JPWO2021006973A5 - - Google Patents
Download PDFInfo
- Publication number
- JPWO2021006973A5 JPWO2021006973A5 JP2021572526A JP2021572526A JPWO2021006973A5 JP WO2021006973 A5 JPWO2021006973 A5 JP WO2021006973A5 JP 2021572526 A JP2021572526 A JP 2021572526A JP 2021572526 A JP2021572526 A JP 2021572526A JP WO2021006973 A5 JPWO2021006973 A5 JP WO2021006973A5
- Authority
- JP
- Japan
- Prior art keywords
- memory address
- new container
- memory
- security
- security component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Claims (13)
1つ又は複数のプロセッサと、one or more processors;
コンテナベースのメモリエンクレーブを作成するための方法を実装するために前記計算システムを構成するように、前記1つ又は複数のプロセッサによって実行可能なコンピュータ実行可能命令を記憶している1つ又は複数のコンピュータ可読記憶媒体と、を備え、one or more storing computer-executable instructions executable by said one or more processors to configure said computing system to implement a method for creating a container-based memory enclave; a computer readable storage medium;
前記方法は、The method includes
第1のセキュリティ領域上で実行されるホストシステムによって使用される特定のセキュリティ構成を認証するために使用されるセキュリティコンポーネントを有するコンテナイメージを識別することと、identifying a container image having a security component used to authenticate a particular security configuration used by a host system running on the first security realm;
前記コンテナイメージを使用して新規コンテナをインスタンス化することであって、前記新規コンテナは、前記前記新規コンテナがインスタンス化されたときに、前記ホストシステムの前記特定のメモリアドレスで前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーに基づいて、前記ホストシステムの第2のセキュリティ領域内のエンクレーブメモリを利用するように構成され、前記コンテナイメージは、前記新規コンテナのリンクと称されるものを、前記ホストシステムの前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーのメモリアドレスと称されるものに提供する、ことと、instantiating a new container using the container image, the new container being stored in the enclave memory at the particular memory address of the host system when the new container is instantiated; configured to utilize an enclave memory in a second security realm of the host system based on the copy of the security component that has been created, the container image is referred to as linking the new container to: providing what is referred to as a memory address of a copy of the security component stored in the enclave memory of the host system;
前記ホストシステムの前記特定のメモリアドレスで前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントの前記特定のメモリアドレスへの前記新規コンテナのリンクを認証するために、前記メモリアドレスと称されるものへの前記新規コンテナのリンクと称されるものが修正されるように、前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーのメモリアドレスと称されるものへの前記新規コンテナのリンクと称されるものを、前記ホストシステムの前記特定のメモリアドレスで記憶されている前記セキュリティコンポーネントの特定のメモリアドレスに、前記新規コンテナのインスタンス化の間に又はその後で、修正することと、to what is referred to as the memory address in order to authenticate the linking of the new container to the specific memory address of the security component stored in the enclave memory at the specific memory address of the host system. a purported link of the new container to a purported memory address of a copy of the security component stored in the enclave memory so that the purported link of the new container is modified; to a specific memory address of the security component stored at the specific memory address of the host system, during or after instantiation of the new container;
を含む、計算システム。calculation system, including
第1のセキュリティ領域上で実行されるホストシステムによって使用される特定のセキュリティ構成を認証するために使用されるセキュリティコンポーネントを有するコンテナイメージを識別することと、identifying a container image having a security component used to authenticate a particular security configuration used by a host system running on the first security realm;
前記コンテナイメージを使用して新規コンテナをインスタンス化することであって、前記新規コンテナは、前記前記新規コンテナがインスタンス化されたときに、前記ホストシステムの前記特定のメモリアドレスで前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーに基づいて、前記ホストシステムの第2のセキュリティ領域内のエンクレーブメモリを利用するように構成され、前記コンテナイメージは、前記新規コンテナのリンクと称されるものを、前記ホストシステムの前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーのメモリアドレスと称されるものに提供する、ことと、instantiating a new container using the container image, the new container being stored in the enclave memory at the particular memory address of the host system when the new container is instantiated; configured to utilize an enclave memory in a second security realm of the host system based on the copy of the security component that has been created, the container image is referred to as linking the new container to: providing what is referred to as a memory address of a copy of the security component stored in the enclave memory of the host system;
