JPWO2021086737A5 - - Google Patents
Download PDFInfo
- Publication number
- JPWO2021086737A5 JPWO2021086737A5 JP2022520807A JP2022520807A JPWO2021086737A5 JP WO2021086737 A5 JPWO2021086737 A5 JP WO2021086737A5 JP 2022520807 A JP2022520807 A JP 2022520807A JP 2022520807 A JP2022520807 A JP 2022520807A JP WO2021086737 A5 JPWO2021086737 A5 JP WO2021086737A5
- Authority
- JP
- Japan
- Prior art keywords
- computing environment
- environment
- verifying
- computing
- attestation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Claims (18)
前記第1の計算環境と異なる第2の計算環境から前記アプリケーションプログラムに対応するアプリケーションポリシデータを得ることであって、前記アプリケーションポリシデータは前記第1の計算環境がコンテナ仮想計算環境である場合にバイバスされるべき第1の事前条件を規定する、ことと、
前記第1の計算環境の暗号化インフラを検査すること、
前記第1の計算環境のコード整合性インフラを検査すること、又は
前記第1の計算環境内のハイパーバイザ機能を検査すること
のうちの少なくとも1つを含む環境タイプ検証を行うことと、
前記第1の計算環境がコンテナ仮想計算環境ではないと前記行われる環境タイプ検証が判定する場合に前記第1の事前条件に基づいて前記アプリケーションプログラムの前記実行を制限することと
を含む、方法。 A method for enforcing policy restrictions on execution of an application program within a first computing environment, the method comprising:
obtaining application policy data corresponding to the application program from a second computing environment different from the first computing environment, wherein the application policy data is obtained when the first computing environment is a container virtual computing environment; defining a first precondition to be bypassed;
inspecting a cryptographic infrastructure of the first computing environment;
performing environment type verification comprising at least one of: testing code integrity infrastructure of the first computing environment; or testing hypervisor functionality within the first computing environment;
limiting the execution of the application program based on the first precondition if the performed environment type verification determines that the first computing environment is not a container virtual computing environment.
コンピュータ実行可能命令を含む1つ又は複数のコンピュータ可読記憶媒体とを備える計算装置であって、前記コンピュータ実行可能命令は、前記処理装置の少なくとも一部によって実行されるとき、前記計算装置に、one or more computer-readable storage media containing computer-executable instructions, the computer-executable instructions, when executed by at least a portion of the processing device, causing the computing device to:
第1の計算環境と異なる第2の計算環境からアプリケーションプログラムに対応するアプリケーションポリシデータを得ることであって、前記アプリケーションポリシデータは前記第1の計算環境がコンテナ仮想計算環境である場合にバイバスされるべき第1の事前条件を規定する、ことと、obtaining application policy data corresponding to an application program from a second computing environment different from a first computing environment, wherein the application policy data is bypassed when the first computing environment is a container virtual computing environment; specifying a first pre-condition to be performed;
前記第1の計算環境の暗号化インフラを検査すること、inspecting a cryptographic infrastructure of the first computing environment;
前記第1の計算環境のコード整合性インフラを検査すること、又はinspecting a code integrity infrastructure of the first computing environment; or
前記第1の計算環境内のハイパーバイザ機能を検査することtesting hypervisor functionality within the first computing environment;
のうちの少なくとも1つを含む環境タイプ検証を行うことと、performing an environment type validation that includes at least one of the following;
前記第1の計算環境がコンテナ仮想計算環境ではないと前記行われる環境タイプ検証が判定する場合に前記第1の事前条件に基づいて前記アプリケーションプログラムの前記実行を制限することとrestricting the execution of the application program based on the first precondition if the performed environment type verification determines that the first computing environment is not a container virtual computing environment;
を行わせる、計算装置。A computing device that performs
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/672,429 | 2019-11-01 | ||
US16/672,429 US11354402B2 (en) | 2019-11-01 | 2019-11-01 | Virtual environment type validation for policy enforcement |
PCT/US2020/056955 WO2021086737A1 (en) | 2019-11-01 | 2020-10-23 | Virtual environment type validation for policy enforcement |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2023500433A JP2023500433A (en) | 2023-01-06 |
JPWO2021086737A5 true JPWO2021086737A5 (en) | 2023-09-20 |
Family
ID=73449210
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2022520807A Pending JP2023500433A (en) | 2019-11-01 | 2020-10-23 | Virtual environment type validation for policy enforcement |
Country Status (11)
Country | Link |
---|---|
US (2) | US11354402B2 (en) |
EP (2) | EP4052155B1 (en) |
JP (1) | JP2023500433A (en) |
KR (1) | KR20220090537A (en) |
CN (1) | CN114651253A (en) |
AU (1) | AU2020372995A1 (en) |
CA (1) | CA3157071A1 (en) |
IL (1) | IL292470A (en) |
MX (1) | MX2022005046A (en) |
WO (1) | WO2021086737A1 (en) |
ZA (1) | ZA202203870B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220413883A1 (en) * | 2021-06-25 | 2022-12-29 | Microsoft Technology Licensing, Llc | Secure computing mechanism |
US20230131132A1 (en) * | 2021-10-21 | 2023-04-27 | Nokia Solutions And Networks Oy | Securing containerized applications |
EP4250149A1 (en) * | 2022-03-21 | 2023-09-27 | Siemens Aktiengesellschaft | Dynamic integrity monitoring of a container runtime environment executed on a host computer |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7181017B1 (en) * | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US20070174429A1 (en) * | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
