KR20220027874A - 프로세스 컨테이너의 컨텍스트에서 보안 메모리 엔클레이브 사용 - Google Patents

프로세스 컨테이너의 컨텍스트에서 보안 메모리 엔클레이브 사용 Download PDF

Info

Publication number
KR20220027874A
KR20220027874A KR1020217042911A KR20217042911A KR20220027874A KR 20220027874 A KR20220027874 A KR 20220027874A KR 1020217042911 A KR1020217042911 A KR 1020217042911A KR 20217042911 A KR20217042911 A KR 20217042911A KR 20220027874 A KR20220027874 A KR 20220027874A
Authority
KR
South Korea
Prior art keywords
container
attestation
memory
security
containers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
KR1020217042911A
Other languages
English (en)
Korean (ko)
Inventor
맥스웰 크리스토퍼 렌케
테일러 제임스 스타크
벤자민 엠 슐츠
기리드하 비스와나탄
프레데릭 저스투스 스미스
디푸 찬디 토마스
하리 알 풀라파카
앰버 티안키 구오
Original Assignee
마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 filed Critical 마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Publication of KR20220027874A publication Critical patent/KR20220027874A/ko
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • G06F3/0631Configuration or reconfiguration of storage systems by allocating resources to storage systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0659Command handling arrangements, e.g. command buffers, queues, command scheduling
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/109Address translation for multiple virtual address spaces, e.g. segmentation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1004Compatibility, e.g. with legacy hardware
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1016Performance improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/152Virtualized environment, e.g. logically partitioned system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/65Details of virtual memory and virtual address translation
    • G06F2212/657Virtual address space management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Communication Control (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
KR1020217042911A 2019-07-09 2020-06-08 프로세스 컨테이너의 컨텍스트에서 보안 메모리 엔클레이브 사용 Ceased KR20220027874A (ko)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201962872233P 2019-07-09 2019-07-09
US62/872,233 2019-07-09
US16/565,271 2019-09-09
US16/565,271 US11256785B2 (en) 2019-07-09 2019-09-09 Using secure memory enclaves from the context of process containers
PCT/US2020/036575 WO2021006973A1 (en) 2019-07-09 2020-06-08 Using secure memory enclaves from the context of process containers

Publications (1)

Publication Number Publication Date
KR20220027874A true KR20220027874A (ko) 2022-03-08

Family

ID=74101941

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020217042911A Ceased KR20220027874A (ko) 2019-07-09 2020-06-08 프로세스 컨테이너의 컨텍스트에서 보안 메모리 엔클레이브 사용

Country Status (13)

