CN109844748B - 托管在虚拟安全环境中的安全服务的计算系统及方法 - Google Patents

托管在虚拟安全环境中的安全服务的计算系统及方法 Download PDF

Info

Publication number
CN109844748B
CN109844748B CN201780064096.XA CN201780064096A CN109844748B CN 109844748 B CN109844748 B CN 109844748B CN 201780064096 A CN201780064096 A CN 201780064096A CN 109844748 B CN109844748 B CN 109844748B
Authority
CN
China
Prior art keywords
role
image
execution environment
key
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201780064096.XA
Other languages
English (en)
Chinese (zh)
Other versions
CN109844748A (zh
Inventor
M·E·皮尔逊
T·阿卡
R·弗玛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Priority to CN202211630546.6A priority Critical patent/CN115795511A/zh
Publication of CN109844748A publication Critical patent/CN109844748A/zh
Application granted granted Critical
Publication of CN109844748B publication Critical patent/CN109844748B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN201780064096.XA 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法 Active CN109844748B (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211630546.6A CN115795511A (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/333,573 US10310885B2 (en) 2016-10-25 2016-10-25 Secure service hosted in a virtual security environment
US15/333,573 2016-10-25
PCT/US2017/056703 WO2018080814A1 (en) 2016-10-25 2017-10-16 Secure service hosted in a virtual security environment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202211630546.6A Division CN115795511A (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务

Publications (2)

Publication Number Publication Date
CN109844748A CN109844748A (zh) 2019-06-04
CN109844748B true CN109844748B (zh) 2023-01-06

Family

ID=60191522

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201780064096.XA Active CN109844748B (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法
CN202211630546.6A Pending CN115795511A (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202211630546.6A Pending CN115795511A (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务

Country Status (6)

Country Link
US (2) US10310885B2 (enExample)
EP (2) EP3532975B1 (enExample)
JP (1) JP6985385B2 (enExample)
KR (1) KR102435719B1 (enExample)
CN (2) CN109844748B (enExample)
WO (1) WO2018080814A1 (enExample)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11214789B2 (en) 2016-05-03 2022-01-04 Flodesign Sonics, Inc. Concentration and washing of particles with acoustics
US11475147B2 (en) * 2018-02-20 2022-10-18 International Business Machines Corporation Implementing policy-based container-level encryption
US11354402B2 (en) 2019-11-01 2022-06-07 Microsoft Technology Licensing, Llc Virtual environment type validation for policy enforcement
US11599375B2 (en) * 2020-02-03 2023-03-07 EMC IP Holding Company LLC System and method virtual appliance creation
US11799670B2 (en) * 2020-12-11 2023-10-24 Vmware, Inc. Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation
CN112817697B (zh) * 2021-02-09 2025-03-07 中国银联股份有限公司 面向可信执行环境的虚拟化系统、方法和设备调用方法
CN115146276A (zh) * 2021-03-31 2022-10-04 华为云计算技术有限公司 一种云服务系统以及基于云服务的数据处理方法
US11900089B2 (en) * 2021-05-04 2024-02-13 Red Hat, Inc. Automatically configuring and deploying a software operator in a distributed computing environment from a package
CN114564374B (zh) * 2022-02-21 2024-11-22 北京百度网讯科技有限公司 算子性能评估方法、装置、电子设备及存储介质
CN116680687B (zh) * 2023-06-09 2024-10-15 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175945A (ja) * 2008-01-23 2009-08-06 Nec Corp サービス評価装置、方法及びプログラム
CN102208000A (zh) * 2010-03-31 2011-10-05 伊姆西公司 为虚拟机镜像提供安全机制的方法和系统
CN104486307A (zh) * 2014-12-03 2015-04-01 中国电子科技集团公司第三十研究所 一种基于同态加密的分权密钥管理方法
CN104756127A (zh) * 2012-10-12 2015-07-01 皇家飞利浦有限公司 通过虚拟机进行安全数据处理
CN104982005A (zh) * 2013-01-22 2015-10-14 亚马逊技术有限公司 虚拟化环境中的特权加密服务
CN105493099A (zh) * 2013-07-01 2016-04-13 亚马逊技术有限公司 用于托管虚拟机的加密证实资源

