RU2016143088A - Безопасный транспорт зашифрованных виртуальных машин с непрерывным доступом владельца - Google Patents
Безопасный транспорт зашифрованных виртуальных машин с непрерывным доступом владельца Download PDFInfo
- Publication number
- RU2016143088A RU2016143088A RU2016143088A RU2016143088A RU2016143088A RU 2016143088 A RU2016143088 A RU 2016143088A RU 2016143088 A RU2016143088 A RU 2016143088A RU 2016143088 A RU2016143088 A RU 2016143088A RU 2016143088 A RU2016143088 A RU 2016143088A
- Authority
- RU
- Russia
- Prior art keywords
- decryption key
- key
- encrypted
- data set
- encryption mechanism
- Prior art date
Links
- 230000007246 mechanism Effects 0.000 claims 9
- 230000001681 protective effect Effects 0.000 claims 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/65—Details of virtual memory and virtual address translation
- G06F2212/652—Page size control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
Claims (18)
1. Способ управления зашифрованными наборами данных в компьютерном окружении, содержащий этапы, на которых:
получают первый ключ дешифрирования, причем первый ключ дешифрирования сконфигурирован для использования для дешифрирования зашифрованного набора данных, который был зашифрован с использованием первого механизма шифрования, при этом первый механизм шифрования ассоциирован с первым ключом дешифрирования, который может быть использован для дешифрирования этого набора данных;
шифруют первый ключ дешифрирования посредством второго механизма шифрования, причем второй механизм шифрования ассоциирован со вторым ключом дешифрирования, используемым первым субъектом, так что второй ключ дешифрирования может быть использован первым субъектом для дешифрирования упомянутого набора данных путем дешифрирования сначала первого ключа с использованием второго ключа дешифрирования и затем с использованием дешифрированного первого ключа для дешифрирования этого набора данных;
шифруют первый ключ дешифрирования посредством третьего механизма шифрования, причем третий механизм шифрования ассоциирован с третьим ключом дешифрирования, используемым вторым субъектом, так что третий ключ дешифрирования может быть использован вторым субъектом для дешифрирования упомянутого набора данных путем дешифрирования сначала первого ключа с использованием третьего ключа дешифрирования и затем с использованием первого дешифрированного ключа для дешифрирования этого набора данных;
создают пакет, содержащий, по меньшей мере, первый ключ дешифрирования, зашифрованный посредством второго механизма шифрования, и первый ключ дешифрирования, зашифрованный посредством третьего механизма шифрования;
подписывают пакет защитной подписью; и
подписывают пакет подписью, созданной из первого ключа дешифрирования;
при этом упомянутый набор данных содержит части виртуальной машины;
при этом первый субъект является провайдером услуг размещения данной виртуальной машины и второй субъект является арендатором этого провайдера;
при этом выстраивается иерархия ключей, где корнем этой иерархии является первый ключ дешифрирования, и части виртуальной машины шифруются с использованием ключей из этой иерархии.
2. Способ по п.1, в котором первый ключ является мастер-ключом для vTPM для виртуальной машины.
3. Способ по п. 1, в котором набор данных содержит информацию подготовки для VM.
4. Способ по п. 1, в котором упомянутый набор данных содержит состояние vTPM.
5. Способ по п. 1, в котором упомянутый пакет содержит множество копий первого ключа дешифрирования, зашифрованных разными механизмами шифрования для множества разных хранителей.
6. Система для управления зашифрованными наборами данных в компьютерном окружении, содержащая
один или более процессоров; и
один или более машиночитаемых носителей информации, каковые один или более машиночитаемых носителей содержат машиноисполняемые инструкции, которые при их исполнении по меньшей мере одним из упомянутых одного или более процессоров предписывают системе выполнять этапы по п. 1.
7. Один или более физических машиночитаемых носителей информации, содержащих машиноисполняемые инструкции, которые при их исполнении по меньшей мере одним из одного или более процессоров предписывают системе выполнять этапы по п. 1.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201461988786P | 2014-05-05 | 2014-05-05 | |
US61/988,786 | 2014-05-05 | ||
US14/481,399 | 2014-09-09 | ||
US14/481,399 US9652631B2 (en) | 2014-05-05 | 2014-09-09 | Secure transport of encrypted virtual machines with continuous owner access |
PCT/US2015/028991 WO2015171476A1 (en) | 2014-05-05 | 2015-05-04 | Secure transport of encrypted virtual machines with continuous owner access |
Publications (3)
Publication Number | Publication Date |
---|---|
RU2016143088A true RU2016143088A (ru) | 2018-05-03 |
RU2016143088A3 RU2016143088A3 (ru) | 2018-11-26 |
RU2693313C2 RU2693313C2 (ru) | 2019-07-02 |
Family
ID=54356002
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
RU2016143089A RU2679721C2 (ru) | 2014-05-05 | 2015-05-04 | Аттестация хоста, содержащего доверительную среду исполнения |
RU2016143088A RU2693313C2 (ru) | 2014-05-05 | 2015-05-04 | Безопасный транспорт зашифрованных виртуальных машин с непрерывным доступом владельца |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
RU2016143089A RU2679721C2 (ru) | 2014-05-05 | 2015-05-04 | Аттестация хоста, содержащего доверительную среду исполнения |
Country Status (7)
Country | Link |
---|---|
US (4) | US9652631B2 (ru) |
EP (2) | EP3140950B1 (ru) |
JP (2) | JP6665113B2 (ru) |
CN (2) | CN106462438B (ru) |
BR (2) | BR112016024507B1 (ru) |
RU (2) | RU2679721C2 (ru) |
WO (2) | WO2015171476A1 (ru) |
Families Citing this family (294)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102183852B1 (ko) * | 2013-11-22 | 2020-11-30 | 삼성전자주식회사 | 전자 장치의 무결성 검증을 위한 방법, 저장 매체 및 전자 장치 |
US9519498B2 (en) | 2013-12-24 | 2016-12-13 | Microsoft Technology Licensing, Llc | Virtual machine assurances |
US9792448B2 (en) | 2014-02-28 | 2017-10-17 | Advanced Micro Devices, Inc. | Cryptographic protection of information in a processing system |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US9760712B2 (en) * | 2014-05-23 | 2017-09-12 | Vmware, Inc. | Application whitelisting using user identification |
CN104268477B (zh) * | 2014-09-26 | 2017-09-26 | 华为技术有限公司 | 一种安全控制方法及网络设备 |
US9715402B2 (en) | 2014-09-30 | 2017-07-25 | Amazon Technologies, Inc. | Dynamic code deployment and versioning |
US9146764B1 (en) | 2014-09-30 | 2015-09-29 | Amazon Technologies, Inc. | Processing event messages for user requests to execute program code |
US10048974B1 (en) | 2014-09-30 | 2018-08-14 | Amazon Technologies, Inc. | Message-based computation request scheduling |
US9600312B2 (en) | 2014-09-30 | 2017-03-21 | Amazon Technologies, Inc. | Threading as a service |
US9678773B1 (en) | 2014-09-30 | 2017-06-13 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
US9323556B2 (en) | 2014-09-30 | 2016-04-26 | Amazon Technologies, Inc. | Programmatic event detection and message generation for requests to execute program code |
US9830193B1 (en) | 2014-09-30 | 2017-11-28 | Amazon Technologies, Inc. | Automatic management of low latency computational capacity |
US10229272B2 (en) | 2014-10-13 | 2019-03-12 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US9584317B2 (en) | 2014-10-13 | 2017-02-28 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US10303879B1 (en) * | 2014-11-06 | 2019-05-28 | Amazon Technologies, Inc. | Multi-tenant trusted platform modules |
US9519787B2 (en) | 2014-11-14 | 2016-12-13 | Microsoft Technology Licensing, Llc | Secure creation of encrypted virtual machines from encrypted templates |
US9537788B2 (en) | 2014-12-05 | 2017-01-03 | Amazon Technologies, Inc. | Automatic determination of resource sizing |