前記ホストシステムの前記特定のメモリアドレスで前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントの前記特定のメモリアドレスへの前記新規コンテナのリンクを認証するために、前記メモリアドレスと称されるものへの前記新規コンテナのリンクと称されるものが修正されるように、前記エンクレーブメモリに記憶されている前記セキュリティコンポーネントのコピーのメモリアドレスと称されるものへの前記新規コンテナのリンクと称されるものを、前記ホストシステムの前記特定のメモリアドレスで記憶されている前記セキュリティコンポーネントの特定のメモリアドレスに、前記新規コンテナのインスタンス化の間に又はその後で、修正することと、to what is referred to as the memory address in order to authenticate the linking of the new container to the specific memory address of the security component stored in the enclave memory at the specific memory address of the host system. a purported link of the new container to a purported memory address of a copy of the security component stored in the enclave memory so that the purported link of the new container is modified; to a specific memory address of the security component stored at the specific memory address of the host system, during or after instantiation of the new container;
を含む方法。method including.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201962872233P | 2019-07-09 | 2019-07-09 | |
| US62/872,233 | 2019-07-09 | ||
| US16/565,271 US11256785B2 (en) | 2019-07-09 | 2019-09-09 | Using secure memory enclaves from the context of process containers |
| US16/565,271 | 2019-09-09 | ||
| PCT/US2020/036575 WO2021006973A1 (en) | 2019-07-09 | 2020-06-08 | Using secure memory enclaves from the context of process containers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JP2022539969A JP2022539969A (en) | 2022-09-14 |
| JPWO2021006973A5 true JPWO2021006973A5 (en) | 2023-05-19 |
Family
ID=74101941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2021572526A Pending JP2022539969A (en) | 2019-07-09 | 2020-06-08 | Using secure memory enclaves from the context of the process container |
Country Status (12)
| Country | Link |
|---|---|
| US (2) | US11256785B2 (en) |
| EP (1) | EP3997600B1 (en) |
| JP (1) | JP2022539969A (en) |
| KR (1) | KR20220027874A (en) |
| CN (1) | CN114080592A (en) |
| AU (1) | AU2020311836A1 (en) |
| BR (1) | BR112021024204A2 (en) |
| CA (1) | CA3143459A1 (en) |
| IL (1) | IL289614B1 (en) |
| MX (1) | MX2022000359A (en) |
| WO (1) | WO2021006973A1 (en) |
| ZA (1) | ZA202109971B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12010227B1 (en) | 2019-09-30 | 2024-06-11 | Amazon Technologies, Inc. | System and methods for securing role credentials |
| US11363012B1 (en) * | 2019-09-30 | 2022-06-14 | Amazon Technologies, Inc. | System and methods for using role credentials associated with a VM instance |
| US11481497B2 (en) * | 2020-09-11 | 2022-10-25 | Dell Products L.P. | Systems and methods for hardware attestation in an information handling system |
| US11695549B2 (en) * | 2021-07-08 | 2023-07-04 | Nec Corporation | Multi-device remote attestation |
| US20230044731A1 (en) * | 2021-08-05 | 2023-02-09 | International Business Machines Corporation | Attestation of a secure guest |
| US20230068880A1 (en) * | 2021-08-27 | 2023-03-02 | EMC IP Holding Company LLC | Function-based service framework with trusted execution platform |
| US11954219B1 (en) * | 2021-11-15 | 2024-04-09 | Amdocs Development Limited | System, method, and computer program for universal security of container images |
| US20220109581A1 (en) * | 2021-12-15 | 2022-04-07 | Intel Corporation | Distributed attestation in heterogenous computing clusters |
| US20230267196A1 (en) * | 2022-02-22 | 2023-08-24 | Mellanox Technologies, Ltd. | Confidential Computing with Device Memory Isolation |
| US11949583B2 (en) | 2022-04-28 | 2024-04-02 | Hewlett Packard Enterprise Development Lp | Enforcing reference operating state compliance for cloud computing-based compute appliances |
Family Cites Families (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6305009B1 (en) * | 1997-12-05 | 2001-10-16 | Robert M. Goor | Compiler design using object technology with cross platform capability |
| US7194446B1 (en) * | 2003-09-25 | 2007-03-20 | Rockwell Automation Technologies, Inc. | Location-based execution of software/HMI |
| US20080022265A1 (en) * | 2006-06-30 | 2008-01-24 | Morris Robert P | Methods, systems, and computer program products for generating and using object modules |
| US8489811B1 (en) * | 2006-12-29 | 2013-07-16 | Netapp, Inc. | System and method for addressing data containers using data set identifiers |
| US20160085695A1 (en) * | 2014-09-24 | 2016-03-24 | Intel Corporation | Memory initialization in a protected region |
| US20160350534A1 (en) * | 2015-05-29 | 2016-12-01 | Intel Corporation | System, apparatus and method for controlling multiple trusted execution environments in a system |
| US10216529B1 (en) * | 2015-11-19 | 2019-02-26 | Virtuozzo International Gmbh | Method and system for sharing driver pages |
