MY177609A - A system and method to secure virtual machine images in cloud computing - Google Patents

A system and method to secure virtual machine images in cloud computing

Info

Publication number
MY177609A
MY177609A MYPI2013004370A MYPI2013004370A MY177609A MY 177609 A MY177609 A MY 177609A MY PI2013004370 A MYPI2013004370 A MY PI2013004370A MY PI2013004370 A MYPI2013004370 A MY PI2013004370A MY 177609 A MY177609 A MY 177609A
Authority
MY
Malaysia
Prior art keywords
module
virtual machine
key
trusted platform
images
Prior art date
Application number
MYPI2013004370A
Inventor
Bhagyalaxmi Aakula
Abd Aziz Norazah
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Priority to MYPI2013004370A priority Critical patent/MY177609A/en
Priority to PCT/MY2014/000158 priority patent/WO2015084144A1/en
Publication of MY177609A publication Critical patent/MY177609A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The system (100) of the present invention to secure Virtual Machine images in cloud computing comprising at least one hypervisor with Integrity Measurement Architecture (IMA) (122) embedded with at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160); at least one Cloud Manager (CM) module (120) configured with serial communication function; at least one trusted storage server (170) storing modified Virtual Machine images with sealed key indexed by Virtual Machine Universally Unique Identifier (UUID); and at least one Serial Guest Control interface (130) embedded in kernel module configured with serial communication function and interface to said Cloud Manager (CM) module (120). The general methodology of the present invention comprises steps of configuring a server with at least one Cloud Manager (CM) module and at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160) by creating new Virtual Machines in the cloud (202); generating Trusted Platform Module (TPM) Key for Virtual Machine (206); installing and compiling Virtual Machines with new module containing encrypted static object of kernel module with said symmetric key (208); sealing said symmetric key of the Virtual Machine associated with Trusted Platform Module (TPM) with Virtual Machine Universally Unique Identifier (UUID) (210, 212); storing said sealed key and modified Virtual Machine images indexed with Virtual Machine Universally Unique Identifier (UUID) into a trusted storage server (214); and accessing said Virtual Machines by decrypting said static object of kernel module using stored unseal symmetric key during booting process (216). The distinctiveness lies in the utilization of embedded new module comprising static object encryption module and built-in serial communication in the kernel of Virtual Machine (VM) images to provide a system and method to protect Virtual Machine (VM) images from running in different cloud providers.
MYPI2013004370A 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing MY177609A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing
PCT/MY2014/000158 WO2015084144A1 (en) 2013-12-04 2014-06-04 A system and method to secure virtual machine images in cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing

Publications (1)

Publication Number Publication Date
MY177609A true MY177609A (en) 2020-09-22

Family

ID=51703363

Family Applications (1)

Application Number Title Priority Date Filing Date
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing

Country Status (2)

Country Link
MY (1) MY177609A (en)
WO (1) WO2015084144A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105718794B (en) 2016-01-27 2018-06-05 华为技术有限公司 The method and system of safeguard protection are carried out to virtual machine based on VTPM
US10425229B2 (en) * 2016-02-12 2019-09-24 Microsoft Technology Licensing, Llc Secure provisioning of operating systems
US10303899B2 (en) * 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
WO2018054473A1 (en) 2016-09-22 2018-03-29 Telefonaktiebolaget Lm Ericsson (Publ) Version control for trusted computing
CN109144667A (en) * 2018-08-03 2019-01-04 北京东软望海科技有限公司 A kind of virtual machine creation method and virtual machine creating device
US11144251B2 (en) 2018-10-17 2021-10-12 International Business Machines Corporation Providing a global unique identifier for a storage volume
CN110321709A (en) * 2019-07-01 2019-10-11 电子科技大学 Policy configuration management tool based on MILS
CN113285816B (en) * 2020-02-19 2022-10-28 华为技术有限公司 Control request sending method, device and system based on key value configuration
US11907375B2 (en) 2021-04-13 2024-02-20 Hewlett Packard Enterprise Development Lp System and method for signing and interlocking a boot information file to a host computing system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8151262B2 (en) * 2007-03-30 2012-04-03 Lenovo (Singapore) Pte. Ltd. System and method for reporting the trusted state of a virtual machine
US8539551B2 (en) 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
WO2011116459A1 (en) * 2010-03-25 2011-09-29 Enomaly Inc. System and method for secure cloud computing
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures

Also Published As

Publication number Publication date
WO2015084144A1 (en) 2015-06-11

Similar Documents

Publication Publication Date Title
MY177609A (en) A system and method to secure virtual machine images in cloud computing
US9536063B2 (en) Methods and apparatus for protecting software from unauthorized copying
EP3869332B1 (en) Roots-of-trust for measurement of virtual machines
CN107003866B (en) Secure creation of encrypted virtual machines from encrypted templates
Zhang et al. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
US9690947B2 (en) Processing a guest event in a hypervisor-controlled system
US10338949B2 (en) Virtual trusted platform module function implementation method and management device
Hunt et al. Confidential computing for OpenPOWER
US9189609B1 (en) Securing virtual machines with virtual volumes
Chen et al. Towards verifiable resource accounting for outsourced computation
RU2019126641A (en) CROSS-PLATFORM UNCLAVE IDENTIFICATION
US20140032920A1 (en) Secure Virtual Machine Provisioning
US20160124751A1 (en) Access isolation for multi-operating system devices
US10243746B2 (en) Systems and methods for providing I/O state protections in a virtualized environment
CN103812862A (en) Dependable security cloud computing composition method
Wan et al. Building trust into cloud computing using virtualization of TPM
Cheng et al. Sealed storage for trusted cloud computing
Yu et al. Obtaining the integrity of your virtual machine in the cloud
Jin et al. Theory and methodology of research on cloud security
CN114499867B (en) Trusted root management method, device, equipment and storage medium
Nimgaonkar et al. Ctrust: A framework for secure and trustworthy application execution in cloud computing
Aw Ideler Cryptography as a service in a cloud computing environment
US20240248742A1 (en) Initiating executable containers in trusted execution environments
US20240330435A1 (en) Attesting on-the-fly encrypted root disks for confidential virtual machines
Yang et al. Designing and Implementing Live Migration Support for Arm-based Confidential VMs