WO2016112338A1 (en) * | 2015-01-08 | 2016-07-14 | Intertrust Technologies Corporation | Cryptographic systems and methods |
US10013567B2 (en) * | 2015-01-27 | 2018-07-03 | Apple Inc. | Private and public sharing of electronic assets |
US9621948B2 (en) * | 2015-01-29 | 2017-04-11 | Universal Electronics Inc. | System and method for prioritizing and filtering CEC commands |
US9588790B1 (en) | 2015-02-04 | 2017-03-07 | Amazon Technologies, Inc. | Stateful virtual compute system |
US9733967B2 (en) | 2015-02-04 | 2017-08-15 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
US9712503B1 (en) * | 2015-03-23 | 2017-07-18 | Amazon Technologies, Inc. | Computing instance migration |
US9756050B1 (en) * | 2015-03-26 | 2017-09-05 | Amazon Technologies, Inc. | Using transient processing containers for security authorization |
US20160292431A1 (en) * | 2015-04-02 | 2016-10-06 | defend7, Inc. | Management of encryption keys in an application container environment |
US9930103B2 (en) | 2015-04-08 | 2018-03-27 | Amazon Technologies, Inc. | Endpoint management system providing an application programming interface proxy service |
US9785476B2 (en) | 2015-04-08 | 2017-10-10 | Amazon Technologies, Inc. | Endpoint management system and virtual compute system |
US9652634B2 (en) * | 2015-05-19 | 2017-05-16 | Vmware, Inc. | Maintaing encryption keys to provide encryption on top of data deduplication |
US10078549B2 (en) | 2015-05-19 | 2018-09-18 | Vmware, Inc. | Maintaining hole boundary information for restoring snapshots from parity |
US9866574B1 (en) * | 2015-06-01 | 2018-01-09 | Amazon Technologies, Inc. | Protected data type handling awareness |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10395029B1 (en) * | 2015-06-30 | 2019-08-27 | Fireeye, Inc. | Virtual system and method with threat protection |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10002015B2 (en) * | 2015-07-10 | 2018-06-19 | International Business Machines Corporation | Delayed boot of a virtual machine in a virtualized computing environment based on a fabric limit |
US9973432B2 (en) | 2015-07-10 | 2018-05-15 | International Business Machines Corporation | Load balancing in a virtualized computing environment based on a fabric limit |
US10002014B2 (en) | 2015-07-10 | 2018-06-19 | International Business Machines Corporation | Management of a virtual machine in a virtualized computing environment based on a fabric limit |
US10230529B2 (en) * | 2015-07-31 | 2019-03-12 | Microsft Technology Licensing, LLC | Techniques to secure computation data in a computing environment |
US9768966B2 (en) * | 2015-08-07 | 2017-09-19 | Google Inc. | Peer to peer attestation |
US11150927B1 (en) * | 2015-08-10 | 2021-10-19 | Amazon Technologies, Inc. | Policy-based virtual machine instance cotenancy |
US10929797B1 (en) * | 2015-09-23 | 2021-02-23 | Amazon Technologies, Inc. | Fault tolerance determinations for networked resources |
US9928108B1 (en) | 2015-09-29 | 2018-03-27 | Amazon Technologies, Inc. | Metaevent handling for on-demand code execution environments |
US10042660B2 (en) | 2015-09-30 | 2018-08-07 | Amazon Technologies, Inc. | Management of periodic requests for compute capacity |
US9917687B2 (en) * | 2015-10-12 | 2018-03-13 | Microsoft Technology Licensing, Llc | Migrating secrets using hardware roots of trust for devices |
CN106775917B (zh) * | 2015-11-19 | 2020-03-24 | 苏宁云计算有限公司 | 一种虚拟机启动的方法及系统 |
US10025947B1 (en) * | 2015-11-30 | 2018-07-17 | Ims Health Incorporated | System and method to produce a virtually trusted database record |
US9894051B2 (en) | 2015-12-14 | 2018-02-13 | International Business Machines Corporation | Extending shrouding capability of hosting system |
US9882901B2 (en) | 2015-12-14 | 2018-01-30 | International Business Machines Corporation | End-to-end protection for shrouded virtual servers |
JP2017111581A (ja) * | 2015-12-15 | 2017-06-22 | キヤノン株式会社 | 情報処理システム、制御方法 |
US10754701B1 (en) | 2015-12-16 | 2020-08-25 | Amazon Technologies, Inc. | Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions |
US10013267B1 (en) | 2015-12-16 | 2018-07-03 | Amazon Technologies, Inc. | Pre-triggers for code execution environments |
US9830449B1 (en) * | 2015-12-16 | 2017-11-28 | Amazon Technologies, Inc. | Execution locations for request-driven code |
US9811434B1 (en) | 2015-12-16 | 2017-11-07 | Amazon Technologies, Inc. | Predictive management of on-demand code execution |
US9910713B2 (en) | 2015-12-21 | 2018-03-06 | Amazon Technologies, Inc. | Code execution request routing |
US10002026B1 (en) | 2015-12-21 | 2018-06-19 | Amazon Technologies, Inc. | Acquisition and maintenance of dedicated, reserved, and variable compute capacity |
US10067801B1 (en) | 2015-12-21 | 2018-09-04 | Amazon Technologies, Inc. | Acquisition and maintenance of compute capacity |
US10079693B2 (en) * | 2015-12-28 | 2018-09-18 | Netapp, Inc. | Storage cluster management proxy |
CN108351923B (zh) * | 2016-01-28 | 2021-10-01 | 惠普发展公司,有限责任合伙企业 | 与统一可扩展固件接口系统可执行的脚本有关的阈值 |
US10791097B2 (en) * | 2016-04-14 | 2020-09-29 | Sophos Limited | Portable encryption format |
US10681078B2 (en) | 2016-06-10 | 2020-06-09 | Sophos Limited | Key throttling to mitigate unauthorized file access |
US10650154B2 (en) | 2016-02-12 | 2020-05-12 | Sophos Limited | Process-level control of encrypted content |
US10686827B2 (en) | 2016-04-14 | 2020-06-16 | Sophos Limited | Intermediate encryption for exposed content |
US11429412B2 (en) | 2016-02-25 | 2022-08-30 | Red Hat Israel, Ltd. | Guest protection from application code execution in kernel mode |
CN105825131B (zh) * | 2016-03-16 | 2018-12-21 | 广东工业大学 | 一种基于uefi的计算机安全启动防护方法 |
US10326744B1 (en) * | 2016-03-21 | 2019-06-18 | EMC IP Holding Company LLC | Security layer for containers in multi-tenant environments |
US10063372B1 (en) * | 2016-03-25 | 2018-08-28 | EMC IP Holding Company LLC | Generating pre-encrypted keys |
US20170277898A1 (en) * | 2016-03-25 | 2017-09-28 | Advanced Micro Devices, Inc. | Key management for secure memory address spaces |
US11132213B1 (en) | 2016-03-30 | 2021-09-28 | Amazon Technologies, Inc. | Dependency-based process of pre-existing data sets at an on demand code execution environment |
US10162672B2 (en) | 2016-03-30 | 2018-12-25 | Amazon Technologies, Inc. | Generating data streams from pre-existing data sets |
US10891145B2 (en) | 2016-03-30 | 2021-01-12 | Amazon Technologies, Inc. | Processing pre-existing data sets at an on demand code execution environment |
US11379385B2 (en) * | 2016-04-16 | 2022-07-05 | Vmware, Inc. | Techniques for protecting memory pages of a virtual computing instance |
US10228924B2 (en) * | 2016-04-19 | 2019-03-12 | International Business Machines Corporation | Application deployment and monitoring in a cloud environment to satisfy integrity and geo-fencing constraints |
EP3244568B1 (en) * | 2016-05-13 | 2019-01-09 | Talenta s.r.o. | Electronic locking system |
US10135622B2 (en) * | 2016-06-03 | 2018-11-20 | Intel Corporation | Flexible provisioning of attestation keys in secure enclaves |
US10282229B2 (en) | 2016-06-28 | 2019-05-07 | Amazon Technologies, Inc. | Asynchronous task management in an on-demand network code execution environment |
US10102040B2 (en) | 2016-06-29 | 2018-10-16 | Amazon Technologies, Inc | Adjusting variable limit on concurrent code executions |
GB2551983B (en) | 2016-06-30 | 2020-03-04 | Sophos Ltd | Perimeter encryption |
US10277708B2 (en) | 2016-06-30 | 2019-04-30 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
US10203990B2 (en) | 2016-06-30 | 2019-02-12 | Amazon Technologies, Inc. | On-demand network code execution with cross-account aliases |
US10127068B2 (en) | 2016-06-30 | 2018-11-13 | Amazon Technologies, Inc. | Performance variability reduction using an opportunistic hypervisor |