Country Link
US (2) US11256785B2 (https=)
EP (1) EP3997600B1 (https=)
JP (1) JP2022539969A (https=)
KR (1) KR20220027874A (https=)
CN (1) CN114080592A (https=)
AU (1) AU2020311836A1 (https=)
BR (1) BR112021024204A2 (https=)
CA (1) CA3143459A1 (https=)
IL (1) IL289614B2 (https=)
MX (1) MX2022000359A (https=)
PH (1) PH12022550042A1 (https=)
WO (1) WO2021006973A1 (https=)
ZA (1) ZA202109971B (https=)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217775B (zh) * 2019-07-12 2022-04-05 华为技术有限公司 一种远程证明方法及装置
US12010227B1 (en) 2019-09-30 2024-06-11 Amazon Technologies, Inc. System and methods for securing role credentials
US11363012B1 (en) * 2019-09-30 2022-06-14 Amazon Technologies, Inc. System and methods for using role credentials associated with a VM instance
WO2022011009A1 (en) * 2020-07-08 2022-01-13 Intel Corporation Attestation verifier role delegation
US11481497B2 (en) * 2020-09-11 2022-10-25 Dell Products L.P. Systems and methods for hardware attestation in an information handling system
CN112199740B (zh) * 2020-12-03 2021-03-16 飞天诚信科技股份有限公司 一种加密锁的实现方法及加密锁
US11695549B2 (en) * 2021-07-08 2023-07-04 Nec Corporation Multi-device remote attestation
US12362938B2 (en) * 2021-08-05 2025-07-15 International Business Machines Corporation Attestation of a secure guest
US12056232B2 (en) * 2021-08-27 2024-08-06 EMC IP Holding Company LLC Function-based service framework with trusted execution platform
GB2610861B (en) 2021-09-20 2023-10-11 Intelligent Voice Ltd Confidential Automated Speech Recogntion
US11954219B1 (en) * 2021-11-15 2024-04-09 Amdocs Development Limited System, method, and computer program for universal security of container images
US12413420B2 (en) * 2021-12-15 2025-09-09 Intel Corporation Distributed attestation in heterogenous computing clusters
US12259963B2 (en) * 2022-02-22 2025-03-25 Mellanox Technologies, Ltd Confidential computing with device memory isolation
US11949583B2 (en) 2022-04-28 2024-04-02 Hewlett Packard Enterprise Development Lp Enforcing reference operating state compliance for cloud computing-based compute appliances
US20220335139A1 (en) * 2022-05-30 2022-10-20 Intel Corporation Method and apparatus for improved container image deployment
US20240241939A1 (en) * 2023-01-12 2024-07-18 R3 Ltd. Auditing secure enclaves
US20250061186A1 (en) * 2023-08-15 2025-02-20 Habu Inc. Confidential computing techniques for data clean rooms
US12355770B2 (en) * 2023-10-03 2025-07-08 strongDM, Inc. Identity and activity based network security policies
US12242599B1 (en) 2024-09-27 2025-03-04 strongDM, Inc. Fine-grained security policy enforcement for applications
US12348519B1 (en) 2025-02-07 2025-07-01 strongDM, Inc. Evaluating security policies in aggregate
US12432242B1 (en) 2025-03-28 2025-09-30 strongDM, Inc. Anomaly detection in managed networks
US12603921B1 (en) 2025-11-19 2026-04-14 strongDM, Inc. Indexing entities and attributes for policy enforcement

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6305009B1 (en) * 1997-12-05 2001-10-16 Robert M. Goor Compiler design using object technology with cross platform capability
US7194446B1 (en) * 2003-09-25 2007-03-20 Rockwell Automation Technologies, Inc. Location-based execution of software/HMI
US20080022265A1 (en) * 2006-06-30 2008-01-24 Morris Robert P Methods, systems, and computer program products for generating and using object modules
US8489811B1 (en) * 2006-12-29 2013-07-16 Netapp, Inc. System and method for addressing data containers using data set identifiers
US20160085695A1 (en) * 2014-09-24 2016-03-24 Intel Corporation Memory initialization in a protected region
US9710622B2 (en) * 2015-02-23 2017-07-18 Intel Corporation Instructions and logic to fork processes of secure enclaves and establish child enclaves in a secure enclave page cache
US20160350534A1 (en) * 2015-05-29 2016-12-01 Intel Corporation System, apparatus and method for controlling multiple trusted execution environments in a system
US10216529B1 (en) * 2015-11-19 2019-02-26 Virtuozzo International Gmbh Method and system for sharing driver pages
US9798641B2 (en) * 2015-12-22 2017-10-24 Intel Corporation Method to increase cloud availability and silicon isolation using secure enclaves
US10354095B2 (en) * 2016-03-31 2019-07-16 Intel Corporation Methods and apparatus to initialize enclaves on target processors
GB2550322B (en) * 2016-04-11 2019-02-27 100 Percent It Ltd Remote attestation of cloud infrastructure
US10135859B2 (en) * 2016-05-03 2018-11-20 Cisco Technology, Inc. Automated security enclave generation
US10447478B2 (en) * 2016-06-06 2019-10-15 Microsoft Technology Licensing, Llc Cryptographic applications for a blockchain system
WO2018026841A1 (en) * 2016-08-01 2018-02-08 Georgia Tech Research Corporation Methods and systems for providing secure mobile edge computing ecosystems
US10911451B2 (en) * 2017-01-24 2021-02-02 Microsoft Technology Licensing, Llc Cross-platform enclave data sealing
US11443033B2 (en) * 2017-01-24 2022-09-13 Microsoft Technology Licensing, Llc Abstract enclave identity
US10372945B2 (en) * 2017-01-24 2019-08-06 Microsoft Technology Licensing, Llc Cross-platform enclave identity
US10726120B2 (en) * 2017-03-31 2020-07-28 Intel Corporation System, apparatus and method for providing locality assertion between a security processor and an enclave
US10885189B2 (en) 2017-05-22 2021-01-05 Microsoft Technology Licensing, Llc Isolated container event monitoring
WO2019077607A1 (en) * 2017-10-17 2019-04-25 Argus Cyber Security Ltd. SYSTEM AND METHOD FOR MANAGING PROGRAM MEMORY ON A STORAGE DEVICE
US11010403B2 (en) * 2018-04-24 2021-05-18 Microsoft Technology Licensing, Llc Relational distributed ledger for smart contracts
CN108733455B (zh) * 2018-05-31 2020-08-18 上海交通大学 基于ARM TrustZone的容器隔离性增强系统
US10970103B2 (en) * 2018-12-28 2021-04-06 Intel Corporation Technologies for hybrid virtualization and secure enclave policy enforcement for edge orchestration
US10713181B1 (en) * 2019-02-21 2020-07-14 Virtuozzo International Gmbh Method and system for sharing driver pages
CN111199048B (zh) * 2020-01-02 2023-07-25 航天信息股份有限公司 基于具有生命周期的容器的大数据分级脱敏方法和系统
CN111857973A (zh) * 2020-07-30 2020-10-30 江苏方天电力技术有限公司 一种应用资源访问方法及装置

