JP7110339B2 - セキュア・プロセッサ・ベースのクラウド・コンピューティング環境において情報を保護するための方法、装置、およびコンピュータ・プログラム - Google Patents

セキュア・プロセッサ・ベースのクラウド・コンピューティング環境において情報を保護するための方法、装置、およびコンピュータ・プログラム Download PDF

Info

Publication number
JP7110339B2
JP7110339B2 JP2020522703A JP2020522703A JP7110339B2 JP 7110339 B2 JP7110339 B2 JP 7110339B2 JP 2020522703 A JP2020522703 A JP 2020522703A JP 2020522703 A JP2020522703 A JP 2020522703A JP 7110339 B2 JP7110339 B2 JP 7110339B2
Authority
JP
Japan
Prior art keywords
secure
control plane
functions
network
software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2020522703A
Other languages
English (en)
Japanese (ja)
Other versions
JP2021500669A5 (enExample
JP2021500669A (ja
Inventor
ブラウン、ビクター
リントン、ジェブ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2021500669A publication Critical patent/JP2021500669A/ja
Publication of JP2021500669A5 publication Critical patent/JP2021500669A5/ja
Application granted granted Critical
Publication of JP7110339B2 publication Critical patent/JP7110339B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • H04L41/0897Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/10Flow control between communication endpoints
    • H04W28/12Flow control between communication endpoints using signalling between network elements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5096Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Stored Programmes (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Debugging And Monitoring (AREA)
JP2020522703A 2017-10-25 2018-10-18 セキュア・プロセッサ・ベースのクラウド・コンピューティング環境において情報を保護するための方法、装置、およびコンピュータ・プログラム Active JP7110339B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/793,432 2017-10-25
US15/793,432 US10872145B2 (en) 2017-10-25 2017-10-25 Secure processor-based control plane function virtualization in cloud systems
PCT/EP2018/078626 WO2019081348A1 (en) 2017-10-25 2018-10-18 VIRTUALIZATION OF CONTROL PLANE FUNCTION BASED ON A SECURE PROCESSOR IN CLOUD SYSTEMS

Publications (3)

Publication Number Publication Date
JP2021500669A JP2021500669A (ja) 2021-01-07
JP2021500669A5 JP2021500669A5 (enExample) 2021-02-18
JP7110339B2 true JP7110339B2 (ja) 2022-08-01

Family

ID=63965665

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2020522703A Active JP7110339B2 (ja) 2017-10-25 2018-10-18 セキュア・プロセッサ・ベースのクラウド・コンピューティング環境において情報を保護するための方法、装置、およびコンピュータ・プログラム

Country Status (6)

Country Link
US (1) US10872145B2 (enExample)
JP (1) JP7110339B2 (enExample)
CN (1) CN111164571B (enExample)
DE (1) DE112018004210T5 (enExample)
GB (1) GB2581717A (enExample)
WO (1) WO2019081348A1 (enExample)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11126699B2 (en) * 2018-02-07 2021-09-21 Nec Corporation Replica trusted execution environment: enabling seamless replication of trusted execution environment (TEE)-based enclaves in the cloud
US11016798B2 (en) 2018-06-01 2021-05-25 The Research Foundation for the State University Multi-hypervisor virtual machines that run on multiple co-located hypervisors
US10949238B2 (en) * 2018-12-05 2021-03-16 Vmware, Inc. Decoupling compute and storage resources in cloud-based HCI (hyper-converged infrastructure)
US12039354B2 (en) 2019-06-18 2024-07-16 The Calany Holding S. À R.L. System and method to operate 3D applications through positional virtualization technology
US12033271B2 (en) 2019-06-18 2024-07-09 The Calany Holding S. À R.L. 3D structure engine-based computation platform
US12040993B2 (en) 2019-06-18 2024-07-16 The Calany Holding S. À R.L. Software engine virtualization and dynamic resource and task distribution across edge and cloud
US11044080B2 (en) * 2019-06-24 2021-06-22 International Business Machines Corporation Cryptographic key orchestration between trusted containers in a multi-node cluster
US10917288B2 (en) * 2019-06-25 2021-02-09 Bank Of America Corporation Adaptive edge-shift for enterprise contingency operations
JP7327057B2 (ja) * 2019-09-30 2023-08-16 日本電気株式会社 コンテナ制御装置、コンテナ制御方法、およびコンテナ制御プログラム
US11288018B2 (en) * 2020-03-25 2022-03-29 Verizon Patent And Licensing Inc. Method and system for deploying a virtual distributed unit on a network device
US11822949B2 (en) * 2020-04-02 2023-11-21 Vmware, Inc. Guest cluster deployed as virtual extension of management cluster in a virtualized computing system
US11057274B1 (en) * 2020-04-09 2021-07-06 Verizon Patent And Licensing Inc. Systems and methods for validation of virtualized network functions
KR20210128817A (ko) 2020-04-17 2021-10-27 삼성전자주식회사 소프트웨어 정의 네트워크 시스템에서 통신을 수행하는 방법 및 장치
US11763015B2 (en) * 2020-07-14 2023-09-19 Sympatic, Inc. Securely processing shareable data utilizing a vault proxy
CN113612688B (zh) * 2021-07-14 2023-03-24 曙光信息产业(北京)有限公司 分布式软件定义网络控制系统及其构建方法
CN114035901B (zh) * 2021-11-16 2022-04-15 亿咖通(湖北)技术有限公司 用于运行进程的容器的构建方法、装置和电子设备
CN114244724B (zh) * 2021-11-24 2023-08-29 中盈优创资讯科技有限公司 一种城域网控制平面向容器化演进的方法及装置
US20230259352A1 (en) * 2022-02-11 2023-08-17 Intel Corporation Software updates in a network interface device
US20250112837A1 (en) * 2023-09-29 2025-04-03 Dell Products L.P. Dynamic subscription based management of networks for computing systems
US12468807B1 (en) 2025-04-24 2025-11-11 Wiz, Inc. Techniques for control plane level containment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012003747A (ja) 2010-06-21 2012-01-05 Intel Corp 複数の仮想マシンで共有されるネットワークインターフェースのための方法
JP2015103933A (ja) 2013-11-25 2015-06-04 学校法人東京電機大学 ネットワーク制御システム及び方法
WO2016086991A1 (en) 2014-12-04 2016-06-09 Nokia Solutions And Networks Management International Gmbh Steering of virtualized resources
WO2016181423A1 (en) 2015-05-11 2016-11-17 Nec Corporation Communication apparaus, system, method, and program
US20170054696A1 (en) 2014-09-03 2017-02-23 Amazon Technologies, Inc. Securing service control on third party hardware

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7447872B2 (en) * 2002-05-30 2008-11-04 Cisco Technology, Inc. Inter-chip processor control plane communication
US7224668B1 (en) * 2002-11-27 2007-05-29 Cisco Technology, Inc. Control plane security and traffic flow management
US7606140B2 (en) * 2003-08-28 2009-10-20 Alcatel Lucent Distributed and disjoint forwarding and routing system and method
US7990993B1 (en) * 2008-02-20 2011-08-02 Juniper Networks, Inc. Platform-independent control plane and lower-level derivation of forwarding structures
US8954752B2 (en) 2011-02-23 2015-02-10 International Business Machines Corporation Building and distributing secure object software
US8578175B2 (en) 2011-02-23 2013-11-05 International Business Machines Corporation Secure object having protected region, integrity tree, and unprotected region
US8832465B2 (en) * 2012-09-25 2014-09-09 Apple Inc. Security enclave processor for a system on a chip
US8438631B1 (en) 2013-01-24 2013-05-07 Sideband Networks, Inc. Security enclave device to extend a virtual secure processing environment to a client device
US8448238B1 (en) 2013-01-23 2013-05-21 Sideband Networks, Inc. Network security as a service using virtual secure channels
US9426155B2 (en) * 2013-04-18 2016-08-23 International Business Machines Corporation Extending infrastructure security to services in a cloud computing environment
KR102136039B1 (ko) * 2014-06-30 2020-07-20 알까뗄 루슨트 소프트웨어 정의 네트워크에서의 보안
WO2016026129A1 (en) * 2014-08-22 2016-02-25 Nokia Technologies Oy A security and trust framework for virtualized networks
US9442752B1 (en) * 2014-09-03 2016-09-13 Amazon Technologies, Inc. Virtual secure execution environments
US9684608B2 (en) * 2014-10-28 2017-06-20 Intel Corporation Maintaining a secure processing environment across power cycles
US9578008B2 (en) * 2015-05-11 2017-02-21 Intel Corporation Technologies for secure bootstrapping of virtual network functions
US9742790B2 (en) * 2015-06-16 2017-08-22 Intel Corporation Technologies for secure personalization of a security monitoring virtual network function
US10528721B2 (en) * 2016-10-20 2020-01-07 Intel Corporation Trusted packet processing for multi-domain separatization and security
US10277535B2 (en) * 2017-03-31 2019-04-30 Hewlett Packard Enterprise Development Lp Network switch systems including logical switches

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012003747A (ja) 2010-06-21 2012-01-05 Intel Corp 複数の仮想マシンで共有されるネットワークインターフェースのための方法
JP2015103933A (ja) 2013-11-25 2015-06-04 学校法人東京電機大学 ネットワーク制御システム及び方法
US20170054696A1 (en) 2014-09-03 2017-02-23 Amazon Technologies, Inc. Securing service control on third party hardware
WO2016086991A1 (en) 2014-12-04 2016-06-09 Nokia Solutions And Networks Management International Gmbh Steering of virtualized resources
WO2016181423A1 (en) 2015-05-11 2016-11-17 Nec Corporation Communication apparaus, system, method, and program

Also Published As

Publication number Publication date
WO2019081348A1 (en) 2019-05-02
CN111164571B (zh) 2024-04-19
GB202006882D0 (en) 2020-06-24
US20190121960A1 (en) 2019-04-25
CN111164571A (zh) 2020-05-15
DE112018004210T5 (de) 2020-04-30
GB2581717A (en) 2020-08-26
US10872145B2 (en) 2020-12-22
JP2021500669A (ja) 2021-01-07

Similar Documents

Publication Publication Date Title
JP7110339B2 (ja) セキュア・プロセッサ・ベースのクラウド・コンピューティング環境において情報を保護するための方法、装置、およびコンピュータ・プログラム
Casalicchio et al. The state‐of‐the‐art in container technologies: Application, orchestration and security
US11044236B2 (en) Protecting sensitive information in single sign-on (SSO) to the cloud
US10680946B2 (en) Adding multi-tenant awareness to a network packet processing device on a software defined network (SDN)
US9553850B2 (en) Multi-tenant secure separation of data in a cloud-based application
Srinivasan et al. State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment
Padhy et al. Cloud computing: security issues and research challenges
US9426155B2 (en) Extending infrastructure security to services in a cloud computing environment
AU2014236872B2 (en) Method and system for identity-based authentication of virtual machines
AU2013232273B2 (en) Method and system for utilizing spare cloud resources
Aiash et al. Secure live virtual machines migration: issues and solutions
US11327782B2 (en) Supporting migration of virtual machines containing enclaves
Alouane et al. Virtualization in cloud computing: NoHype vs HyperWall new approach
Yao et al. CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud
Upadhyay et al. Secure live migration of VM's in Cloud Computing: A survey
US12413579B2 (en) Securing connections between a networking and security controller and distributed agents in a container-based cluster
Annapureddy Security challenges in hybrid cloud infrastructures
Vijaya Bharati et al. Data storage security in cloud using a functional encryption algorithm
US20230127956A1 (en) Building and deploying an application
US20230418650A1 (en) System and method for sharing secret with an agent running in a virtual computing instance
Londhe et al. Imperial Analysis of Threats and Vulnerabilities in Cloud Computing.
Cushman et al. Designing Hybrid Cloud Computing Framework Using OpenStack for Supporting Multimedia with Security and Privacy
Yeluri et al. Network security in the cloud
HK1202659B (en) Method and system for utilizing spare cloud resources

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20201224

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20210323

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20211222

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20220111

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220304

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220502

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20220712

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20220720

R150 Certificate of patent or registration of utility model

Ref document number: 7110339

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150