US10318311B2 (en) * | 2016-06-30 | 2019-06-11 | Amazon Technologies, Inc. | Memory allocation techniques at partially-offloaded virtualization managers |
US10460113B2 (en) * | 2016-08-16 | 2019-10-29 | International Business Machines Corporation | Security fix of a container in a virtual machine environment |
US20180060077A1 (en) * | 2016-08-26 | 2018-03-01 | Qualcomm Incorporated | Trusted platform module support on reduced instruction set computing architectures |
US10187203B2 (en) * | 2016-08-30 | 2019-01-22 | Workday, Inc. | Secure storage encryption system |
US10460118B2 (en) | 2016-08-30 | 2019-10-29 | Workday, Inc. | Secure storage audit verification system |
US10177908B2 (en) * | 2016-08-30 | 2019-01-08 | Workday, Inc. | Secure storage decryption system |
US10177910B2 (en) * | 2016-08-31 | 2019-01-08 | Microsoft Technology Licensing, Llc | Preserving protected secrets across a secure boot update |
EP3516573A1 (en) * | 2016-09-22 | 2019-07-31 | Telefonaktiebolaget LM Ericsson (PUBL) | Version control for trusted computing |
US10320571B2 (en) * | 2016-09-23 | 2019-06-11 | Microsoft Technology Licensing, Llc | Techniques for authenticating devices using a trusted platform module device |
US10884787B1 (en) | 2016-09-23 | 2021-01-05 | Amazon Technologies, Inc. | Execution guarantees in an on-demand network code execution system |
US10061613B1 (en) | 2016-09-23 | 2018-08-28 | Amazon Technologies, Inc. | Idempotent task execution in on-demand network code execution systems |
US11119813B1 (en) | 2016-09-30 | 2021-09-14 | Amazon Technologies, Inc. | Mapreduce implementation using an on-demand network code execution system |
US10310885B2 (en) * | 2016-10-25 | 2019-06-04 | Microsoft Technology Licensing, Llc | Secure service hosted in a virtual security environment |
US10462212B2 (en) * | 2016-10-28 | 2019-10-29 | At&T Intellectual Property I, L.P. | Hybrid clouds |
KR102511451B1 (ko) | 2016-11-09 | 2023-03-17 | 삼성전자주식회사 | 리치 실행 환경에서 보안 어플리케이션을 안전하게 실행하는 컴퓨팅 시스템 |
US10447668B1 (en) * | 2016-11-14 | 2019-10-15 | Amazon Technologies, Inc. | Virtual cryptographic module with load balancer and cryptographic module fleet |
US10855464B2 (en) * | 2016-11-23 | 2020-12-01 | Vmware, Inc. | Methods and apparatus to manage credentials in hyper-converged infrastructures |
US10482034B2 (en) * | 2016-11-29 | 2019-11-19 | Microsoft Technology Licensing, Llc | Remote attestation model for secure memory applications |
CN108243163B (zh) * | 2016-12-26 | 2020-11-13 | 航天信息股份有限公司 | 一种物流运输的加密安全控制方法、装置及系统 |
WO2018120182A1 (zh) * | 2016-12-30 | 2018-07-05 | 华为技术有限公司 | 一种秘密信息的分发方法和设备 |
WO2018120042A1 (zh) * | 2016-12-30 | 2018-07-05 | 华为技术有限公司 | 一种凭据分发的方法和设备 |
US10530777B2 (en) * | 2017-01-24 | 2020-01-07 | Microsoft Technology Licensing, Llc | Data unsealing with a sealing enclave |
US10419402B2 (en) * | 2017-01-26 | 2019-09-17 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using signing key |
US10972265B2 (en) * | 2017-01-26 | 2021-04-06 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment |
US10897360B2 (en) | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using clean room provisioning |
US10897459B2 (en) * | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using encryption key |
US10250517B2 (en) | 2017-02-03 | 2019-04-02 | Microsoft Technology Licensing, Llc | Completion-side client throttling |
US11108698B2 (en) | 2017-02-03 | 2021-08-31 | Microsoft Technology Licensing, Llc | Systems and methods for client-side throttling after server handling in a trusted client component |
US10496425B2 (en) * | 2017-02-21 | 2019-12-03 | Red Hat, Inc. | Systems and methods for providing processor state protections in a virtualized environment |
CN108469986B (zh) | 2017-02-23 | 2021-04-09 | 华为技术有限公司 | 一种数据迁移方法及装置 |
CN107797817B (zh) * | 2017-03-13 | 2021-02-19 | 平安科技(深圳)有限公司 | 应用更新方法和装置 |
JP6408627B2 (ja) * | 2017-03-14 | 2018-10-17 | Kddi株式会社 | 遠隔機器制御システム、及び、遠隔機器制御方法 |
US10509733B2 (en) | 2017-03-24 | 2019-12-17 | Red Hat, Inc. | Kernel same-page merging for encrypted memory |
US10169577B1 (en) * | 2017-03-28 | 2019-01-01 | Symantec Corporation | Systems and methods for detecting modification attacks on shared physical memory |
US20180288101A1 (en) * | 2017-03-29 | 2018-10-04 | Hewlett Packard Enterprise Development Lp | Verifying that usage of virtual network function (vnf) by a plurality of compute nodes comply with allowed usage rights |
US10956193B2 (en) * | 2017-03-31 | 2021-03-23 | Microsoft Technology Licensing, Llc | Hypervisor virtual processor execution with extra-hypervisor scheduling |
US9992029B1 (en) * | 2017-04-05 | 2018-06-05 | Stripe, Inc. | Systems and methods for providing authentication to a plurality of devices |
US10587411B2 (en) | 2017-04-11 | 2020-03-10 | International Business Machines Corporation | Zero-knowledge verifiably attestable transaction containers using secure processors |
US10209917B2 (en) | 2017-04-20 | 2019-02-19 | Red Hat, Inc. | Physical memory migration for secure encrypted virtual machines |
US10423791B2 (en) * | 2017-04-27 | 2019-09-24 | Microsoft Technology Licensing, Llc | Enabling offline restart of shielded virtual machines using key caching |
US10379764B2 (en) | 2017-05-11 | 2019-08-13 | Red Hat, Inc. | Virtual machine page movement for encrypted memory |
US10747585B2 (en) * | 2017-05-26 | 2020-08-18 | Vmware Inc. | Methods and apparatus to perform data migration in a distributed environment |
US10860724B2 (en) * | 2017-06-13 | 2020-12-08 | Microsoft Technology Licensing, Llc | Active key rolling for sensitive data protection |
US10771439B2 (en) * | 2017-06-28 | 2020-09-08 | Microsoft Technology Licensing, Llc | Shielded networks for virtual machines |
US10445009B2 (en) * | 2017-06-30 | 2019-10-15 | Intel Corporation | Systems and methods of controlling memory footprint |
CN109218260B (zh) * | 2017-07-03 | 2020-11-06 | 深圳市中兴微电子技术有限公司 | 一种基于可信任环境的认证保护系统及方法 |
US10819696B2 (en) * | 2017-07-13 | 2020-10-27 | Microsoft Technology Licensing, Llc | Key attestation statement generation providing device anonymity |
US11354420B2 (en) | 2017-07-21 | 2022-06-07 | Red Hat, Inc. | Re-duplication of de-duplicated encrypted memory |
US11726813B2 (en) * | 2017-08-01 | 2023-08-15 | Cable Television Laboratories, Inc. | Systems and methods for establishing scalable credential creation and access |
US10848494B2 (en) * | 2017-08-14 | 2020-11-24 | Microsoft Technology Licensing, Llc | Compliance boundaries for multi-tenant cloud environment |
US10534921B2 (en) | 2017-08-23 | 2020-01-14 | Red Hat, Inc. | Copy and decrypt support for encrypted virtual machines |
US10693844B2 (en) * | 2017-08-24 | 2020-06-23 | Red Hat, Inc. | Efficient migration for encrypted virtual machines by active page copying |
US10841089B2 (en) * | 2017-08-25 | 2020-11-17 | Nutanix, Inc. | Key managers for distributed computing systems |
US10831935B2 (en) * | 2017-08-31 | 2020-11-10 | Pure Storage, Inc. | Encryption management with host-side data reduction |
US11947489B2 (en) | 2017-09-05 | 2024-04-02 | Robin Systems, Inc. | Creating snapshots of a storage volume in a distributed storage system |
US20190087580A1 (en) * | 2017-09-19 | 2019-03-21 | Microsoft Technology Licensing, Llc | Secure launch for a hypervisor |
WO2019072039A1 (zh) * | 2017-10-09 | 2019-04-18 | 华为技术有限公司 | 一种业务证书管理方法、终端及服务器 |
US11943368B2 (en) * | 2017-11-03 | 2024-03-26 | Microsoft Technology Licensing, Llc | Provisioning trusted execution environment based on chain of trust including platform |
US10713144B2 (en) * | 2017-11-15 | 2020-07-14 | General Electric Company | Virtual processor enabling real-time in situ disassembly and debugging in SoC environment |
EP3714389B1 (en) * | 2017-11-20 | 2023-08-02 | Telefonaktiebolaget LM Ericsson (PUBL) | Deployment of components of a distributed application to runtime environments |
US10922132B1 (en) * | 2017-12-11 | 2021-02-16 | Amazon Technologies, Inc. | Secure migration of servers from customer networks to service provider systems |
US10303492B1 (en) | 2017-12-13 | 2019-05-28 | Amazon Technologies, Inc. | Managing custom runtimes in an on-demand code execution system |
US10564946B1 (en) | 2017-12-13 | 2020-02-18 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
US11113400B1 (en) * | 2017-12-26 | 2021-09-07 | Virtuozzo International Gmbh | System and method for providing distributed compute platform on untrusted hardware |
US11582168B2 (en) | 2018-01-11 | 2023-02-14 | Robin Systems, Inc. | Fenced clone applications |
US11392363B2 (en) | 2018-01-11 | 2022-07-19 | Robin Systems, Inc. | Implementing application entrypoints with containers of a bundled application |
US11748203B2 (en) | 2018-01-11 | 2023-09-05 | Robin Systems, Inc. | Multi-role application orchestration in a distributed storage system |
US10831898B1 (en) | 2018-02-05 | 2020-11-10 | Amazon Technologies, Inc. | Detecting privilege escalations in code including cross-service calls |
US10353678B1 (en) | 2018-02-05 | 2019-07-16 | Amazon Technologies, Inc. | Detecting code characteristic alterations due to cross-service calls |
US10572375B1 (en) | 2018-02-05 | 2020-02-25 | Amazon Technologies, Inc. | Detecting parameter validity in code including cross-service calls |
US10733085B1 (en) | 2018-02-05 | 2020-08-04 | Amazon Technologies, Inc. | Detecting impedance mismatches due to cross-service calls |
US10725752B1 (en) | 2018-02-13 | 2020-07-28 | Amazon Technologies, Inc. | Dependency handling in an on-demand network code execution system |
US10776091B1 (en) | 2018-02-26 | 2020-09-15 | Amazon Technologies, Inc. | Logging endpoint in an on-demand code execution system |
US10855724B2 (en) * | 2018-03-22 | 2020-12-01 | EMC IP Holding Company, LLC | Securely establishing key-based SSH communications between virtual machines during cloud marketplace provisioning |
US10713110B2 (en) * | 2018-03-27 | 2020-07-14 | Accenture Global Solutions Limited | Automated issue detection and resolution framework for enterprise resource planning |
US11356315B2 (en) | 2018-03-28 | 2022-06-07 | Intel Corporation | Methods and apparatus to dynamically control devices based on distributed data |
CA3097092C (en) * | 2018-04-20 | 2024-02-13 | Vishal Gupta | Decentralized document and entity verification engine |
CN110414245B (zh) * | 2018-04-28 | 2023-09-22 | 伊姆西Ip控股有限责任公司 | 用于在存储系统中管理加密密钥的方法、装置和计算机程序产品 |
US10922441B2 (en) * | 2018-05-04 | 2021-02-16 | Huawei Technologies Co., Ltd. | Device and method for data security with a trusted execution environment |
KR102095114B1 (ko) * | 2018-05-08 | 2020-03-30 | 한국과학기술원 | 기능확장을 위한 신뢰실행환경들의 결합 방법 및 비즈니스 프로세스 지원을 위한 fido u2f 활용 방법 |
US10891385B2 (en) * | 2018-05-16 | 2021-01-12 | Microsoft Technology Licensing, Llc | Encryption at rest for cloud-resourced virtual machines |
US11029986B2 (en) * | 2018-05-25 | 2021-06-08 | Microsoft Technology Licensing, Llc | Processor feature ID response for virtualization |
US10853115B2 (en) | 2018-06-25 | 2020-12-01 | Amazon Technologies, Inc. | Execution of auxiliary functions in an on-demand network code execution system |
US10649749B1 (en) | 2018-06-26 | 2020-05-12 | Amazon Technologies, Inc. | Cross-environment application of tracing information for improved code execution |
US11146569B1 (en) | 2018-06-28 | 2021-10-12 | Amazon Technologies, Inc. | Escalation-resistant secure network services using request-scoped authentication information |
US10949237B2 (en) | 2018-06-29 | 2021-03-16 | Amazon Technologies, Inc. | Operating system customization in an on-demand network code execution system |
US11099870B1 (en) | 2018-07-25 | 2021-08-24 | Amazon Technologies, Inc. | Reducing execution times in an on-demand network code execution system using saved machine states |
JP7135569B2 (ja) * | 2018-08-13 | 2022-09-13 | 日本電信電話株式会社 | 端末登録システムおよび端末登録方法 |
US11232212B2 (en) | 2018-08-21 | 2022-01-25 | The Regents Of The University Of Michigan | Computer system with moving target defenses against vulnerability attacks |
WO2020055968A1 (en) | 2018-09-11 | 2020-03-19 | Amari.Ai Incorporated | Secure communications gateway for trusted execution and secure communications |
US11188477B2 (en) | 2018-09-11 | 2021-11-30 | Apple Inc. | Page protection layer |
US11017092B2 (en) * | 2018-09-27 | 2021-05-25 | Intel Corporation | Technologies for fast launch of trusted containers |
US11243953B2 (en) | 2018-09-27 | 2022-02-08 | Amazon Technologies, Inc. | Mapreduce implementation in an on-demand network code execution system and stream data processing system |
US11099917B2 (en) | 2018-09-27 | 2021-08-24 | Amazon Technologies, Inc. | Efficient state maintenance for execution environments in an on-demand code execution system |
US11943093B1 (en) | 2018-11-20 | 2024-03-26 | Amazon Technologies, Inc. | Network connection recovery after virtual machine transition in an on-demand network code execution system |
US10901918B2 (en) * | 2018-11-29 | 2021-01-26 | International Business Machines Corporation | Constructing flexibly-secure systems in a disaggregated environment |
EP3661244A1 (en) * | 2018-11-30 | 2020-06-03 | Nagravision SA | Key negotiation and provisioning for devices in a network |
CN109684829B (zh) * | 2018-12-04 | 2020-12-04 | 中国科学院数据与通信保护研究教育中心 | 一种虚拟化环境中服务调用监控方法和系统 |
US10884812B2 (en) | 2018-12-13 | 2021-01-05 | Amazon Technologies, Inc. | Performance-based hardware emulation in an on-demand network code execution system |
US11271994B2 (en) * | 2018-12-28 | 2022-03-08 | Intel Corporation | Technologies for providing selective offload of execution to the edge |
US11010188B1 (en) | 2019-02-05 | 2021-05-18 | Amazon Technologies, Inc. | Simulated data object storage using on-demand computation of data objects |
US11475138B2 (en) * | 2019-02-06 | 2022-10-18 | International Business Machines Corporation | Creation and execution of secure containers |
US10795718B2 (en) | 2019-02-08 | 2020-10-06 | Microsoft Technology Licensing, Llc | Updating hardware with reduced virtual machine downtime |
US11469903B2 (en) * | 2019-02-28 | 2022-10-11 | Microsoft Technology Licensing, Llc | Autonomous signing management operations for a key distribution service |
US11126453B2 (en) | 2019-03-07 | 2021-09-21 | Micron Technology, Inc. | Protected regions management of memory |
US11354421B2 (en) | 2019-03-08 | 2022-06-07 | International Business Machines Corporation | Secure execution guest owner controls for secure interface control |
US11531627B2 (en) | 2019-03-08 | 2022-12-20 | International Business Machines Corporation | Secure storage isolation |
US11640361B2 (en) | 2019-03-08 | 2023-05-02 | International Business Machines Corporation | Sharing secure memory across multiple security domains |
US11487906B2 (en) * | 2019-03-08 | 2022-11-01 | International Business Machines Corporation | Storage sharing between a secure domain and a non-secure entity |
US11861386B1 (en) | 2019-03-22 | 2024-01-02 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
CN109921902B (zh) | 2019-03-22 | 2020-10-23 | 创新先进技术有限公司 | 一种密钥管理方法、安全芯片、业务服务器及信息系统 |
US11256434B2 (en) | 2019-04-17 | 2022-02-22 | Robin Systems, Inc. | Data de-duplication |
US20200364354A1 (en) * | 2019-05-17 | 2020-11-19 | Microsoft Technology Licensing, Llc | Mitigation of ransomware in integrated, isolated applications |
US11095661B2 (en) | 2019-05-29 | 2021-08-17 | Cisco Technology, Inc. | Enforcing data sovereignty policies in a cloud environment |
US11537421B1 (en) * | 2019-06-07 | 2022-12-27 | Amazon Technologies, Inc. | Virtual machine monitor providing secure cryptographic operations |
US11119809B1 (en) | 2019-06-20 | 2021-09-14 | Amazon Technologies, Inc. | Virtualization-based transaction handling in an on-demand network code execution system |