| US10354095B2 (en) * | 2016-03-31 | 2019-07-16 | Intel Corporation | Methods and apparatus to initialize enclaves on target processors |
| US10135859B2 (en) * | 2016-05-03 | 2018-11-20 | Cisco Technology, Inc. | Automated security enclave generation |
| US10986496B2 (en) * | 2016-08-01 | 2021-04-20 | Georgia Tech Research Corporation | Methods and systems for providing secure mobile edge computing ecosystems |
| US10911451B2 (en) * | 2017-01-24 | 2021-02-02 | Microsoft Technology Licensing, Llc | Cross-platform enclave data sealing |
| US11443033B2 (en) * | 2017-01-24 | 2022-09-13 | Microsoft Technology Licensing, Llc | Abstract enclave identity |
| US10372945B2 (en) | 2017-01-24 | 2019-08-06 | Microsoft Technology Licensing, Llc | Cross-platform enclave identity |
| US10885189B2 (en) | 2017-05-22 | 2021-01-05 | Microsoft Technology Licensing, Llc | Isolated container event monitoring |
| EP3698253A4 (en) * | 2017-10-17 | 2021-08-04 | Argus Cyber Security Ltd | System and method for managing program memory on a storage device |
| US11010403B2 (en) * | 2018-04-24 | 2021-05-18 | Microsoft Technology Licensing, Llc | Relational distributed ledger for smart contracts |
| US10713181B1 (en) * | 2019-02-21 | 2020-07-14 | Virtuozzo International Gmbh | Method and system for sharing driver pages |
| CN111199048B (en) * | 2020-01-02 | 2023-07-25 | 航天信息股份有限公司 | Big data hierarchical desensitization method and system based on container with life cycle |
| CN111857973A (en) * | 2020-07-30 | 2020-10-30 | 江苏方天电力技术有限公司 | Application resource access method and device |
-
2019
- 2019-09-09 US US16/565,271 patent/US11256785B2/en active Active
-
2020
- 2020-06-08 CN CN202080049909.XA patent/CN114080592A/en active Pending
- 2020-06-08 AU AU2020311836A patent/AU2020311836A1/en active Pending
- 2020-06-08 MX MX2022000359A patent/MX2022000359A/en unknown
- 2020-06-08 EP EP20750460.6A patent/EP3997600B1/en active Active
- 2020-06-08 KR KR1020217042911A patent/KR20220027874A/en active Search and Examination
- 2020-06-08 WO PCT/US2020/036575 patent/WO2021006973A1/en unknown
- 2020-06-08 JP JP2021572526A patent/JP2022539969A/en active Pending
- 2020-06-08 BR BR112021024204A patent/BR112021024204A2/en unknown
- 2020-06-08 CA CA3143459A patent/CA3143459A1/en active Pending
- 2020-06-08 IL IL289614A patent/IL289614B1/en unknown
-
2021
- 2021-12-03 ZA ZA2021/09971A patent/ZA202109971B/en unknown
-
2022
- 2022-01-20 US US17/580,335 patent/US11762964B2/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10203975B2 (en) | Virtual machine template management | |
| US11356268B2 (en) | Digital composition hashing | |
| US11895223B2 (en) | Cross-chain validation | |
| US9705855B2 (en) | Secure data destruction in a distributed environment using key protection mechanisms | |
| JP6853364B2 (en) | Systems and methods for implementing blockchain-based digital certificates | |
| US10511598B2 (en) | Technologies for dynamic loading of integrity protected modules into secure enclaves | |
| US9851918B2 (en) | Copy-on-write by origin host in virtual machine live migration | |
| JP6965352B2 (en) | Systems and methods for generating digital marks | |
| US10592873B2 (en) | Edit transactions for blockchains | |
| US20170272417A1 (en) | Preventing persistent storage of cryptographic information using signaling | |
| CN103324481B (en) | By Compilation Method and the system of implementation by assembly Code obfuscation | |
| US9990237B2 (en) | Lockless write tracking | |
| CN104715209B (en) | A kind of outgoing document encryption protecting method | |
| JPWO2021006973A5 (en) | ||
| JP5466645B2 (en) | Storage device, information processing device, and program | |
| US20110029972A1 (en) | Systems and methods for providing a file system view of a storage environment | |
| US11720607B2 (en) | System for lightweight objects | |
| US10223538B1 (en) | Preventing persistent storage of cryptographic information | |
| WO2021031640A1 (en) | Data read-write method, computer device and computer-readable storage medium | |
| US10628147B2 (en) | Detach virtual machine from virtual machine template | |
| US9009731B2 (en) | Conversion of lightweight object to a heavyweight object | |
| US11593020B2 (en) | Consistent entity tags with multiple protocol data access | |
| TWI682296B (en) | Image file packaging method and image file packaging system | |
| US20240095188A1 (en) | Memory deduplication for encrypted virtual machines | |
| US7987470B1 (en) | Converting heavyweight objects to lightwight objects |