KR102435719B1 - 가상 보안 환경에서 호스팅되는 보안 서비스 - Google Patents

가상 보안 환경에서 호스팅되는 보안 서비스 Download PDF

Info

Publication number
KR102435719B1
KR102435719B1 KR1020197011954A KR20197011954A KR102435719B1 KR 102435719 B1 KR102435719 B1 KR 102435719B1 KR 1020197011954 A KR1020197011954 A KR 1020197011954A KR 20197011954 A KR20197011954 A KR 20197011954A KR 102435719 B1 KR102435719 B1 KR 102435719B1
Authority
KR
South Korea
Prior art keywords
role
image
execution environment
key
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020197011954A
Other languages
English (en)
Korean (ko)
Other versions
KR20190067819A (ko
Inventor
말콤 이 피어슨
톨가 아카르
라훌 버마
Original Assignee
마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 filed Critical 마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Publication of KR20190067819A publication Critical patent/KR20190067819A/ko
Application granted granted Critical
Publication of KR102435719B1 publication Critical patent/KR102435719B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
KR1020197011954A 2016-10-25 2017-10-16 가상 보안 환경에서 호스팅되는 보안 서비스 Active KR102435719B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/333,573 2016-10-25
US15/333,573 US10310885B2 (en) 2016-10-25 2016-10-25 Secure service hosted in a virtual security environment
PCT/US2017/056703 WO2018080814A1 (en) 2016-10-25 2017-10-16 Secure service hosted in a virtual security environment

Publications (2)

Publication Number Publication Date
KR20190067819A KR20190067819A (ko) 2019-06-17
KR102435719B1 true KR102435719B1 (ko) 2022-08-23

Family

ID=60191522

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020197011954A Active KR102435719B1 (ko) 2016-10-25 2017-10-16 가상 보안 환경에서 호스팅되는 보안 서비스

Country Status (6)

Country Link
US (2) US10310885B2 (enExample)
EP (2) EP3731121B1 (enExample)
JP (1) JP6985385B2 (enExample)
KR (1) KR102435719B1 (enExample)
CN (2) CN115795511A (enExample)
WO (1) WO2018080814A1 (enExample)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11214789B2 (en) 2016-05-03 2022-01-04 Flodesign Sonics, Inc. Concentration and washing of particles with acoustics
US11475147B2 (en) * 2018-02-20 2022-10-18 International Business Machines Corporation Implementing policy-based container-level encryption
US11354402B2 (en) 2019-11-01 2022-06-07 Microsoft Technology Licensing, Llc Virtual environment type validation for policy enforcement
US11599375B2 (en) * 2020-02-03 2023-03-07 EMC IP Holding Company LLC System and method virtual appliance creation
US11799670B2 (en) * 2020-12-11 2023-10-24 Vmware, Inc. Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation
CN112817697B (zh) * 2021-02-09 2025-03-07 中国银联股份有限公司 面向可信执行环境的虚拟化系统、方法和设备调用方法
CN115146276A (zh) * 2021-03-31 2022-10-04 华为云计算技术有限公司 一种云服务系统以及基于云服务的数据处理方法
US11900089B2 (en) * 2021-05-04 2024-02-13 Red Hat, Inc. Automatically configuring and deploying a software operator in a distributed computing environment from a package
CN114564374B (zh) * 2022-02-21 2024-11-22 北京百度网讯科技有限公司 算子性能评估方法、装置、电子设备及存储介质
CN116680687B (zh) * 2023-06-09 2024-10-15 北京火山引擎科技有限公司 数据处理方法、装置、设备和存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070230706A1 (en) * 2006-04-04 2007-10-04 Paul Youn Method and apparatus for facilitating role-based cryptographic key management for a database
US20130152047A1 (en) * 2011-11-22 2013-06-13 Solano Labs, Inc System for distributed software quality improvement