US11190609B2 (en) | 2019-06-28 | 2021-11-30 | Amazon Technologies, Inc. | Connection pooling for scalable network services |
US11159528B2 (en) | 2019-06-28 | 2021-10-26 | Amazon Technologies, Inc. | Authentication to network-services using hosted authentication information |
US11115404B2 (en) | 2019-06-28 | 2021-09-07 | Amazon Technologies, Inc. | Facilitating service connections in serverless code executions |
US11489675B1 (en) * | 2019-07-12 | 2022-11-01 | Allscripts Software, Llc | Computing system for electronic message tamper-roofing |
DE102019211314A1 (de) * | 2019-07-30 | 2021-02-04 | Infineon Technologies Ag | Vertrauenswürdige Datenverarbeitung |
US20220277072A1 (en) * | 2019-08-16 | 2022-09-01 | Regents Of The University Of Michigan | Thwarting control plane attacks with displaced and dilated address spaces |
US11159453B2 (en) | 2019-08-22 | 2021-10-26 | International Business Machines Corporation | Fabric-based storage-server connection |
US11507666B2 (en) | 2019-08-27 | 2022-11-22 | Red Hat, Inc. | Trusted execution environment verification of a software package |
US10790979B1 (en) | 2019-08-29 | 2020-09-29 | Alibaba Group Holding Limited | Providing high availability computing service by issuing a certificate |
CN110677240B (zh) * | 2019-08-29 | 2020-07-10 | 阿里巴巴集团控股有限公司 | 通过证书签发提供高可用计算服务的方法、装置及介质 |
US11520650B2 (en) | 2019-09-05 | 2022-12-06 | Robin Systems, Inc. | Performing root cause analysis in a multi-role application |
US11249851B2 (en) | 2019-09-05 | 2022-02-15 | Robin Systems, Inc. | Creating snapshots of a storage volume in a distributed storage system |
US11494493B1 (en) * | 2019-09-23 | 2022-11-08 | Amazon Technologies, Inc. | Software verification for network-accessible applications |
US11023311B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | On-demand code execution in input path of data uploaded to storage service in multiple data portions |
US11386230B2 (en) | 2019-09-27 | 2022-07-12 | Amazon Technologies, Inc. | On-demand code obfuscation of data in input path of object storage service |
US10996961B2 (en) | 2019-09-27 | 2021-05-04 | Amazon Technologies, Inc. | On-demand indexing of data in input path of object storage service |
US11656892B1 (en) | 2019-09-27 | 2023-05-23 | Amazon Technologies, Inc. | Sequential execution of user-submitted code and native functions |
US11106477B2 (en) | 2019-09-27 | 2021-08-31 | Amazon Technologies, Inc. | Execution of owner-specified code during input/output path to object storage service |
US11550944B2 (en) | 2019-09-27 | 2023-01-10 | Amazon Technologies, Inc. | Code execution environment customization system for object storage service |
US11394761B1 (en) | 2019-09-27 | 2022-07-19 | Amazon Technologies, Inc. | Execution of user-submitted code on a stream of data |
US11416628B2 (en) | 2019-09-27 | 2022-08-16 | Amazon Technologies, Inc. | User-specific data manipulation system for object storage service based on user-submitted code |
US11962624B2 (en) | 2019-09-27 | 2024-04-16 | International Business Machines Corporation | Metadata driven selection of entitlements in an identity governance system |
US10908927B1 (en) | 2019-09-27 | 2021-02-02 | Amazon Technologies, Inc. | On-demand execution of object filter code in output path of object storage service |
US11023416B2 (en) | 2019-09-27 | 2021-06-01 | Amazon Technologies, Inc. | Data access control system for object storage service based on owner-defined code |
US11360948B2 (en) | 2019-09-27 | 2022-06-14 | Amazon Technologies, Inc. | Inserting owner-specified data processing pipelines into input/output path of object storage service |
US11055112B2 (en) | 2019-09-27 | 2021-07-06 | Amazon Technologies, Inc. | Inserting executions of owner-specified code into input/output path of object storage service |
US11250007B1 (en) | 2019-09-27 | 2022-02-15 | Amazon Technologies, Inc. | On-demand execution of object combination code in output path of object storage service |
US11263220B2 (en) | 2019-09-27 | 2022-03-01 | Amazon Technologies, Inc. | On-demand execution of object transformation code in output path of object storage service |
US11283635B2 (en) | 2019-09-28 | 2022-03-22 | Intel Corporation | Dynamic sharing in secure memory environments using edge service sidecars |
US11347684B2 (en) | 2019-10-04 | 2022-05-31 | Robin Systems, Inc. | Rolling back KUBERNETES applications including custom resources |
KR20210049603A (ko) * | 2019-10-25 | 2021-05-06 | 삼성전자주식회사 | 권한 정보에 기초한 인증서를 사용하여 액세스 컨트롤하는 방법 및 장치 |
US11354402B2 (en) * | 2019-11-01 | 2022-06-07 | Microsoft Technology Licensing, Llc | Virtual environment type validation for policy enforcement |
US12032979B2 (en) * | 2019-11-06 | 2024-07-09 | Amazon Technologies, Inc. | Automated host attestation for secure run-time environments |
US11119826B2 (en) | 2019-11-27 | 2021-09-14 | Amazon Technologies, Inc. | Serverless call distribution to implement spillover while avoiding cold starts |
US10942795B1 (en) | 2019-11-27 | 2021-03-09 | Amazon Technologies, Inc. | Serverless call distribution to utilize reserved capacity without inhibiting scaling |
US11403188B2 (en) | 2019-12-04 | 2022-08-02 | Robin Systems, Inc. | Operation-level consistency points and rollback |
US11614956B2 (en) | 2019-12-06 | 2023-03-28 | Red Hat, Inc. | Multicast live migration for encrypted virtual machines |
CN111064569B (zh) * | 2019-12-09 | 2021-04-20 | 支付宝(杭州)信息技术有限公司 | 可信计算集群的集群密钥获取方法及装置 |
US11449601B2 (en) | 2020-01-08 | 2022-09-20 | Red Hat, Inc. | Proof of code compliance and protected integrity using a trusted execution environment |
US11711351B2 (en) * | 2020-01-14 | 2023-07-25 | Vmware, Inc. | Distributed management and installation of digital certificates on a cluster for authentication with an external key management service |
US11475131B2 (en) | 2020-01-27 | 2022-10-18 | Red Hat, Inc. | Hypervisor level signature checks for encrypted trusted execution environments |
US11533174B2 (en) | 2020-01-29 | 2022-12-20 | International Business Machines Corporation | Binding secure objects of a security module to a secure guest |
US11475167B2 (en) | 2020-01-29 | 2022-10-18 | International Business Machines Corporation | Reserving one or more security modules for a secure guest |
US11281607B2 (en) * | 2020-01-30 | 2022-03-22 | Red Hat, Inc. | Paravirtualized cluster mode for legacy APICs |
US11888972B2 (en) | 2020-02-26 | 2024-01-30 | Red Hat, Inc. | Split security for trusted execution environments |
US11630683B2 (en) | 2020-02-26 | 2023-04-18 | Red Hat, Inc. | Low latency launch for trusted execution environments |
EP4111638A4 (en) * | 2020-02-27 | 2024-02-28 | Virtru Corporation | METHODS AND SYSTEMS FOR SECURING CONTAINERIZED APPLICATIONS |
US11714682B1 (en) | 2020-03-03 | 2023-08-01 | Amazon Technologies, Inc. | Reclaiming computing resources in an on-demand code execution system |
US11188391B1 (en) | 2020-03-11 | 2021-11-30 | Amazon Technologies, Inc. | Allocating resources to on-demand code executions under scarcity conditions |
US11620411B2 (en) | 2020-03-24 | 2023-04-04 | Red Hat, Inc. | Elastic launch for trusted execution environments |
US11775640B1 (en) | 2020-03-30 | 2023-10-03 | Amazon Technologies, Inc. | Resource utilization-based malicious task detection in an on-demand code execution system |
US11748133B2 (en) * | 2020-04-23 | 2023-09-05 | Netapp, Inc. | Methods and systems for booting virtual machines in the cloud |
US11397602B2 (en) * | 2020-04-24 | 2022-07-26 | Red Hat Inc. | Processor control register configuration support |
US11327783B2 (en) | 2020-04-29 | 2022-05-10 | Red Hat, Inc. | Asynchronous management of unencrypted memory page list of a virtual machine |
US11528186B2 (en) * | 2020-06-16 | 2022-12-13 | Robin Systems, Inc. | Automated initialization of bare metal servers |
