SG11201510761PA - Cryptographically attested resources for hosting virtual machines - Google Patents

Cryptographically attested resources for hosting virtual machines

Info

Publication number
SG11201510761PA
SG11201510761PA SG11201510761PA SG11201510761PA SG11201510761PA SG 11201510761P A SG11201510761P A SG 11201510761PA SG 11201510761P A SG11201510761P A SG 11201510761PA SG 11201510761P A SG11201510761P A SG 11201510761PA SG 11201510761P A SG11201510761P A SG 11201510761PA
Authority
SG
Singapore
Prior art keywords
virtual machines
hosting virtual
resources
cryptographically
cryptographically attested
Prior art date
Application number
SG11201510761PA
Other languages
English (en)
Inventor
Nachiketh Rao Potlapally
Eric Jason Brandwine
Matthew Shawn Wilson
Original Assignee
Amazon Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Amazon Tech Inc filed Critical Amazon Tech Inc
Publication of SG11201510761PA publication Critical patent/SG11201510761PA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
SG11201510761PA 2013-07-01 2014-07-01 Cryptographically attested resources for hosting virtual machines SG11201510761PA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/932,828 US9367339B2 (en) 2013-07-01 2013-07-01 Cryptographically attested resources for hosting virtual machines
PCT/US2014/045125 WO2015002992A1 (fr) 2013-07-01 2014-07-01 Ressources authentifiées par cryptage pour l'hébergement de machines virtuelles

Publications (1)

Publication Number Publication Date
SG11201510761PA true SG11201510761PA (en) 2016-01-28

Family

ID=52117025

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201510761PA SG11201510761PA (en) 2013-07-01 2014-07-01 Cryptographically attested resources for hosting virtual machines

Country Status (7)

Country Link
US (2) US9367339B2 (fr)
EP (1) EP3017397B1 (fr)
JP (1) JP6556710B2 (fr)
CN (1) CN105493099B (fr)
CA (1) CA2916966C (fr)
SG (1) SG11201510761PA (fr)
WO (1) WO2015002992A1 (fr)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9367339B2 (en) 2013-07-01 2016-06-14 Amazon Technologies, Inc. Cryptographically attested resources for hosting virtual machines
US9065854B2 (en) * 2013-10-28 2015-06-23 Citrix Systems, Inc. Systems and methods for managing a guest virtual machine executing within a virtualized environment
WO2015069157A1 (fr) * 2013-11-07 2015-05-14 Telefonaktiebolaget L M Ericsson (Publ) Mise en place d'une machine virtuelle pour un dispositif ip
US9734325B1 (en) * 2013-12-09 2017-08-15 Forcepoint Federal Llc Hypervisor-based binding of data to cloud environment for improved security
US9641385B1 (en) * 2013-12-16 2017-05-02 Amazon Technologies, Inc. Dynamic system configuration in a virtual environment
US10044695B1 (en) 2014-09-02 2018-08-07 Amazon Technologies, Inc. Application instances authenticated by secure measurements
US10079681B1 (en) 2014-09-03 2018-09-18 Amazon Technologies, Inc. Securing service layer on third party hardware
US9577829B1 (en) 2014-09-03 2017-02-21 Amazon Technologies, Inc. Multi-party computation services
US10061915B1 (en) 2014-09-03 2018-08-28 Amazon Technologies, Inc. Posture assessment in a secure execution environment
US9754116B1 (en) 2014-09-03 2017-09-05 Amazon Technologies, Inc. Web services in secure execution environments
US9491111B1 (en) 2014-09-03 2016-11-08 Amazon Technologies, Inc. Securing service control on third party hardware
US9246690B1 (en) 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
US9442752B1 (en) * 2014-09-03 2016-09-13 Amazon Technologies, Inc. Virtual secure execution environments
US9584517B1 (en) 2014-09-03 2017-02-28 Amazon Technologies, Inc. Transforms within secure execution environments
US10303879B1 (en) * 2014-11-06 2019-05-28 Amazon Technologies, Inc. Multi-tenant trusted platform modules
EP3032453B1 (fr) * 2014-12-08 2019-11-13 eperi GmbH Stockage de données dans un ordinateur serveur avec une infrastructure de cryptage/décryptage déployable
CN105049257A (zh) * 2015-08-12 2015-11-11 北京因特信安软件科技有限公司 基于可信地理位置信息的云平台调度方法
US10310885B2 (en) * 2016-10-25 2019-06-04 Microsoft Technology Licensing, Llc Secure service hosted in a virtual security environment
US10404470B2 (en) * 2017-01-13 2019-09-03 Microsoft Technology Licensing, Llc Signature verification of field-programmable gate array programs
US20180341768A1 (en) * 2017-05-26 2018-11-29 Microsoft Technology Licensing, Llc Virtual machine attestation
US10757082B2 (en) * 2018-02-22 2020-08-25 International Business Machines Corporation Transforming a wrapped key into a protected key
US20190386895A1 (en) * 2018-06-13 2019-12-19 At&T Intellectual Property I, L.P. East-west traffic monitoring solutions for the microservice virtualized data center lan
US11609845B2 (en) 2019-05-28 2023-03-21 Oracle International Corporation Configurable memory device connected to a microprocessor
CN110308917B (zh) * 2019-06-26 2024-02-23 深圳前海微众银行股份有限公司 小程序发布方法、装置、设备及计算机存储介质
CA3168147A1 (fr) * 2020-02-18 2021-08-26 David Ian Gault Systeme et procede pour mettre en ?uvre un reseau de donnees virtuelles personnelles (pvdn)
US11645390B2 (en) * 2020-03-16 2023-05-09 Vmware, Inc. Cloud-based method to increase integrity of a next generation antivirus (NGAV) security solution in a virtualized computing environment
KR102175317B1 (ko) * 2020-07-02 2020-11-06 굿모닝아이텍(주) 데스크톱 가상화
KR102179185B1 (ko) * 2020-07-02 2020-11-17 굿모닝아이텍(주) 서버 관리 시스템
US11283882B1 (en) * 2020-09-08 2022-03-22 Sailpoint Technologies, Inc. System and method for software services platform architecture for supporting standalone services or development environments
US11954181B2 (en) * 2020-12-16 2024-04-09 Dell Products L.P. System and method for managing virtual hardware licenses of hardware resources accessed via application instances
US20230252172A1 (en) * 2022-02-09 2023-08-10 Dell Products L.P. Systems and methods for isolated and protected file system and data restoration

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7392534B2 (en) 2003-09-29 2008-06-24 Gemalto, Inc System and method for preventing identity theft using a secure computing device
US8090919B2 (en) * 2007-12-31 2012-01-03 Intel Corporation System and method for high performance secure access to a trusted platform module on a hardware virtualization platform
JP2009512096A (ja) * 2005-10-18 2009-03-19 インタートラスト テクノロジーズ コーポレイション デジタル著作権管理エンジンのシステムおよび方法
KR100823738B1 (ko) * 2006-09-29 2008-04-21 한국전자통신연구원 컴퓨팅 플랫폼의 설정 정보를 은닉하면서 무결성 보증을제공하는 방법
AU2009326869A1 (en) 2008-12-12 2011-07-14 Boxsentry Pte Ltd Electronic messaging integrity engine
US9807608B2 (en) * 2009-04-20 2017-10-31 Interdigital Patent Holdings, Inc. System of multiple domains and domain ownership
US8745747B2 (en) * 2009-12-31 2014-06-03 Fujitsu Limited Data protecting device
US20110202765A1 (en) * 2010-02-17 2011-08-18 Microsoft Corporation Securely move virtual machines between host servers
JP5552343B2 (ja) * 2010-03-16 2014-07-16 株式会社日本総合研究所 管理装置、管理方法およびプログラム
TW201241662A (en) * 2010-12-21 2012-10-16 Ibm Virtual machine validation
US20120179904A1 (en) 2011-01-11 2012-07-12 Safenet, Inc. Remote Pre-Boot Authentication
JP5501276B2 (ja) * 2011-03-18 2014-05-21 株式会社エヌ・ティ・ティ・データ 仮想マシン配置装置、仮想マシン配置方法、仮想マシン配置プログラム
JP5577283B2 (ja) * 2011-03-29 2014-08-20 株式会社エヌ・ティ・ティ・データ 仮想マシン起動装置、仮想マシン起動方法、仮想マシン起動プログラム
US9264220B2 (en) * 2011-04-26 2016-02-16 Telefonaktiebolaget L M Ericsson (Publ) Secure virtual machine provisioning
US20130061293A1 (en) * 2011-09-02 2013-03-07 Wenbo Mao Method and apparatus for securing the full lifecycle of a virtual machine
US20130097660A1 (en) 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment
JP5945512B2 (ja) * 2013-02-13 2016-07-05 株式会社日立製作所 計算機システム、及び仮想計算機管理方法
US9367339B2 (en) 2013-07-01 2016-06-14 Amazon Technologies, Inc. Cryptographically attested resources for hosting virtual machines

Also Published As

Publication number Publication date
CA2916966A1 (fr) 2015-01-08
WO2015002992A1 (fr) 2015-01-08
US20160291992A1 (en) 2016-10-06
EP3017397A1 (fr) 2016-05-11
US9880866B2 (en) 2018-01-30
CA2916966C (fr) 2017-12-19
CN105493099B (zh) 2018-09-25
JP6556710B2 (ja) 2019-08-07
JP2016526734A (ja) 2016-09-05
EP3017397A4 (fr) 2016-12-28
EP3017397B1 (fr) 2021-11-17
US20150007175A1 (en) 2015-01-01
CN105493099A (zh) 2016-04-13
US9367339B2 (en) 2016-06-14

Similar Documents

Publication Publication Date Title
SG11201510761PA (en) Cryptographically attested resources for hosting virtual machines
HK1226212A1 (zh) 無需緩衝存儲器的虛擬路由
SG11201505652UA (en) Secure virtual machine migration
EP3063624A4 (fr) Infrastructure d'introspection d'une machine virtuelle
EP2987282A4 (fr) Migration de machine virtuelle
SG11201508971UA (en) User-influenced placement of virtual machine instances
GB201312422D0 (en) Virtual Machine Backup
EP3027800A4 (fr) Machine à laver
EP2982832A4 (fr) Machine rotative
GB2584232B (en) A method of operating a virtual machine cluster
GB201316412D0 (en) Dunmage Machine
EP3026996B8 (fr) Machine de montage d'éléments
GB201320537D0 (en) Virtual machine backup
EP3021650A4 (fr) Machine de montage de composants
GB201307791D0 (en) Packaging machine
PL3003376T3 (pl) Terapie kardiomiopatii
EP3079057A4 (fr) Procédé et dispositif pour réaliser une introspection de machine virtuelle
EP3063692A4 (fr) Introspection de machine virtuelle
TWI560109B (en) Auto-packing machine
GB2511082B (en) Reluctance machines
EP2998728A4 (fr) Machine de montage de composants
EP3009557A4 (fr) Lave-linge
GB201312417D0 (en) Virtual Machine Backup
EP3016490A4 (fr) Machine de montage de composants
GB201318104D0 (en) Rotational machine