Family Cites Families (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260224B1 (en) * 2003-06-30 2007-08-21 Microsoft Corporation Automated secure key transfer
US7590867B2 (en) 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
JP4698239B2 (ja) * 2005-01-31 2011-06-08 エヌ・ティ・ティ・ソフトウェア株式会社 Webサイトの成りすまし検出方法及びプログラム
US7719711B2 (en) 2006-03-30 2010-05-18 Kabushiki Kaisha Toshiba Image data processing apparatus and method
US8249257B2 (en) * 2007-09-28 2012-08-21 Intel Corporation Virtual TPM keys rooted in a hardware TPM
WO2009044461A1 (ja) * 2007-10-03 2009-04-09 Fujitsu Limited デバイスアクセス制御プログラム、デバイスアクセス制御方法および情報処理装置
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US8259948B2 (en) 2007-12-29 2012-09-04 Intel Corporation Virtual TPM key migration using hardware keys
JP5365008B2 (ja) * 2008-01-23 2013-12-11 日本電気株式会社 サービス評価装置、方法及びプログラム
US9559842B2 (en) 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US8341427B2 (en) * 2009-02-16 2012-12-25 Microsoft Corporation Trusted cloud computing and services framework
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
KR101270991B1 (ko) * 2009-12-21 2013-06-04 한국전자통신연구원 계층적 역할 기반 접근 제어를 위한 키 트리 구성 및 키 분배 방법
CN102947795B (zh) * 2010-03-25 2016-06-29 维图斯瑞姆加拿大股份公司 安全云计算的系统和方法
US20110246778A1 (en) * 2010-03-31 2011-10-06 Emc Corporation Providing security mechanisms for virtual machine images
US20120102220A1 (en) * 2010-10-20 2012-04-26 Microsoft Corporation Routing traffic in an online service with high availability
US20120151209A1 (en) 2010-12-09 2012-06-14 Bae Systems National Security Solutions Inc. Multilevel security server framework
US8713628B2 (en) 2011-02-08 2014-04-29 Verizon Patent And Licensing Inc. Method and system for providing cloud based network security services
US8984610B2 (en) 2011-04-18 2015-03-17 Bank Of America Corporation Secure network cloud architecture
US20130061310A1 (en) 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
US20130179676A1 (en) 2011-12-29 2013-07-11 Imation Corp. Cloud-based hardware security modules
US20120266209A1 (en) * 2012-06-11 2012-10-18 David Jeffrey Gooding Method of Secure Electric Power Grid Operations Using Common Cyber Security Services
RU2648941C2 (ru) * 2012-10-12 2018-03-28 Конинклейке Филипс Н.В. Безопасная обработка данных виртуальной машиной
US9037854B2 (en) * 2013-01-22 2015-05-19 Amazon Technologies, Inc. Privileged cryptographic services in a virtualized environment
US9367339B2 (en) * 2013-07-01 2016-06-14 Amazon Technologies, Inc. Cryptographically attested resources for hosting virtual machines
US9819661B2 (en) * 2013-09-12 2017-11-14 The Boeing Company Method of authorizing an operation to be performed on a targeted computing device
US10089458B2 (en) 2013-09-26 2018-10-02 Citrix Systems, Inc. Separate, disposable execution environment for accessing unverified content
US9258331B2 (en) 2013-12-27 2016-02-09 Trapezoid, Inc. System and method for hardware-based trust control management
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US9571279B2 (en) * 2014-06-05 2017-02-14 Cavium, Inc. Systems and methods for secured backup of hardware security modules for cloud-based web services
US20160149877A1 (en) 2014-06-05 2016-05-26 Cavium, Inc. Systems and methods for cloud-based web service security management basedon hardware security module
US9246690B1 (en) * 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
CN104486307B (zh) * 2014-12-03 2017-08-15 中国电子科技集团公司第三十研究所 一种基于同态加密的分权密钥管理方法
CN105224387A (zh) 2015-09-07 2016-01-06 浪潮集团有限公司 一种云计算下虚拟机的安全部署方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070230706A1 (en) * 2006-04-04 2007-10-04 Paul Youn Method and apparatus for facilitating role-based cryptographic key management for a database
US20130152047A1 (en) * 2011-11-22 2013-06-13 Solano Labs, Inc System for distributed software quality improvement

Also Published As

Publication number Publication date
WO2018080814A1 (en) 2018-05-03
US10310885B2 (en) 2019-06-04
EP3532975A1 (en) 2019-09-04
US20180113730A1 (en) 2018-04-26
US20190243678A1 (en) 2019-08-08
CN109844748B (zh) 2023-01-06
US10871984B2 (en) 2020-12-22
EP3532975B1 (en) 2020-07-15
EP3731121A1 (en) 2020-10-28
JP2019533253A (ja) 2019-11-14
JP6985385B2 (ja) 2021-12-22
EP3731121B1 (en) 2023-04-12
CN109844748A (zh) 2019-06-04
KR20190067819A (ko) 2019-06-17
CN115795511A (zh) 2023-03-14

Similar Documents

Publication Publication Date Title
KR102435719B1 (ko) 가상 보안 환경에서 호스팅되는 보안 서비스
EP3087524B1 (en) Virtual machine assurances
JP7397557B2 (ja) セキュア実行ゲスト所有者環境制御
CN113544674B (zh) 用于安全接口控件的安全执行客户机所有者控制
JP2022099293A (ja) コンピューテーションを標的トラステッド実行環境(tee)において実行されるように生成するための方法、システム、およびコンピュータ・プログラム(クラウド・インフラストラクチャにおけるセキュアな/暗号化された仮想マシンのプロビジョニング)
CA3217422A1 (en) Attestation of a secure guest
CN114661411A (zh) 在云基础架构中供应安全/加密的虚拟机
US12130953B2 (en) Secure guest image and metadata update
CN116964983A (zh) 使用多个密码系统生成混合安全证书
EP4533301B1 (en) Attestation of logic loader code and integrity checking service logic code in a trusted execution environment (tee)
US11809568B2 (en) Hypervisor having local keystore
US11645092B1 (en) Building and deploying an application
JP2025094905A (ja) コンピュータ実装方法、コンピュータプログラム、コンピュータシステム(マイクロサービス間の信頼できる通信チャネルの確立及び維持)
WO2025233160A1 (en) Controlling workload execution on trusted execution environments

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4