US11880704B2 (en) * | 2020-06-24 | 2024-01-23 | Red Hat, Inc. | Nested virtual machine support for hypervisors of encrypted state virtual machines |
US11671412B2 (en) | 2020-07-01 | 2023-06-06 | Red Hat, Inc. | Network bound encryption for orchestrating workloads with sensitive data |
US11611431B2 (en) | 2020-07-01 | 2023-03-21 | Red Hat, Inc. | Network bound encryption for recovery of trusted execution environments |
US11645103B2 (en) * | 2020-07-23 | 2023-05-09 | EMC IP Holding Company LLC | Method and system for securing the movement of virtual machines between hosts |
US11741221B2 (en) | 2020-07-29 | 2023-08-29 | Red Hat, Inc. | Using a trusted execution environment to enable network booting |
US11558204B2 (en) | 2020-08-17 | 2023-01-17 | International Business Machines Corporation | Attesting control over network devices |
US11748140B2 (en) | 2020-08-31 | 2023-09-05 | Red Hat, Inc. | Virtual machine security policy implementation |
GB202014682D0 (en) * | 2020-09-17 | 2020-11-04 | Nordic Semiconductor Asa | Bootloaders |
US11740980B2 (en) | 2020-09-22 | 2023-08-29 | Robin Systems, Inc. | Managing snapshot metadata following backup |
US11537761B2 (en) | 2020-09-25 | 2022-12-27 | Intel Corporation | Transparent network access control for spatial accelerator device multi-tenancy |
US11343082B2 (en) | 2020-09-28 | 2022-05-24 | Red Hat, Inc. | Resource sharing for trusted execution environments |
US11743188B2 (en) | 2020-10-01 | 2023-08-29 | Robin Systems, Inc. | Check-in monitoring for workflows |
US11271895B1 (en) | 2020-10-07 | 2022-03-08 | Robin Systems, Inc. | Implementing advanced networking capabilities using helm charts |
US11456914B2 (en) | 2020-10-07 | 2022-09-27 | Robin Systems, Inc. | Implementing affinity and anti-affinity with KUBERNETES |
US11900131B2 (en) * | 2020-10-15 | 2024-02-13 | EMC IP Holding Company LLC | Dynamic remediation actions in response to configuration checks in an information processing system |
US11750451B2 (en) | 2020-11-04 | 2023-09-05 | Robin Systems, Inc. | Batch manager for complex workflows |
US20210141658A1 (en) * | 2020-11-11 | 2021-05-13 | Ravi Sahita | Method and apparatus for trusted devices using trust domain extensions |
US11593270B1 (en) | 2020-11-25 | 2023-02-28 | Amazon Technologies, Inc. | Fast distributed caching using erasure coded object parts |
US11550713B1 (en) | 2020-11-25 | 2023-01-10 | Amazon Technologies, Inc. | Garbage collection in distributed systems using life cycled storage roots |
US11847253B2 (en) * | 2020-11-30 | 2023-12-19 | Red Hat, Inc. | Efficient launching of trusted execution environments |
US11556361B2 (en) | 2020-12-09 | 2023-01-17 | Robin Systems, Inc. | Monitoring and managing of complex multi-role applications |
US11799670B2 (en) * | 2020-12-11 | 2023-10-24 | Vmware, Inc. | Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation |
US12039356B2 (en) * | 2021-01-06 | 2024-07-16 | Baidu Usa Llc | Method for virtual machine migration with checkpoint authentication in virtualization environment |
US20220278963A1 (en) * | 2021-03-01 | 2022-09-01 | Samsung Electronics Co., Ltd. | Storage device, storage system, and method of secure data movement between storage devices |
CN112995206B (zh) * | 2021-04-13 | 2021-07-30 | 北京电信易通信息技术股份有限公司 | 一种基于可信技术实现多型工作单元安全联动的方法 |
US12028345B2 (en) | 2021-05-19 | 2024-07-02 | Bank Of America Corporation | Information security system and method for identifying trusted machines for machine-to-machine (M2M) security and validation |
US11829482B2 (en) * | 2021-06-08 | 2023-11-28 | Dell Products L.P. | Pre-boot authentication for virtual machines using credentials stored in virtual trusted platform modules |
US11388210B1 (en) | 2021-06-30 | 2022-07-12 | Amazon Technologies, Inc. | Streaming analytics using a serverless compute system |
US11995197B2 (en) | 2021-07-27 | 2024-05-28 | International Business Machines Corporation | Sensitive data encryption |
US20230030816A1 (en) * | 2021-07-30 | 2023-02-02 | Red Hat, Inc. | Security broker for consumers of tee-protected services |
US11870647B1 (en) | 2021-09-01 | 2024-01-09 | Amazon Technologies, Inc. | Mapping on-premise network nodes to cloud network nodes |
US11799633B1 (en) * | 2021-09-27 | 2023-10-24 | Workday, Inc. | Enabling using external tenant master keys |
US11968280B1 (en) | 2021-11-24 | 2024-04-23 | Amazon Technologies, Inc. | Controlling ingestion of streaming data to serverless function executions |
US11972007B2 (en) | 2021-12-09 | 2024-04-30 | Cisco Technology, Inc. | Enforcing location-based data privacy rules across networked workloads |
US11960607B2 (en) | 2021-12-09 | 2024-04-16 | Cisco Technology, Inc. | Achieving minimum trustworthiness in distributed workloads |
US12015603B2 (en) | 2021-12-10 | 2024-06-18 | Amazon Technologies, Inc. | Multi-tenant mode for serverless code execution |
CN116361818A (zh) * | 2021-12-27 | 2023-06-30 | 戴尔产品有限公司 | 用于访问管理控制器的自动安全验证 |
CN114637602A (zh) * | 2022-03-03 | 2022-06-17 | 鼎捷软件股份有限公司 | 数据分享系统以及数据分享方法 |
US20230289204A1 (en) * | 2022-03-10 | 2023-09-14 | BedRock Systems. Inc. | Zero Trust Endpoint Device |
US20230342469A1 (en) * | 2022-04-26 | 2023-10-26 | Dell Products L.P. | Clustered virtual trusted platform module domain services with a redirector/router service system |
EP4328772A1 (de) * | 2022-08-26 | 2024-02-28 | Siemens Aktiengesellschaft | Kaskadiert signierbares artefakt einer container-instanz |
KR20240104780A (ko) * | 2022-12-28 | 2024-07-05 | 충남대학교산학협력단 | 모바일 기기의 동적커널모듈 보호 방법 및 이를 이용한 시스템 |
Family Cites Families (113)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2001239887A1 (en) | 2000-02-24 | 2001-09-03 | Valicert Corporation | Mechanism for efficient private bulk messaging |
GB2382419B (en) | 2001-11-22 | 2005-12-14 | Hewlett Packard Co | Apparatus and method for creating a trusted environment |
US8065713B1 (en) * | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
US7631196B2 (en) * | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US20050166051A1 (en) | 2004-01-26 | 2005-07-28 | Mark Buer | System and method for certification of a secure platform |
US7552419B2 (en) * | 2004-03-18 | 2009-06-23 | Intel Corporation | Sharing trusted hardware across multiple operational environments |
US7380119B2 (en) | 2004-04-29 | 2008-05-27 | International Business Machines Corporation | Method and system for virtualization of trusted platform modules |
US7673139B1 (en) * | 2004-05-06 | 2010-03-02 | Symantec Corporation | Protecting administrative privileges |
US7590867B2 (en) | 2004-06-24 | 2009-09-15 | Intel Corporation | Method and apparatus for providing secure virtualization of a trusted platform module |
US7802250B2 (en) * | 2004-06-28 | 2010-09-21 | Intel Corporation | Support for transitioning to a virtual machine monitor based upon the privilege level of guest software |
US20060126836A1 (en) * | 2004-12-10 | 2006-06-15 | Hector Rivas | System and method for dynamic generation of encryption keys |
US7757231B2 (en) * | 2004-12-10 | 2010-07-13 | Intel Corporation | System and method to deprivilege components of a virtual machine monitor |
US7725703B2 (en) | 2005-01-07 | 2010-05-25 | Microsoft Corporation | Systems and methods for securely booting a computer with a trusted processing module |
US7860802B2 (en) * | 2005-02-01 | 2010-12-28 | Microsoft Corporation | Flexible licensing architecture in content rights management systems |
US7647589B1 (en) * | 2005-02-07 | 2010-01-12 | Parallels Software International, Inc. | Methods and systems for safe execution of guest code in virtual machine context |
US7836299B2 (en) | 2005-03-15 | 2010-11-16 | Microsoft Corporation | Virtualization of software configuration registers of the TPM cryptographic processor |