Also Published As

Publication number Publication date
JP2022539969A (ja) 2022-09-14
US11762964B2 (en) 2023-09-19
EP3997600A1 (en) 2022-05-18
US11256785B2 (en) 2022-02-22
EP3997600B1 (en) 2023-06-14
WO2021006973A1 (en) 2021-01-14
IL289614B1 (en) 2024-05-01
US20220147465A1 (en) 2022-05-12
IL289614B2 (en) 2024-09-01
US20210011984A1 (en) 2021-01-14
IL289614A (en) 2022-03-01
MX2022000359A (es) 2022-02-03
BR112021024204A2 (pt) 2022-04-12
PH12022550042A1 (en) 2022-11-21
CN114080592A (zh) 2022-02-22
ZA202109971B (en) 2023-03-29
AU2020311836A1 (en) 2022-01-06
CA3143459A1 (en) 2021-01-14

Similar Documents

Publication Publication Date Title
US11762964B2 (en) Using secure memory enclaves from the context of process containers
US9989043B2 (en) System and method for processor-based security
KR102447251B1 (ko) 실링 엔클레이브로써의 데이터 실링해제
KR102510273B1 (ko) 실링 엔클레이브로써의 데이터 실링
KR102467687B1 (ko) 크로스-플랫폼 엔클레이브 신원
KR102466793B1 (ko) 추상적 엔클레이브 신원
US10867029B2 (en) Enclave client abstraction model
US11036875B2 (en) Dependent enclave binaries
US20180210742A1 (en) Enclave abstraction model
KR20210121170A (ko) 보안 실행 게스트 소유자 환경 컨트롤
CN114661640A (zh) 在可信执行环境内隔离存储器
CN114661411B (zh) 在云基础架构中供应安全/加密的虚拟机
US20240220639A1 (en) Secure data offload in a disaggregated and heterogenous orchestration environment
US20220198064A1 (en) Provisioning secure/encrypted virtual machines in a cloud infrastructure
WO2022078069A1 (en) Secure data storage device access control and sharing
HK40066653A (zh) 从过程容器的上下文使用安全存储器包围区
Zeng et al. Refinement-based Modeling and Formal Verification for Multiple Secure Partitions of TrustZone.
CN120020726A (zh) 内存管理方法、装置、设备、存储介质及计算机程序
Huh et al. Trustworthy distributed systems through integrity-reporting

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20211228

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20230509

Comment text: Request for Examination of Application

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20250219

Patent event code: PE09021S01D

E601 Decision to refuse application
PE0601 Decision on rejection of patent

Patent event date: 20250425

Comment text: Decision to Refuse Application

Patent event code: PE06012S01D