JP6985385B2 - 仮想セキュリティ環境内でホスティングされるセキュア・サービス - Google Patents

仮想セキュリティ環境内でホスティングされるセキュア・サービス Download PDF

Info

Publication number
JP6985385B2
JP6985385B2 JP2019521371A JP2019521371A JP6985385B2 JP 6985385 B2 JP6985385 B2 JP 6985385B2 JP 2019521371 A JP2019521371 A JP 2019521371A JP 2019521371 A JP2019521371 A JP 2019521371A JP 6985385 B2 JP6985385 B2 JP 6985385B2
Authority
JP
Japan
Prior art keywords
role
image
execution environment
key
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2019521371A
Other languages
English (en)
Japanese (ja)
Other versions
JP2019533253A5 (enExample
JP2019533253A (ja
Inventor
イー. ピアソン,マルコム
アカール,トルガ
ヴェルマ,ラフール
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of JP2019533253A publication Critical patent/JP2019533253A/ja
Publication of JP2019533253A5 publication Critical patent/JP2019533253A5/ja
Application granted granted Critical
Publication of JP6985385B2 publication Critical patent/JP6985385B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
JP2019521371A 2016-10-25 2017-10-16 仮想セキュリティ環境内でホスティングされるセキュア・サービス Active JP6985385B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/333,573 2016-10-25
US15/333,573 US10310885B2 (en) 2016-10-25 2016-10-25 Secure service hosted in a virtual security environment
PCT/US2017/056703 WO2018080814A1 (en) 2016-10-25 2017-10-16 Secure service hosted in a virtual security environment

Publications (3)

Publication Number Publication Date
JP2019533253A JP2019533253A (ja) 2019-11-14
JP2019533253A5 JP2019533253A5 (enExample) 2020-10-22
JP6985385B2 true JP6985385B2 (ja) 2021-12-22

Family

ID=60191522

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2019521371A Active JP6985385B2 (ja) 2016-10-25 2017-10-16 仮想セキュリティ環境内でホスティングされるセキュア・サービス

Country Status (6)

Country Link
US (2) US10310885B2 (enExample)
EP (2) EP3731121B1 (enExample)
JP (1) JP6985385B2 (enExample)
KR (1) KR102435719B1 (enExample)
CN (2) CN115795511A (enExample)
WO (1) WO2018080814A1 (enExample)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11214789B2 (en) 2016-05-03 2022-01-04 Flodesign Sonics, Inc. Concentration and washing of particles with acoustics
US11475147B2 (en) * 2018-02-20 2022-10-18 International Business Machines Corporation Implementing policy-based container-level encryption
US11354402B2 (en) 2019-11-01 2022-06-07 Microsoft Technology Licensing, Llc Virtual environment type validation for policy enforcement
US11599375B2 (en) * 2020-02-03 2023-03-07 EMC IP Holding Company LLC System and method virtual appliance creation
US11799670B2 (en) * 2020-12-11 2023-10-24 Vmware, Inc. Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation
CN112817697B (zh) * 2021-02-09 2025-03-07 中国银联股份有限公司 面向可信执行环境的虚拟化系统、方法和设备调用方法
CN115146276A (zh) * 2021-03-31 2022-10-04 华为云计算技术有限公司 一种云服务系统以及基于云服务的数据处理方法
US11900089B2 (en) * 2021-05-04 2024-02-13 Red Hat, Inc. Automatically configuring and deploying a software operator in a distributed computing environment from a package
CN114564374B (zh) * 2022-02-21 2024-11-22 北京百度网讯科技有限公司 算子性能评估方法、装置、电子设备及存储介质
CN116680687B (zh) * 2023-06-09 2024-10-15 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260224B1 (en) * 2003-06-30 2007-08-21 Microsoft Corporation Automated secure key transfer
US7590867B2 (en) 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
JP4698239B2 (ja) * 2005-01-31 2011-06-08 エヌ・ティ・ティ・ソフトウェア株式会社 Webサイトの成りすまし検出方法及びプログラム
US7719711B2 (en) 2006-03-30 2010-05-18 Kabushiki Kaisha Toshiba Image data processing apparatus and method
US8064604B2 (en) * 2006-04-04 2011-11-22 Oracle International Corporation Method and apparatus for facilitating role-based cryptographic key management for a database
US8249257B2 (en) * 2007-09-28 2012-08-21 Intel Corporation Virtual TPM keys rooted in a hardware TPM
WO2009044461A1 (ja) * 2007-10-03 2009-04-09 Fujitsu Limited デバイスアクセス制御プログラム、デバイスアクセス制御方法および情報処理装置
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US8259948B2 (en) 2007-12-29 2012-09-04 Intel Corporation Virtual TPM key migration using hardware keys
JP5365008B2 (ja) * 2008-01-23 2013-12-11 日本電気株式会社 サービス評価装置、方法及びプログラム
US9559842B2 (en) 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US8341427B2 (en) * 2009-02-16 2012-12-25 Microsoft Corporation Trusted cloud computing and services framework
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
KR101270991B1 (ko) * 2009-12-21 2013-06-04 한국전자통신연구원 계층적 역할 기반 접근 제어를 위한 키 트리 구성 및 키 분배 방법
CN102947795B (zh) * 2010-03-25 2016-06-29 维图斯瑞姆加拿大股份公司 安全云计算的系统和方法
US20110246778A1 (en) * 2010-03-31 2011-10-06 Emc Corporation Providing security mechanisms for virtual machine images
US20120102220A1 (en) * 2010-10-20 2012-04-26 Microsoft Corporation Routing traffic in an online service with high availability
US20120151209A1 (en) 2010-12-09 2012-06-14 Bae Systems National Security Solutions Inc. Multilevel security server framework
US8713628B2 (en) 2011-02-08 2014-04-29 Verizon Patent And Licensing Inc. Method and system for providing cloud based network security services
US8984610B2 (en) 2011-04-18 2015-03-17 Bank Of America Corporation Secure network cloud architecture
US20130061310A1 (en) 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
CA2889387C (en) 2011-11-22 2020-03-24 Solano Labs, Inc. System of distributed software quality improvement
US20130179676A1 (en) 2011-12-29 2013-07-11 Imation Corp. Cloud-based hardware security modules
US20120266209A1 (en) * 2012-06-11 2012-10-18 David Jeffrey Gooding Method of Secure Electric Power Grid Operations Using Common Cyber Security Services
RU2648941C2 (ru) * 2012-10-12 2018-03-28 Конинклейке Филипс Н.В. Безопасная обработка данных виртуальной машиной
US9037854B2 (en) * 2013-01-22 2015-05-19 Amazon Technologies, Inc. Privileged cryptographic services in a virtualized environment
US9367339B2 (en) * 2013-07-01 2016-06-14 Amazon Technologies, Inc. Cryptographically attested resources for hosting virtual machines
US9819661B2 (en) * 2013-09-12 2017-11-14 The Boeing Company Method of authorizing an operation to be performed on a targeted computing device
US10089458B2 (en) 2013-09-26 2018-10-02 Citrix Systems, Inc. Separate, disposable execution environment for accessing unverified content
US9258331B2 (en) 2013-12-27 2016-02-09 Trapezoid, Inc. System and method for hardware-based trust control management
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US9571279B2 (en) * 2014-06-05 2017-02-14 Cavium, Inc. Systems and methods for secured backup of hardware security modules for cloud-based web services
US20160149877A1 (en) 2014-06-05 2016-05-26 Cavium, Inc. Systems and methods for cloud-based web service security management basedon hardware security module
US9246690B1 (en) * 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
CN104486307B (zh) * 2014-12-03 2017-08-15 中国电子科技集团公司第三十研究所 一种基于同态加密的分权密钥管理方法
CN105224387A (zh) 2015-09-07 2016-01-06 浪潮集团有限公司 一种云计算下虚拟机的安全部署方法

Also Published As

Publication number Publication date
WO2018080814A1 (en) 2018-05-03
US10310885B2 (en) 2019-06-04
EP3532975A1 (en) 2019-09-04
US20180113730A1 (en) 2018-04-26
US20190243678A1 (en) 2019-08-08
CN109844748B (zh) 2023-01-06
US10871984B2 (en) 2020-12-22
EP3532975B1 (en) 2020-07-15
KR102435719B1 (ko) 2022-08-23
EP3731121A1 (en) 2020-10-28
JP2019533253A (ja) 2019-11-14
EP3731121B1 (en) 2023-04-12
CN109844748A (zh) 2019-06-04
KR20190067819A (ko) 2019-06-17
CN115795511A (zh) 2023-03-14

Similar Documents

Publication Publication Date Title
JP6985385B2 (ja) 仮想セキュリティ環境内でホスティングされるセキュア・サービス
US9519498B2 (en) Virtual machine assurances
CN110199288A (zh) 交叉平台包围区数据密封
CN110199284A (zh) 交叉平台包围区身份
CN112650985B (zh) 使用隐式数据签名人工智能水印的方法和系统
CN113544674B (zh) 用于安全接口控件的安全执行客户机所有者控制
Zobaed et al. Confidential Computing Across Edge‐To‐Cloud for Machine Learning: A Survey Study
US12437118B2 (en) Provisioning secure/encrypted virtual machines in a cloud infrastructure
JP2022099293A (ja) コンピューテーションを標的トラステッド実行環境(tee)において実行されるように生成するための方法、システム、およびコンピュータ・プログラム(クラウド・インフラストラクチャにおけるセキュアな/暗号化された仮想マシンのプロビジョニング)
CN112650988B (zh) 使用内核加密数据的方法和系统
CN110214321A (zh) 嵌套包围区身份
CN114282208A (zh) 到可信执行环境的安全软件工作负载供应
CN115668860A (zh) 识别加密对象的创建者
US12147580B2 (en) Provisioning secure/encrypted virtual machines in a cloud infrastructure
CN112650990B (zh) 使用查询来签名人工智能水印的方法和系统
US11809568B2 (en) Hypervisor having local keystore
CN112650987B (zh) 使用内核签名人工智能水印的方法和系统
Akram et al. An introduction to the trusted platform module and mobile trusted module
CN112650989B (zh) 使用命令加密数据的方法和系统
CN112650991B (zh) 使用内核签名输出的方法和系统
Arthur et al. TPM Software Stack
WO2025233160A1 (en) Controlling workload execution on trusted execution environments
Gray Implementing TPM Commands in the Copland Remote Attestation Language

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20200910

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20200910

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20210729

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210804

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20211028

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20211102

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20211125

R150 Certificate of patent or registration of utility model

Ref document number: 6985385

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250