US7636442B2 (en) | 2005-05-13 | 2009-12-22 | Intel Corporation | Method and apparatus for migrating software-based security coprocessors |
US7613921B2 (en) | 2005-05-13 | 2009-11-03 | Intel Corporation | Method and apparatus for remotely provisioning software-based security coprocessors |
US8074262B2 (en) * | 2005-05-13 | 2011-12-06 | Intel Corporation | Method and apparatus for migrating virtual trusted platform modules |
RU2390959C2 (ru) * | 2005-06-17 | 2010-05-27 | Телефонактиеболагет Лм Эрикссон (Пабл) | Способ и устройство протокола идентификации хост-узла |
JP2007004661A (ja) * | 2005-06-27 | 2007-01-11 | Hitachi Ltd | 仮想計算機の制御方法及びプログラム |
US8090919B2 (en) * | 2007-12-31 | 2012-01-03 | Intel Corporation | System and method for high performance secure access to a trusted platform module on a hardware virtualization platform |
US8549592B2 (en) | 2005-07-12 | 2013-10-01 | International Business Machines Corporation | Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform |
EP1911191B1 (en) | 2005-08-05 | 2017-12-06 | Hewlett-Packard Enterprise Development LP | System, method and apparatus for cryptography key management for mobile devices |
EP1977317A1 (en) | 2006-01-24 | 2008-10-08 | Citrix Systems, Inc. | Methods and systems for providing access to a computing environment |
US7444670B2 (en) | 2006-03-21 | 2008-10-28 | International Business Machines Corporation | Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance |
JP5038396B2 (ja) * | 2006-04-21 | 2012-10-03 | インターデイジタル テクノロジー コーポレーション | トラステッドコンピューティングの完全性測定の通知を実行する装置および方法 |
US20070271560A1 (en) * | 2006-05-18 | 2007-11-22 | Microsoft Corporation | Deploying virtual machine to host based on workload characterizations |
US8108668B2 (en) | 2006-06-26 | 2012-01-31 | Intel Corporation | Associating a multi-context trusted platform module with distributed platforms |
EP2039053B1 (en) * | 2006-06-30 | 2018-05-23 | Koninklijke Philips N.V. | Method and apparatus for encrypting/decrypting data |
US8522018B2 (en) | 2006-08-18 | 2013-08-27 | Fujitsu Limited | Method and system for implementing a mobile trusted platform module |
JP2010503252A (ja) | 2006-08-31 | 2010-01-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コンピューティング・プラットフォームの証明 |
US9135444B2 (en) | 2006-10-19 | 2015-09-15 | Novell, Inc. | Trusted platform module (TPM) assisted data center management |
KR20080085780A (ko) | 2007-03-20 | 2008-09-24 | 이상규 | 운영체제의 가상화 방법 |
US8151262B2 (en) | 2007-03-30 | 2012-04-03 | Lenovo (Singapore) Pte. Ltd. | System and method for reporting the trusted state of a virtual machine |
US8875266B2 (en) * | 2007-05-16 | 2014-10-28 | Vmware, Inc. | System and methods for enforcing software license compliance with virtual machines |
US8060876B2 (en) | 2007-08-10 | 2011-11-15 | Intel Corporation | Methods and apparatus for creating an isolated partition for a virtual trusted platform module |
US7827371B2 (en) * | 2007-08-30 | 2010-11-02 | Intel Corporation | Method for isolating third party pre-boot firmware from trusted pre-boot firmware |
US9043896B2 (en) | 2007-08-31 | 2015-05-26 | International Business Machines Corporation | Device certificate based appliance configuration |
US8249257B2 (en) | 2007-09-28 | 2012-08-21 | Intel Corporation | Virtual TPM keys rooted in a hardware TPM |
US20090204964A1 (en) | 2007-10-12 | 2009-08-13 | Foley Peter F | Distributed trusted virtualization platform |
US8220029B2 (en) | 2007-11-13 | 2012-07-10 | Samsung Electronics Co., Ltd. | Method and system for enforcing trusted computing policies in a hypervisor security module architecture |
US8208637B2 (en) | 2007-12-17 | 2012-06-26 | Microsoft Corporation | Migration of computer secrets |
JP5411122B2 (ja) | 2008-02-25 | 2014-02-12 | パナソニック株式会社 | 情報処理装置 |
WO2009123640A1 (en) | 2008-04-04 | 2009-10-08 | Hewlett-Packard Development Company, L.P. | Virtual machine manager system and methods |
US8543799B2 (en) | 2008-05-02 | 2013-09-24 | Microsoft Corporation | Client authentication during network boot |
US8578483B2 (en) * | 2008-07-31 | 2013-11-05 | Carnegie Mellon University | Systems and methods for preventing unauthorized modification of an operating system |
US8307353B2 (en) * | 2008-08-12 | 2012-11-06 | Oracle America, Inc. | Cross-domain inlining in a system virtual machine |
US20100082960A1 (en) | 2008-09-30 | 2010-04-01 | Steve Grobman | Protected network boot of operating system |
US8411863B2 (en) | 2008-10-03 | 2013-04-02 | Microsoft Corporation | Full volume encryption in a clustered environment |
US9300612B2 (en) * | 2009-01-15 | 2016-03-29 | International Business Machines Corporation | Managing interactions in a virtual world environment |
US8341427B2 (en) | 2009-02-16 | 2012-12-25 | Microsoft Corporation | Trusted cloud computing and services framework |
US8375195B2 (en) * | 2009-03-05 | 2013-02-12 | Oracle America, Inc. | Accessing memory locations for paged memory objects in an object-addressed memory system |
EP2278514B1 (en) * | 2009-07-16 | 2018-05-30 | Alcatel Lucent | System and method for providing secure virtual machines |
CN102473170B (zh) * | 2009-07-24 | 2016-01-27 | 惠普开发有限公司 | 基于虚拟机的应用服务供应 |
US8713182B2 (en) | 2009-08-03 | 2014-04-29 | Oracle International Corporation | Selection of a suitable node to host a virtual machine in an environment containing a large number of nodes |
CA2675701A1 (en) * | 2009-08-27 | 2009-11-05 | Ibm Canada Limited - Ibm Canada Limitee | Trust assertion using hierarchical weights |
JP2011048661A (ja) * | 2009-08-27 | 2011-03-10 | Nomura Research Institute Ltd | 仮想サーバ暗号化システム |
US8700893B2 (en) | 2009-10-28 | 2014-04-15 | Microsoft Corporation | Key certification in one round trip |
US8478996B2 (en) | 2009-12-21 | 2013-07-02 | International Business Machines Corporation | Secure Kerberized access of encrypted file system |
US9703586B2 (en) | 2010-02-17 | 2017-07-11 | Microsoft Technology Licensing, Llc | Distribution control and tracking mechanism of virtual machine appliances |
CN102947795B (zh) * | 2010-03-25 | 2016-06-29 | 维图斯瑞姆加拿大股份公司 | 安全云计算的系统和方法 |
US8375437B2 (en) | 2010-03-30 | 2013-02-12 | Microsoft Corporation | Hardware supported virtualized cryptographic service |
US20110246778A1 (en) | 2010-03-31 | 2011-10-06 | Emc Corporation | Providing security mechanisms for virtual machine images |
US8375220B2 (en) | 2010-04-02 | 2013-02-12 | Intel Corporation | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device |
US9443078B2 (en) * | 2010-04-20 | 2016-09-13 | International Business Machines Corporation | Secure access to a virtual machine |
US8555377B2 (en) | 2010-04-29 | 2013-10-08 | High Cloud Security | Secure virtual machine |
EP2577539B1 (en) | 2010-06-02 | 2018-12-19 | VMware, Inc. | Securing customer virtual machines in a multi-tenant cloud |
US8856504B2 (en) * | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
US8694777B2 (en) | 2010-08-13 | 2014-04-08 | International Business Machines Corporation | Securely identifying host systems |
AU2011291640B2 (en) | 2010-08-18 | 2015-11-12 | Security First Corp. | Systems and methods for securing virtual machine computing environments |
US9043577B2 (en) * | 2010-08-26 | 2015-05-26 | Freescale Semiconductor, Inc. | Memory management unit for a microprocessor system, microprocessor system and method for managing memory |
US8495750B2 (en) * | 2010-08-31 | 2013-07-23 | International Business Machines Corporation | Filesystem management and security system |
JP5524355B2 (ja) * | 2010-12-16 | 2014-06-18 | 株式会社日立製作所 | 仮想計算機管理方法、計算機システム及び計算機 |
TW201241662A (en) | 2010-12-21 | 2012-10-16 | Ibm | Virtual machine validation |
US9202062B2 (en) | 2010-12-21 | 2015-12-01 | International Business Machines Corporation | Virtual machine validation |
US8880667B2 (en) | 2011-02-09 | 2014-11-04 | Microsoft Corporation | Self regulation of the subject of attestation |
