SG11201505653PA - Privileged cryptographic services in a virtualized environment - Google Patents

Privileged cryptographic services in a virtualized environment

Info

Publication number
SG11201505653PA
SG11201505653PA SG11201505653PA SG11201505653PA SG11201505653PA SG 11201505653P A SG11201505653P A SG 11201505653PA SG 11201505653P A SG11201505653P A SG 11201505653PA SG 11201505653P A SG11201505653P A SG 11201505653PA SG 11201505653P A SG11201505653P A SG 11201505653PA
Authority
SG
Singapore
Prior art keywords
virtualized environment
cryptographic services
privileged
privileged cryptographic
services
Prior art date
Application number
SG11201505653PA
Inventor
Gregory Branchek Roth
Nachiketh Rao Potlapally
Original Assignee
Amazon Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Amazon Tech Inc filed Critical Amazon Tech Inc
Publication of SG11201505653PA publication Critical patent/SG11201505653PA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)
SG11201505653PA 2013-01-22 2014-01-22 Privileged cryptographic services in a virtualized environment SG11201505653PA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/746,924 US9037854B2 (en) 2013-01-22 2013-01-22 Privileged cryptographic services in a virtualized environment
PCT/US2014/012600 WO2014116740A2 (en) 2013-01-22 2014-01-22 Privileged cryptographic services in a virtualized environment

Publications (1)

Publication Number Publication Date
SG11201505653PA true SG11201505653PA (en) 2015-08-28

Family

ID=51208718

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201505653PA SG11201505653PA (en) 2013-01-22 2014-01-22 Privileged cryptographic services in a virtualized environment

Country Status (9)

Country Link
US (1) US9037854B2 (en)
EP (1) EP2949074B1 (en)
JP (1) JP6141455B2 (en)
KR (1) KR101696131B1 (en)
CN (1) CN104982005B (en)
AU (1) AU2014209467B2 (en)
CA (1) CA2898756C (en)
SG (1) SG11201505653PA (en)
WO (1) WO2014116740A2 (en)

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10341281B2 (en) 2013-01-22 2019-07-02 Amazon Technologies, Inc. Access control policies associated with freeform metadata
US9576141B2 (en) 2013-01-22 2017-02-21 Amazon Technologies, Inc. Access controls on the use of freeform metadata
US10579405B1 (en) * 2013-03-13 2020-03-03 Amazon Technologies, Inc. Parallel virtual machine managers
US9680862B2 (en) * 2014-07-01 2017-06-13 Fireeye, Inc. Trusted threat-aware microvisor
US9594927B2 (en) * 2014-09-10 2017-03-14 Intel Corporation Providing a trusted execution environment using a processor
US10303879B1 (en) * 2014-11-06 2019-05-28 Amazon Technologies, Inc. Multi-tenant trusted platform modules
EP3032453B1 (en) * 2014-12-08 2019-11-13 eperi GmbH Storing data in a server computer with deployable encryption/decryption infrastructure
US10754967B1 (en) * 2014-12-15 2020-08-25 Marvell Asia Pte, Ltd. Secure interrupt handling between security zones
US9459907B2 (en) 2015-02-24 2016-10-04 Red Hat Israel, Ltd. Guest controlled malicious payload protection
EP3070607B1 (en) 2015-03-20 2020-12-09 Virtual Open Systems Compute node supporting virtual machines and services
US11113086B1 (en) 2015-06-30 2021-09-07 Fireeye, Inc. Virtual system and method for securing external network connectivity
US10216927B1 (en) 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer
US10726127B1 (en) 2015-06-30 2020-07-28 Fireeye, Inc. System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer
US10642753B1 (en) 2015-06-30 2020-05-05 Fireeye, Inc. System and method for protecting a software component running in virtual machine using a virtualization layer
US10395029B1 (en) 2015-06-30 2019-08-27 Fireeye, Inc. Virtual system and method with threat protection
US10075296B2 (en) * 2015-07-02 2018-09-11 Intel Corporation Loading and virtualizing cryptographic keys
US10033759B1 (en) 2015-09-28 2018-07-24 Fireeye, Inc. System and method of threat detection under hypervisor control
CN105718794B (en) * 2016-01-27 2018-06-05 华为技术有限公司 The method and system of safeguard protection are carried out to virtual machine based on VTPM
JP2017147654A (en) * 2016-02-18 2017-08-24 株式会社日立ソリューションズ Virtual terminal management device, and document protection method
US10348500B2 (en) * 2016-05-05 2019-07-09 Adventium Enterprises, Llc Key material management
US10318737B2 (en) * 2016-06-30 2019-06-11 Amazon Technologies, Inc. Secure booting of virtualization managers
US10148444B2 (en) * 2016-08-04 2018-12-04 Dell Products L.P. Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor
US10310885B2 (en) * 2016-10-25 2019-06-04 Microsoft Technology Licensing, Llc Secure service hosted in a virtual security environment
US10439803B2 (en) * 2016-11-14 2019-10-08 Microsoft Technology Licensing, Llc Secure key management
CN110383277B (en) 2017-03-07 2021-09-14 华为技术有限公司 Virtual machine monitor measurement proxy
EP3413531A1 (en) * 2017-06-07 2018-12-12 Hewlett-Packard Development Company, L.P. Intrusion detection systems
US10467439B2 (en) * 2017-07-05 2019-11-05 Dell Products, L.P. Detecting tampering of memory contents in an information handling system
US11507668B2 (en) 2017-09-19 2022-11-22 Hewlett-Packard Development Company, L.P. Cryptographic key security
US20190087580A1 (en) * 2017-09-19 2019-03-21 Microsoft Technology Licensing, Llc Secure launch for a hypervisor
US10657071B2 (en) 2017-09-25 2020-05-19 Intel Corporation System, apparatus and method for page granular, software controlled multiple key memory encryption
US11683311B2 (en) * 2018-03-01 2023-06-20 Veritas Technologies Llc Systems and methods for running applications on a multi-tenant container platform
WO2019174048A1 (en) 2018-03-16 2019-09-19 华为技术有限公司 Container escape detection method, apparatus and system, and storage medium
US11048815B2 (en) * 2018-08-06 2021-06-29 Snowflake Inc. Secure data sharing in a multi-tenant database system
JP7252332B2 (en) * 2018-11-21 2023-04-04 アマゾン テクノロジーズ インコーポレイテッド Method and system for robotics application development
KR102153048B1 (en) * 2018-11-22 2020-09-07 한양대학교 산학협력단 Method and apparatus for detection alteration of smram
US11354421B2 (en) * 2019-03-08 2022-06-07 International Business Machines Corporation Secure execution guest owner controls for secure interface control
US11500988B2 (en) * 2019-03-08 2022-11-15 International Business Machines Corporation Binding secure keys of secure guests to a hardware security module
CN113227966A (en) 2019-04-15 2021-08-06 惠普发展公司,有限责任合伙企业 Image transfer
US11295014B2 (en) * 2019-05-08 2022-04-05 Baidu Usa Llc TPM-based secure multiparty computing system using a non-bypassable gateway
US11537421B1 (en) 2019-06-07 2022-12-27 Amazon Technologies, Inc. Virtual machine monitor providing secure cryptographic operations
CN110430046B (en) * 2019-07-18 2021-07-06 上海交通大学 Cloud environment-oriented trusted platform module two-stage key copying method
JP2021118370A (en) 2020-01-22 2021-08-10 キオクシア株式会社 Memory system, information processing device, and information processing system
KR102325986B1 (en) * 2020-01-22 2021-11-12 네이버클라우드 주식회사 Method and system for dinamic application of storage encryption
EP3940565A1 (en) * 2020-07-15 2022-01-19 Hewlett-Packard Development Company, L.P. System management states
US11924179B2 (en) * 2022-08-08 2024-03-05 International Business Machines Corporation API based distribution of private session key to network communication device for secured communications
US11765142B1 (en) * 2022-08-08 2023-09-19 International Business Machines Corporation Distribution of private session key to network communication device for secured communications
US11916890B1 (en) * 2022-08-08 2024-02-27 International Business Machines Corporation Distribution of a cryptographic service provided private session key to network communication device for secured communications

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
US20030229794A1 (en) * 2002-06-07 2003-12-11 Sutton James A. System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container
US7493409B2 (en) * 2003-04-10 2009-02-17 International Business Machines Corporation Apparatus, system and method for implementing a generalized queue pair in a system area network
US7552419B2 (en) * 2004-03-18 2009-06-23 Intel Corporation Sharing trusted hardware across multiple operational environments
US20050289311A1 (en) * 2004-06-29 2005-12-29 David Durham System and method for secure inter-platform and intra-platform communications
US7613921B2 (en) * 2005-05-13 2009-11-03 Intel Corporation Method and apparatus for remotely provisioning software-based security coprocessors
US7587595B2 (en) * 2005-05-13 2009-09-08 Intel Corporation Method and apparatus for providing software-based security coprocessors
US8973094B2 (en) * 2006-05-26 2015-03-03 Intel Corporation Execution of a secured environment initialization instruction on a point-to-point interconnect system
US20080134321A1 (en) * 2006-12-05 2008-06-05 Priya Rajagopal Tamper-resistant method and apparatus for verification and measurement of host agent dynamic data updates
US20080147555A1 (en) * 2006-12-18 2008-06-19 Daryl Carvis Cromer System and Method for Using a Hypervisor to Control Access to a Rental Computer
US8254579B1 (en) * 2007-01-31 2012-08-28 Hewlett-Packard Development Company, L.P. Cryptographic key distribution using a trusted computing platform
US8151262B2 (en) * 2007-03-30 2012-04-03 Lenovo (Singapore) Pte. Ltd. System and method for reporting the trusted state of a virtual machine
US8010763B2 (en) * 2007-08-02 2011-08-30 International Business Machines Corporation Hypervisor-enforced isolation of entities within a single logical partition's virtual address space
JP2009223787A (en) * 2008-03-18 2009-10-01 Hitachi Software Eng Co Ltd Information processor and processing method, and program
US9559842B2 (en) * 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US8839239B2 (en) * 2010-06-15 2014-09-16 Microsoft Corporation Protection of virtual machines executing on a host device
US20120054486A1 (en) * 2010-08-31 2012-03-01 MindTree Limited Securing A Virtual Environment And Virtual Machines
TW201241662A (en) * 2010-12-21 2012-10-16 Ibm Virtual machine validation
CN102542185B (en) * 2010-12-23 2016-05-04 伊姆西公司 The method and apparatus that software in sclerosis random access storage device is carried out
US8953796B2 (en) * 2011-06-29 2015-02-10 International Business Machines Corporation Techniques for accessing features of a hardware adapter
US8694781B1 (en) * 2012-03-30 2014-04-08 Emc Corporation Techniques for providing hardware security module operability
US9071587B2 (en) * 2012-08-27 2015-06-30 International Business Machines Corporation Optimizing deployment of virtual machines by pre-generating a virtual machine's first-boot metadata by cloud controller
US8832435B2 (en) * 2012-12-17 2014-09-09 International Business Machines Corporation Providing a real-time indication of platform trust

Also Published As

Publication number Publication date
KR20150106935A (en) 2015-09-22
CA2898756C (en) 2018-10-02
EP2949074A2 (en) 2015-12-02
AU2014209467B2 (en) 2016-09-08
CN104982005B (en) 2018-05-29
CA2898756A1 (en) 2014-07-31
WO2014116740A2 (en) 2014-07-31
EP2949074B1 (en) 2018-11-21
US20140208123A1 (en) 2014-07-24
EP2949074A4 (en) 2016-09-21
AU2014209467A1 (en) 2015-08-27
US9037854B2 (en) 2015-05-19
WO2014116740A3 (en) 2014-10-09
JP6141455B2 (en) 2017-06-07
JP2016511872A (en) 2016-04-21
CN104982005A (en) 2015-10-14
KR101696131B1 (en) 2017-01-12

Similar Documents

Publication Publication Date Title
SG11201505653PA (en) Privileged cryptographic services in a virtualized environment
HK1221301A1 (en) Trusted device
IL242683B (en) Virtual key ring
SG11201507019QA (en) Application marketplace for virtual desktops
SG11201600694WA (en) Virtual computing instance migration
IL236317B (en) Systems and methods for incubating malware in a virtual organization
GB2507498B (en) Secure computing environment
SG11201505652UA (en) Secure virtual machine migration
SG11201602278YA (en) Virtual computing systems and methods
SG11201505651WA (en) Secure interface for invoking privileged operations
EP2987277A4 (en) Hypervisor and physical machine and respective methods therein for performance measurement
EP3042310A4 (en) Providing recursively-generated instantiated computing resource in a multi-tenant environment
GB2540640B (en) Creating an isolated execution environment in a co-designed processor
EP2972932A4 (en) Cloud based virtual mobile device
EP2911055A4 (en) Parallel computing device
EP2987086A4 (en) Secure computing
EP3061204A4 (en) Re-programmable secure cryptographic device
EP2991647A4 (en) Deuterated amlexanox
GB2524925B (en) Encapsulating a virtual server in a hypervisor subpartition
SG11201504354SA (en) Computing device
EP3084601A4 (en) Techniques for portable computing device virtualization
GB201414095D0 (en) Selectively triggering execution of services in a computing environment
GB201305062D0 (en) Transaction capable queuing
EP3029839A4 (en) Arithmetic logic device
GB2536370B (en) Virtual transportation machine