-27 2011-03-10 Nomura Research Institute Ltd 仮想サーバ暗号化システム
US8639783B1 (en) 2009-08-28 2014-01-28 Cisco Technology, Inc. Policy based configuration of interfaces in a virtual machine environment
WO2011114655A1 (ja) * 2010-03-16 2011-09-22 パナソニック株式会社 情報処理装置、仮想マシン生成方法及びアプリ配信システム
US8856504B2 (en) * 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
CN103250163B (zh) 2010-12-09 2016-08-10 国际商业机器公司 用于加密和解密虚拟盘的计算机可读存储介质
US20120179904A1 (en) 2011-01-11 2012-07-12 Safenet, Inc. Remote Pre-Boot Authentication
TW201535145A (zh) * 2013-12-04 2015-09-16 Insyde Software Corp 使用保護讀取儲存器安全地儲存韌體數據之系統及方法
US9792448B2 (en) * 2014-02-28 2017-10-17 Advanced Micro Devices, Inc. Cryptographic protection of information in a processing system
US9785801B2 (en) * 2014-06-27 2017-10-10 Intel Corporation Management of authenticated variables
US10599458B2 (en) 2015-01-23 2020-03-24 Unisys Corporation Fabric computing system having an embedded software defined network
FR3038404B1 (fr) * 2015-07-02 2019-04-26 Viaccess Procede et systeme d'execution securisee de machines virtuelles par un ensemble de dispositifs programmables interconnectes
US20190095357A1 (en) * 2017-09-28 2019-03-28 Intel Corporation Hardware support for static mode of protected memory management on flexibly-convertible enclave platform
CN107943556B (zh) * 2017-11-10 2021-08-27 中国电子科技集团公司第三十二研究所 基于kmip和加密卡的虚拟化数据安全方法

Also Published As

Publication number Publication date
EP3935498C0 (en) 2025-05-07
BR112021017782B1 (pt) 2022-08-30
TWI734379B (zh) 2021-07-21
EP3935498B1 (en) 2025-05-07
CN113544643A (zh) 2021-10-22
IL285225A (en) 2021-09-30
MX391163B (es) 2025-03-21
PL3935498T3 (pl) 2025-08-11
SG11202105430SA (en) 2021-06-29
ZA202106314B (en) 2022-07-27
CN113544643B (zh) 2025-05-09
TW202101207A (zh) 2021-01-01
EP3935498A1 (en) 2022-01-12
IL285225B2 (en) 2024-03-01
BR112021017782A2 (https=) 2021-11-23
WO2020182642A1 (en) 2020-09-17
KR102672577B1 (ko) 2024-06-07
ES3031590T3 (en) 2025-07-09
US20200285492A1 (en) 2020-09-10
JP7418093B2 (ja) 2024-01-19
KR20210118130A (ko) 2021-09-29
JP2022522643A (ja) 2022-04-20
AU2020235010A1 (en) 2021-06-17
AU2020235010B2 (en) 2022-12-01
HUE071272T2 (hu) 2025-08-28
IL285225B1 (en) 2023-11-01
US10970100B2 (en) 2021-04-06
MX2021010584A (es) 2022-03-31

Similar Documents

Publication Publication Date Title
EP3935498B1 (en) Starting a secure guest using an initial program load mechanism
US11403409B2 (en) Program interruptions for page importing/exporting
EP3935510B1 (en) Secure interface control secure storage hardware tagging
US11455398B2 (en) Testing storage protection hardware in a secure virtual machine environment
US10956188B2 (en) Transparent interpretation of guest instructions in secure virtual machine environment
US20200285500A1 (en) Dispatch of a secure virtual machine
EP3935532B1 (en) Secure interface control high-level instruction interception for interruption enablement
JP7465046B2 (ja) 割り込み及び例外をセキュア仮想マシンにインジェクトする
AU2020238889A1 (en) Secure storage isolation
CA3132760C (en) Inject interrupts and exceptions into secure virtual machine
HK40057635A (en) Starting a secure guest using an initial program load mechanism
HK40057635B (zh) 使用初始程序加载机制启动安全客户机

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20240201

R00 Party data change recorded

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R00-R116 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPOINTMENT OF AGENT REQUEST

Effective date: 20241231

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20241231

D15 Examination report completed

Free format text: ST27 STATUS EVENT CODE: A-2-2-D10-D15-D126 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: EXAMINER'S REPORT

Effective date: 20250326

R17 Change to representative recorded

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R17-R117 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPOINTMENT OF AGENT REQUIREMENTS DETERMINED COMPLIANT

Effective date: 20250408

R00 Party data change recorded

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R00-R116 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPOINTMENT OF AGENT REQUEST

Effective date: 20250425

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R00-R119 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: REVOCATION OF AGENT REQUEST

Effective date: 20250425

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20250430

MFA Maintenance fee for application paid

Free format text: FEE DESCRIPTION TEXT: MF (APPLICATION, 5TH ANNIV.) - STANDARD

Year of fee payment: 5

U00 Fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U00-U101 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE REQUEST RECEIVED

Effective date: 20250516

U11 Full renewal or maintenance fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U11-U102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE FEE PAYMENT PAID IN FULL

Effective date: 20250516

R17 Change to representative recorded

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R17-R121 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: REVOCATION OF AGENT REQUIREMENTS DETERMINED COMPLIANT

Effective date: 20250526

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R17-R117 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPOINTMENT OF AGENT REQUIREMENTS DETERMINED COMPLIANT

Effective date: 20250526

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: LETTER SENT

Effective date: 20250526

R00 Party data change recorded

Free format text: ST27 STATUS EVENT CODE: A-2-2-R10-R00-R116 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPOINTMENT OF AGENT REQUEST

Effective date: 20250708

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20250708

P11 Amendment of application requested

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P11-P100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: AMENDMENT RECEIVED - RESPONSE TO EXAMINER'S REQUISITION

Effective date: 20250723

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20250805

P11 Amendment of application requested

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P11-P102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: AMENDMENT DETERMINED COMPLIANT

Effective date: 20250825

P13 Application amended

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P13-X000 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPLICATION AMENDED

Effective date: 20250825

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: LETTER SENT

Effective date: 20251030

MFA Maintenance fee for application paid

Free format text: FEE DESCRIPTION TEXT: MF (APPLICATION, 6TH ANNIV.) - STANDARD

Year of fee payment: 6

U00 Fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U00-U101 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE REQUEST RECEIVED

Effective date: 20251127

U11 Full renewal or maintenance fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U11-U102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE FEE PAYMENT PAID IN FULL

Effective date: 20251127

D22 Grant of ip right intended

Free format text: ST27 STATUS EVENT CODE: A-2-2-D10-D22-D128 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: ALLOWANCE REQUIREMENTS DETERMINED COMPLIANT

Effective date: 20260415

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: LETTER SENT

Effective date: 20260416