US8984610B2 (en) | 2011-04-18 | 2015-03-17 | Bank Of America Corporation | Secure network cloud architecture |
US9172683B2 (en) * | 2011-06-29 | 2015-10-27 | Apple Inc. | Method and apparatus for key distribution with implicit offline authorization |
US8732462B2 (en) * | 2011-07-07 | 2014-05-20 | Ziptr, Inc. | Methods and apparatus for secure data sharing |
US8943564B2 (en) * | 2011-07-21 | 2015-01-27 | International Business Machines Corporation | Virtual computer and service |
US8874935B2 (en) | 2011-08-30 | 2014-10-28 | Microsoft Corporation | Sector map-based rapid data encryption policy compliance |
US20130061293A1 (en) * | 2011-09-02 | 2013-03-07 | Wenbo Mao | Method and apparatus for securing the full lifecycle of a virtual machine |
US9270459B2 (en) | 2011-09-20 | 2016-02-23 | Cloudbyte, Inc. | Techniques for achieving tenant data confidentiality from cloud service provider administrators |
US8694786B2 (en) | 2011-10-04 | 2014-04-08 | International Business Machines Corporation | Virtual machine images encryption using trusted computing group sealing |
US20130097296A1 (en) | 2011-10-18 | 2013-04-18 | Telefonaktiebolaget L M Ericsson (Publ) | Secure cloud-based virtual machine migration |
CN104067288B (zh) | 2012-01-23 | 2017-03-29 | 西里克斯系统公司 | 存储加密方法 |
US8909939B1 (en) | 2012-04-04 | 2014-12-09 | Google Inc. | Distribution of cryptographic host keys in a cloud computing environment |
IN2014DN09465A (ru) | 2012-05-24 | 2015-07-17 | Ericsson Telefon Ab L M | |
US9183031B2 (en) * | 2012-06-19 | 2015-11-10 | Bank Of America Corporation | Provisioning of a virtual machine by using a secured zone of a cloud environment |
US20140007087A1 (en) | 2012-06-29 | 2014-01-02 | Mark Scott-Nash | Virtual trusted platform module |
US20140019753A1 (en) | 2012-07-10 | 2014-01-16 | John Houston Lowry | Cloud key management |
US10248442B2 (en) | 2012-07-12 | 2019-04-02 | Unisys Corporation | Automated provisioning of virtual machines |
KR102013841B1 (ko) * | 2012-08-06 | 2019-08-23 | 삼성전자주식회사 | 데이터의 안전한 저장을 위한 키 관리 방법 및 그 장치 |
US20140052877A1 (en) | 2012-08-16 | 2014-02-20 | Wenbo Mao | Method and apparatus for tenant programmable logical network for multi-tenancy cloud datacenters |
US8656482B1 (en) * | 2012-08-20 | 2014-02-18 | Bitdefender IPR Management Ltd. | Secure communication using a trusted virtual machine |
US8997173B2 (en) | 2012-09-12 | 2015-03-31 | Ca, Inc. | Managing security clusters in cloud computing environments using autonomous security risk negotiation agents |
US8782401B2 (en) | 2012-09-26 | 2014-07-15 | Intel Corporation | Enhanced privacy ID based platform attestation |
US8924720B2 (en) | 2012-09-27 | 2014-12-30 | Intel Corporation | Method and system to securely migrate and provision virtual machine images and content |
RU2514140C1 (ru) * | 2012-09-28 | 2014-04-27 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ увеличения качества обнаружений вредоносных объектов с использованием правил и приоритетов |
US8700898B1 (en) | 2012-10-02 | 2014-04-15 | Ca, Inc. | System and method for multi-layered sensitive data protection in a virtual computing environment |
US9374228B2 (en) | 2012-10-12 | 2016-06-21 | International Business Machines Corporation | Verifying a geographic location of a virtual disk image executing at a data center server within a data center |
US20150355829A1 (en) * | 2013-01-11 | 2015-12-10 | Koninklijke Philips N.V. | Enabling a user to control coded light sources |
CN103139221B (zh) * | 2013-03-07 | 2016-07-06 | 中国科学院软件研究所 | 一种可信虚拟平台及其构建方法、平台之间数据迁移方法 |
US20140281497A1 (en) | 2013-03-13 | 2014-09-18 | General Instrument Corporation | Online personalization update system for externally acquired keys |
US9027087B2 (en) * | 2013-03-14 | 2015-05-05 | Rackspace Us, Inc. | Method and system for identity-based authentication of virtual machines |
US9390248B2 (en) | 2013-08-28 | 2016-07-12 | Intel Corporation | Systems and methods for authenticating access to an operating system by a user before the operating system is booted using a wireless communication token |
US9401954B2 (en) | 2013-11-06 | 2016-07-26 | International Business Machines Corporation | Scaling a trusted computing model in a globally distributed cloud environment |
US9519498B2 (en) | 2013-12-24 | 2016-12-13 | Microsoft Technology Licensing, Llc | Virtual machine assurances |
US9740857B2 (en) * | 2014-01-16 | 2017-08-22 | Fireeye, Inc. | Threat-aware microvisor |
US9891918B2 (en) * | 2014-01-27 | 2018-02-13 | Via Alliance Semiconductor Co., Ltd. | Fractional use of prediction history storage for operating system routines |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US9519787B2 (en) | 2014-11-14 | 2016-12-13 | Microsoft Technology Licensing, Llc | Secure creation of encrypted virtual machines from encrypted templates |
-
2014
- 2014-09-09 US US14/481,399 patent/US9652631B2/en active Active
- 2014-10-01 US US14/504,096 patent/US9578017B2/en active Active
-
2015
- 2015-05-04 RU RU2016143089A patent/RU2679721C2/ru active
- 2015-05-04 CN CN201580023853.XA patent/CN106462438B/zh active Active
- 2015-05-04 WO PCT/US2015/028991 patent/WO2015171476A1/en active Application Filing
- 2015-05-04 BR BR112016024507-5A patent/BR112016024507B1/pt active IP Right Grant
- 2015-05-04 BR BR112016024453-2A patent/BR112016024453B1/pt active IP Right Grant
- 2015-05-04 JP JP2016566806A patent/JP6665113B2/ja active Active
- 2015-05-04 EP EP15722863.6A patent/EP3140950B1/en active Active
- 2015-05-04 CN CN201580023933.5A patent/CN106462439B/zh active Active
- 2015-05-04 JP JP2016566758A patent/JP6484255B2/ja active Active
- 2015-05-04 WO PCT/US2015/028995 patent/WO2015171478A1/en active Application Filing
- 2015-05-04 EP EP15722864.4A patent/EP3140770B1/en active Active
- 2015-05-04 RU RU2016143088A patent/RU2693313C2/ru active
-
2016
- 2016-08-22 US US15/243,647 patent/US10176095B2/en active Active
-
2019
- 2019-01-06 US US16/240,763 patent/US10956321B2/en active Active
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2016143088A (ru) | Безопасный транспорт зашифрованных виртуальных машин с непрерывным доступом владельца | |
JP2017515413A5 (ru) | ||
JP2016514912A5 (ru) | ||
BR112015026372B8 (pt) | Dispositivo de comunicação que reforça a segurança para um arquivo armazenado em uma unidade virtual | |
WO2014070134A3 (en) | Quorum-based virtual machine security | |
EA201301077A1 (ru) | Способ защиты информации в облачных вычислениях с использованием гомоморфного шифрования | |
BR112016021120A2 (pt) | Método e dispositivo de gerenciamento de dados confidenciais; método e sistema de autenticação segura | |
BR112017007994A2 (pt) | armazenamento para dados criptografados com segurança reforçada | |
GB2499963A (en) | Computer-readable storage mediums for encrypting and decrypting a virtual disc | |
WO2015121806A3 (en) | System and method for securing content keys delivered in manifest files | |
WO2013068843A3 (en) | Multi-key cryptography for encrypting file system acceleration | |
GB2544672A (en) | PUF and address dependent data encryption | |
GB2545838A (en) | Hypervisor and virtual machine protection | |
JP2016513945A5 (ru) | ||
WO2013130555A3 (en) | Method of operating a computing device, computing device and computer program | |
JP2014502749A5 (ru) | ||
JP2010140473A5 (ru) | ||
US20160080144A1 (en) | Apparatus and method for data encryption | |
GB2509422A (en) | Decryption and encryption of application data | |
MX2016001900A (es) | Criptografia nado utilizando funciones unidireccionales. | |
WO2013130561A3 (en) | Method of operating a computing device, computing device and computer program | |
JP2018500679A5 (ru) | ||
JP2014085674A5 (ru) | ||
WO2012122117A3 (en) | Content playback apis using encrypted streams | |
JP2013232233A5 (ru) |