US8205241B2 (en) * | 2008-01-30 | 2012-06-19 | Microsoft Corporation | Detection of hardware-based virtual machine environment |
US20130144725A1 (en) * | 2011-12-02 | 2013-06-06 | General Instrument Corporation | Presenting content to a user in accordance with an agreed upon content-presentation policy |
US9058198B2 (en) * | 2012-02-29 | 2015-06-16 | Red Hat Inc. | System resource sharing in a multi-tenant platform-as-a-service environment in a cloud computing system |
US9195294B2 (en) * | 2012-11-13 | 2015-11-24 | International Business Machines Corporation | Cooperatively managing enforcement of energy related policies between virtual machine and application runtime |
US8763159B1 (en) * | 2012-12-05 | 2014-06-24 | Parallels IP Holdings GmbH | System and method for application license management in virtual environments |
US9276963B2 (en) * | 2012-12-28 | 2016-03-01 | Intel Corporation | Policy-based secure containers for multiple enterprise applications |
US9519513B2 (en) * | 2013-12-03 | 2016-12-13 | Vmware, Inc. | Methods and apparatus to automatically configure monitoring of a virtual machine |
US9652631B2 (en) * | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US20160026788A1 (en) * | 2014-07-28 | 2016-01-28 | Iboss, Inc. | Selectively introducing security issues in a sandbox environment to elicit malicious application behavior |
US20170364685A1 (en) * | 2014-11-20 | 2017-12-21 | Interdigital Patent Holdings. Inc. | Providing security to computing systems |
US9794292B2 (en) * | 2015-10-26 | 2017-10-17 | Amazon Technologies, Inc. | Providing fine-grained access remote command execution for virtual machine instances in a distributed computing environment |
US10127030B1 (en) * | 2016-03-04 | 2018-11-13 | Quest Software Inc. | Systems and methods for controlled container execution |
US10333985B2 (en) * | 2017-01-09 | 2019-06-25 | Microsoft Technology Licensing, Llc | Distribution and management of services in virtual environments |
US10587411B2 (en) * | 2017-04-11 | 2020-03-10 | International Business Machines Corporation | Zero-knowledge verifiably attestable transaction containers using secure processors |
US11394691B2 (en) * | 2018-06-05 | 2022-07-19 | Acreto Cloud Corporation | Ecosystem per distributed element security through virtual isolation networks |
US11106789B2 (en) * | 2019-03-05 | 2021-08-31 | Microsoft Technology Licensing, Llc | Dynamic cybersecurity detection of sequence anomalies |
-
2019
- 2019-11-01 US US16/672,429 patent/US11354402B2/en active Active
-
2020
- 2020-10-23 CA CA3157071A patent/CA3157071A1/en active Pending
- 2020-10-23 AU AU2020372995A patent/AU2020372995A1/en active Pending
- 2020-10-23 CN CN202080077068.3A patent/CN114651253A/en active Pending
- 2020-10-23 MX MX2022005046A patent/MX2022005046A/en unknown
- 2020-10-23 EP EP20807594.5A patent/EP4052155B1/en active Active
- 2020-10-23 KR KR1020227016767A patent/KR20220090537A/en unknown
- 2020-10-23 EP EP23201808.5A patent/EP4283498A3/en active Pending
- 2020-10-23 JP JP2022520807A patent/JP2023500433A/en active Pending
- 2020-10-23 WO PCT/US2020/056955 patent/WO2021086737A1/en unknown
- 2020-10-23 IL IL292470A patent/IL292470A/en unknown
-
2022
- 2022-04-05 ZA ZA2022/03870A patent/ZA202203870B/en unknown
- 2022-05-11 US US17/662,869 patent/US11966461B2/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200272739A1 (en) | Performing an action based on a pre-boot measurement of a firmware image | |
De Benedictis et al. | Integrity verification of Docker containers for a lightweight cloud environment | |
US10754952B2 (en) | Host software metadata verification during remote attestation | |
US9946881B2 (en) | Global platform health management | |
US9509720B2 (en) | Techniques for improved run time trustworthiness | |
US9264220B2 (en) | Secure virtual machine provisioning | |
US8909928B2 (en) | Securing customer virtual machines in a multi-tenant cloud | |
US8417962B2 (en) | Device booting with an initial protection component | |
US8161012B1 (en) | File integrity verification using a verified, image-based file system | |
Aslam et al. | Security and trust preserving VM migrations in public clouds | |
US9405912B2 (en) | Hardware rooted attestation | |
US20060212939A1 (en) | Virtualization of software configuration registers of the TPM cryptographic processor | |
US20130031371A1 (en) | Software Run-Time Provenance | |
US9270467B1 (en) | Systems and methods for trust propagation of signed files across devices | |
EP3859579B1 (en) | Trusted computing method, and server | |
CN110069316B (en) | Integrity verification of entities | |
US10853494B2 (en) | Binding a trusted virtual machine to a trusted host computer | |
CN108345805B (en) | Method and device for verifying firmware | |
US20200110879A1 (en) | Trusted computing attestation of system validation state | |
US9122864B2 (en) | Method and apparatus for transitive program verification | |
Kai et al. | The secure boot of embedded system based on mobile trusted module | |
Berbecaru et al. | Counteracting software integrity attacks on IoT devices with remote attestation: a prototype | |
CN101908115A (en) | Method for realizing software trusted execution based on trusted platform module | |
JPWO2021086737A5 (en) | ||
EP4360256A1 (en) | Secure computing mechanism |