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260224B1 (en) * 2003-06-30 2007-08-21 Microsoft Corporation Automated secure key transfer
US7590867B2 (en) 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
JP4698239B2 (ja) * 2005-01-31 2011-06-08 エヌ・ティ・ティ・ソフトウェア株式会社 Webサイトの成りすまし検出方法及びプログラム
US7719711B2 (en) 2006-03-30 2010-05-18 Kabushiki Kaisha Toshiba Image data processing apparatus and method
US8064604B2 (en) * 2006-04-04 2011-11-22 Oracle International Corporation Method and apparatus for facilitating role-based cryptographic key management for a database
US8249257B2 (en) * 2007-09-28 2012-08-21 Intel Corporation Virtual TPM keys rooted in a hardware TPM
WO2009044461A1 (ja) * 2007-10-03 2009-04-09 Fujitsu Limited デバイスアクセス制御プログラム、デバイスアクセス制御方法および情報処理装置
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US8259948B2 (en) 2007-12-29 2012-09-04 Intel Corporation Virtual TPM key migration using hardware keys
US9559842B2 (en) 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US8341427B2 (en) * 2009-02-16 2012-12-25 Microsoft Corporation Trusted cloud computing and services framework
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
KR101270991B1 (ko) * 2009-12-21 2013-06-04 한국전자통신연구원 계층적 역할 기반 접근 제어를 위한 키 트리 구성 및 키 분배 방법
US9081989B2 (en) 2010-03-25 2015-07-14 Virtustream Canada Holdings, Inc. System and method for secure cloud computing
US20120102220A1 (en) * 2010-10-20 2012-04-26 Microsoft Corporation Routing traffic in an online service with high availability
US20120151209A1 (en) 2010-12-09 2012-06-14 Bae Systems National Security Solutions Inc. Multilevel security server framework
US8713628B2 (en) 2011-02-08 2014-04-29 Verizon Patent And Licensing Inc. Method and system for providing cloud based network security services
US8875240B2 (en) 2011-04-18 2014-10-28 Bank Of America Corporation Tenant data center for establishing a virtual machine in a cloud environment
US20130061310A1 (en) 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
CA2889387C (en) 2011-11-22 2020-03-24 Solano Labs, Inc. System of distributed software quality improvement
WO2013101731A1 (en) 2011-12-29 2013-07-04 Imation Corp. Cloud-based hardware security modules
US20120266209A1 (en) * 2012-06-11 2012-10-18 David Jeffrey Gooding Method of Secure Electric Power Grid Operations Using Common Cyber Security Services
US9819661B2 (en) * 2013-09-12 2017-11-14 The Boeing Company Method of authorizing an operation to be performed on a targeted computing device
US10089458B2 (en) 2013-09-26 2018-10-02 Citrix Systems, Inc. Separate, disposable execution environment for accessing unverified content
US9258331B2 (en) 2013-12-27 2016-02-09 Trapezoid, Inc. System and method for hardware-based trust control management
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US9571279B2 (en) * 2014-06-05 2017-02-14 Cavium, Inc. Systems and methods for secured backup of hardware security modules for cloud-based web services
US20160149877A1 (en) 2014-06-05 2016-05-26 Cavium, Inc. Systems and methods for cloud-based web service security management basedon hardware security module
US9246690B1 (en) * 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
CN105224387A (zh) 2015-09-07 2016-01-06 浪潮集团有限公司 一种云计算下虚拟机的安全部署方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175945A (ja) * 2008-01-23 2009-08-06 Nec Corp サービス評価装置、方法及びプログラム
CN102208000A (zh) * 2010-03-31 2011-10-05 伊姆西公司 为虚拟机镜像提供安全机制的方法和系统
CN104756127A (zh) * 2012-10-12 2015-07-01 皇家飞利浦有限公司 通过虚拟机进行安全数据处理
CN104982005A (zh) * 2013-01-22 2015-10-14 亚马逊技术有限公司 虚拟化环境中的特权加密服务
CN105493099A (zh) * 2013-07-01 2016-04-13 亚马逊技术有限公司 用于托管虚拟机的加密证实资源
CN104486307A (zh) * 2014-12-03 2015-04-01 中国电子科技集团公司第三十研究所 一种基于同态加密的分权密钥管理方法

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Analysis of virtual machine creation characteristics on virtualized computing environment;M. Ku, D. Min and E. Choi;《The 7th International Conference on Networked Computing and Advanced Information Management》;20110728;全文 *
密钥安全及其在虚拟化技术下的新发展;祝凯捷等;《密码学报》;20160215(第01期);全文 *
网格服务中虚拟计算环境的可信保证机制;王栋博;《微计算机信息》;20080125(第03期);全文 *

Also Published As

Publication number Publication date
US20180113730A1 (en) 2018-04-26
CN115795511A (zh) 2023-03-14
US10310885B2 (en) 2019-06-04
JP6985385B2 (ja) 2021-12-22
WO2018080814A1 (en) 2018-05-03
KR20190067819A (ko) 2019-06-17
US10871984B2 (en) 2020-12-22
EP3532975A1 (en) 2019-09-04
JP2019533253A (ja) 2019-11-14
EP3532975B1 (en) 2020-07-15
US20190243678A1 (en) 2019-08-08
KR102435719B1 (ko) 2022-08-23
EP3731121A1 (en) 2020-10-28
EP3731121B1 (en) 2023-04-12
CN109844748A (zh) 2019-06-04

Similar Documents

Publication Publication Date Title
CN109844748B (zh) 托管在虚拟安全环境中的安全服务的计算系统及方法
CN111164596B (zh) 用于证实虚拟可信平台模块的系统和方法
US9519498B2 (en) Virtual machine assurances
CN113544674B (zh) 用于安全接口控件的安全执行客户机所有者控制
GB2604982A (en) Provisioning secure/encrypted virtual machines in a cloud infrastructure
KR20240022582A (ko) 보안 게스트 이미지 및 메타데이터 업데이트
JP2024510893A (ja) 複数の暗号システムを用いたハイブリッドセキュリティ証明書の生成
EP4533301B1 (en) Attestation of logic loader code and integrity checking service logic code in a trusted execution environment (tee)
CN115668860A (zh) 识别加密对象的创建者
US12147580B2 (en) Provisioning secure/encrypted virtual machines in a cloud infrastructure
US11809568B2 (en) Hypervisor having local keystore
US11645092B1 (en) Building and deploying an application
US12271478B2 (en) Signed update package including a software update payload and compatibility data
WO2025233160A1 (en) Controlling workload execution on trusted execution environments
CN120151170A (zh) 在微服务之间建立和维持可信通信信道

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant