CN115795511A - 托管在虚拟安全环境中的安全服务 - Google Patents

托管在虚拟安全环境中的安全服务 Download PDF

Info

Publication number
CN115795511A
CN115795511A CN202211630546.6A CN202211630546A CN115795511A CN 115795511 A CN115795511 A CN 115795511A CN 202211630546 A CN202211630546 A CN 202211630546A CN 115795511 A CN115795511 A CN 115795511A
Authority
CN
China
Prior art keywords
key
role
image
service
execution environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211630546.6A
Other languages
English (en)
Chinese (zh)
Inventor
M·E·皮尔逊
T·阿卡
R·弗玛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of CN115795511A publication Critical patent/CN115795511A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN202211630546.6A 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务 Pending CN115795511A (zh)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US15/333,573 2016-10-25
US15/333,573 US10310885B2 (en) 2016-10-25 2016-10-25 Secure service hosted in a virtual security environment
CN201780064096.XA CN109844748B (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法
PCT/US2017/056703 WO2018080814A1 (en) 2016-10-25 2017-10-16 Secure service hosted in a virtual security environment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201780064096.XA Division CN109844748B (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法

Publications (1)

Publication Number Publication Date
CN115795511A true CN115795511A (zh) 2023-03-14

Family

ID=60191522

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201780064096.XA Active CN109844748B (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法
CN202211630546.6A Pending CN115795511A (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201780064096.XA Active CN109844748B (zh) 2016-10-25 2017-10-16 托管在虚拟安全环境中的安全服务的计算系统及方法

Country Status (6)

Country Link
US (2) US10310885B2 (enExample)
EP (2) EP3731121B1 (enExample)
JP (1) JP6985385B2 (enExample)
KR (1) KR102435719B1 (enExample)
CN (2) CN109844748B (enExample)
WO (1) WO2018080814A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116680687A (zh) * 2023-06-09 2023-09-01 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11214789B2 (en) 2016-05-03 2022-01-04 Flodesign Sonics, Inc. Concentration and washing of particles with acoustics
US11475147B2 (en) * 2018-02-20 2022-10-18 International Business Machines Corporation Implementing policy-based container-level encryption
US11354402B2 (en) 2019-11-01 2022-06-07 Microsoft Technology Licensing, Llc Virtual environment type validation for policy enforcement
US11599375B2 (en) * 2020-02-03 2023-03-07 EMC IP Holding Company LLC System and method virtual appliance creation
US11799670B2 (en) * 2020-12-11 2023-10-24 Vmware, Inc. Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation
CN112817697B (zh) * 2021-02-09 2025-03-07 中国银联股份有限公司 面向可信执行环境的虚拟化系统、方法和设备调用方法
CN115146276A (zh) * 2021-03-31 2022-10-04 华为云计算技术有限公司 一种云服务系统以及基于云服务的数据处理方法
US11900089B2 (en) * 2021-05-04 2024-02-13 Red Hat, Inc. Automatically configuring and deploying a software operator in a distributed computing environment from a package
CN114564374B (zh) * 2022-02-21 2024-11-22 北京百度网讯科技有限公司 算子性能评估方法、装置、电子设备及存储介质

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260224B1 (en) * 2003-06-30 2007-08-21 Microsoft Corporation Automated secure key transfer
US7590867B2 (en) 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
JP4698239B2 (ja) * 2005-01-31 2011-06-08 エヌ・ティ・ティ・ソフトウェア株式会社 Webサイトの成りすまし検出方法及びプログラム
US7719711B2 (en) 2006-03-30 2010-05-18 Kabushiki Kaisha Toshiba Image data processing apparatus and method
US8064604B2 (en) * 2006-04-04 2011-11-22 Oracle International Corporation Method and apparatus for facilitating role-based cryptographic key management for a database
US8249257B2 (en) * 2007-09-28 2012-08-21 Intel Corporation Virtual TPM keys rooted in a hardware TPM
JP4782871B2 (ja) * 2007-10-03 2011-09-28 富士通株式会社 デバイスアクセス制御プログラム、デバイスアクセス制御方法および情報処理装置
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US8259948B2 (en) 2007-12-29 2012-09-04 Intel Corporation Virtual TPM key migration using hardware keys
JP5365008B2 (ja) * 2008-01-23 2013-12-11 日本電気株式会社 サービス評価装置、方法及びプログラム
US9559842B2 (en) 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US8341427B2 (en) * 2009-02-16 2012-12-25 Microsoft Corporation Trusted cloud computing and services framework
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
KR101270991B1 (ko) * 2009-12-21 2013-06-04 한국전자통신연구원 계층적 역할 기반 접근 제어를 위한 키 트리 구성 및 키 분배 방법
CN102947795B (zh) 2010-03-25 2016-06-29 维图斯瑞姆加拿大股份公司 安全云计算的系统和方法
US20110246778A1 (en) * 2010-03-31 2011-10-06 Emc Corporation Providing security mechanisms for virtual machine images
US20120102220A1 (en) * 2010-10-20 2012-04-26 Microsoft Corporation Routing traffic in an online service with high availability
US20120151209A1 (en) 2010-12-09 2012-06-14 Bae Systems National Security Solutions Inc. Multilevel security server framework
US8713628B2 (en) 2011-02-08 2014-04-29 Verizon Patent And Licensing Inc. Method and system for providing cloud based network security services
US8984610B2 (en) 2011-04-18 2015-03-17 Bank Of America Corporation Secure network cloud architecture
US20130061310A1 (en) 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
WO2013078269A1 (en) 2011-11-22 2013-05-30 Solano Labs, Inc. System of distributed software quality improvement
WO2013101731A1 (en) 2011-12-29 2013-07-04 Imation Corp. Cloud-based hardware security modules
US20120266209A1 (en) * 2012-06-11 2012-10-18 David Jeffrey Gooding Method of Secure Electric Power Grid Operations Using Common Cyber Security Services
RU2648941C2 (ru) * 2012-10-12 2018-03-28 Конинклейке Филипс Н.В. Безопасная обработка данных виртуальной машиной
US9037854B2 (en) * 2013-01-22 2015-05-19 Amazon Technologies, Inc. Privileged cryptographic services in a virtualized environment
US9367339B2 (en) * 2013-07-01 2016-06-14 Amazon Technologies, Inc. Cryptographically attested resources for hosting virtual machines
US9819661B2 (en) * 2013-09-12 2017-11-14 The Boeing Company Method of authorizing an operation to be performed on a targeted computing device
US10089458B2 (en) 2013-09-26 2018-10-02 Citrix Systems, Inc. Separate, disposable execution environment for accessing unverified content
US9258331B2 (en) 2013-12-27 2016-02-09 Trapezoid, Inc. System and method for hardware-based trust control management
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US20160149877A1 (en) 2014-06-05 2016-05-26 Cavium, Inc. Systems and methods for cloud-based web service security management basedon hardware security module
US9571279B2 (en) * 2014-06-05 2017-02-14 Cavium, Inc. Systems and methods for secured backup of hardware security modules for cloud-based web services
US9246690B1 (en) * 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
CN104486307B (zh) * 2014-12-03 2017-08-15 中国电子科技集团公司第三十研究所 一种基于同态加密的分权密钥管理方法
CN105224387A (zh) 2015-09-07 2016-01-06 浪潮集团有限公司 一种云计算下虚拟机的安全部署方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116680687A (zh) * 2023-06-09 2023-09-01 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质
CN116680687B (zh) * 2023-06-09 2024-10-15 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质
WO2024251219A1 (zh) * 2023-06-09 2024-12-12 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质
JP2025529791A (ja) * 2023-06-09 2025-09-09 ベイジン ヴォルケーノ エンジン テクノロジー カンパニー リミテッド データ処理方法、装置、デバイス及び記憶媒体

Also Published As

Publication number Publication date
EP3532975A1 (en) 2019-09-04
JP6985385B2 (ja) 2021-12-22
EP3731121B1 (en) 2023-04-12
US10310885B2 (en) 2019-06-04
JP2019533253A (ja) 2019-11-14
CN109844748A (zh) 2019-06-04
US20180113730A1 (en) 2018-04-26
EP3532975B1 (en) 2020-07-15
WO2018080814A1 (en) 2018-05-03
KR20190067819A (ko) 2019-06-17
EP3731121A1 (en) 2020-10-28
US10871984B2 (en) 2020-12-22
US20190243678A1 (en) 2019-08-08
KR102435719B1 (ko) 2022-08-23
CN109844748B (zh) 2023-01-06

Similar Documents

Publication Publication Date Title
US10871984B2 (en) Secure service hosted in a virtual security environment
US9519498B2 (en) Virtual machine assurances
CN113544674B (zh) 用于安全接口控件的安全执行客户机所有者控制
US11755721B2 (en) Trusted workload execution
JP7606531B2 (ja) モデル保護方法、装置、機器、システム、記憶媒体及びプログラム
JP2024528833A (ja) セキュア・ゲスト・イメージおよびセキュア・ゲスト・メタデータの更新
CN115668860B (zh) 用于识别加密对象的创建者的方法和系统
EP4533301B1 (en) Attestation of logic loader code and integrity checking service logic code in a trusted execution environment (tee)
US11645092B1 (en) Building and deploying an application
US11809568B2 (en) Hypervisor having local keystore
US20240241964A1 (en) Depicting a relative extent of vulnerability associated with a web application deployed on a domain
WO2025233160A1 (en) Controlling workload execution on trusted execution environments
JP2025540639A (ja) 特定のゲストインスタンスのセキュアゲストメタデータの更新
GB2640873A (en) Controlling workload execution on trusted execution environments
CN119698593A (zh) 云上机密的且良好的lambda/函数系统
CN120151170A (zh) 在微服务之间建立和维持可信通信信道
HK40057234A (en) Secure execution guest owner controls for secure interface control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination