Method and system for secure instantiation of an operation system within the cloud
First Claim
Patent Images
1. A method comprising:
- initiating a first execution environment, the first execution environment comprising a key access protocol for accessing a cipher key; and
,initiating by the first execution environment a virtual machine, the virtual machine stored in encrypted form, the first execution environment accessing the cipher key for deciphering the encrypted form of the virtual machine to allow the virtual machine to be executed,wherein the first execution environment comprises a pre-boot environment comprising a Unix-like virtual machine and wherein the virtual machine comprises an operating system including encryption of portions of the operating system required for execution of the operating system other than a preboot portion thereof within the operating system and requiring password entry prior to decryption of the encrypted portions of the operating system, andwherein the first execution environment controls at least an aspect of the operating system during execution thereof to enter an unsecured password through a keyboard interface to the operating system to continue execution of the virtual machine.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for executing a secure virtual machine stored in encrypted form in IaaS cloud such as Microsoft Azure or Amazon Web Services. A first execution environment comprising a key access protocol for accessing a cipher key is initiated. The first execution environment executes the secure virtual machine by accessing a secret for use in deciphering the encrypted form of the secure virtual machine and providing same to allow the secure virtual machine to be executed.
32 Citations
14 Claims
-
1. A method comprising:
-
initiating a first execution environment, the first execution environment comprising a key access protocol for accessing a cipher key; and
,initiating by the first execution environment a virtual machine, the virtual machine stored in encrypted form, the first execution environment accessing the cipher key for deciphering the encrypted form of the virtual machine to allow the virtual machine to be executed, wherein the first execution environment comprises a pre-boot environment comprising a Unix-like virtual machine and wherein the virtual machine comprises an operating system including encryption of portions of the operating system required for execution of the operating system other than a preboot portion thereof within the operating system and requiring password entry prior to decryption of the encrypted portions of the operating system, and wherein the first execution environment controls at least an aspect of the operating system during execution thereof to enter an unsecured password through a keyboard interface to the operating system to continue execution of the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
initiating a first execution environment, the first execution environment comprising a key access protocol for accessing a cipher key; and
,initiating by the first execution environment a virtual machine, the virtual machine stored partially in encrypted form and requiring a secret for decrypting thereof, the first execution environment accessing the secret for deciphering the encrypted form of the virtual machine to allow the virtual machine to continue execution, wherein the first execution environment comprises a security protocol for verifying an initiator thereof to authenticate the initiator as someone permitted to execute the virtual machine, wherein the first execution environment comprises a pre-boot environment comprising a Unix-like virtual machine and wherein the virtual machine comprises an operating system including encryption of portions of the operating system required for execution of the operating system other than a preboot portion thereof within the operating system and requiring password entry prior to decryption of the encrypted portions of the operating system, and wherein the first execution environment controls at least an aspect of the operating system during execution thereof to enter an unsecured password through a keyboard interface to the operating system to continue execution of the virtual machine. - View Dependent Claims (9, 10, 11)
-
-
12. A method comprising:
-
initiating a first execution environment within the cloud, the first execution environment comprising a key access protocol for accessing a cipher key and for storing said cipher key within the first execution environment and for executing an operating system stored in encrypted form; accessing by the first execution environment the cipher key for deciphering the encrypted form of the operating system to allow the operating system to be executed within the first execution environment; and executing the operating system, wherein the key access protocol comprises a pre-boot environment comprising a Unix-like operating system in execution for accessing a cipher key and for storing said cipher key within the first execution environment and wherein the operating system comprises a first operating system including encryption of portions of the operating system required for execution of the operating system other than a preboot portion thereof within the operating system and requiring password entry prior to decryption of the encrypted portions of the operating system, wherein the first execution environment controls at least an aspect of the operating system during execution thereof to enter an unsecured password through a keyboard interface to the operating system to continue execution of the virtual machine. - View Dependent Claims (13, 14)
-
Specification