Parallel virtual machine managers

US 10,579,405 B1
Filed: 03/13/2013
Issued: 03/03/2020
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A system for managing access to secure information, comprising:

a processor, the processor configured to concurrently operate a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM;

a trusted platform module (TPM) with stored secret information for a guest virtual machine (VM) running on the VMM; and

memory storing instructions that, when executed by the processor, cause the system to;

receive a first request to create the guest VM;

create the guest VM on the VMM and a corresponding vTPM on the SVMM, the vTPM being sealed to the TPM and holding a copy of the secret information;

expose, from the SVMM, at least one interface enabling the VMM and the guest VM to submit requests to the SVMM;

receive, to one of the at least one interface, a second request to perform an operation requiring at least a portion of the secret information;

identifying, by the SVMM, the vTPM associated with the second request to perform the operation; and

in response to verifying a source of the second request as one of the VMM or the guest VM, as well as in response to verifying an integrity of the source, allowing access to the at least the portion of the secret information associated with the vTPM and performing the operation using at least a portion of the secret information, wherein the secret information is not accessible from the TPM directly via the VMM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor on a host machine can concurrently operate a standard virtual machine manager (VMM) and a security VMM (SVMM), where the SVMM has a higher privilege level and manages access to a hardware TPM or other trusted source on the host machine. Such a configuration prevents a compromised VMM from gaining access to secrets stored in the hardware TPM. The SVMM can create a virtual TPM (vTPM) for each guest VM, and can seal information in each vTPM to the hardware TPM. A guest VM or the standard VMM can access information in the corresponding vTPM only through the corresponding SVMM. Such an approach enables the host to securely implement critical security functionality that can be exposed to customers, and provides protection against leakage of customer secrets in case of a security compromise.

Citations

24 Claims

1. A system for managing access to secure information, comprising:
- a processor, the processor configured to concurrently operate a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM;
  
  a trusted platform module (TPM) with stored secret information for a guest virtual machine (VM) running on the VMM; and
  
  memory storing instructions that, when executed by the processor, cause the system to;
  
  receive a first request to create the guest VM;
  
  create the guest VM on the VMM and a corresponding vTPM on the SVMM, the vTPM being sealed to the TPM and holding a copy of the secret information;
  
  expose, from the SVMM, at least one interface enabling the VMM and the guest VM to submit requests to the SVMM;
  
  receive, to one of the at least one interface, a second request to perform an operation requiring at least a portion of the secret information;
  
  identifying, by the SVMM, the vTPM associated with the second request to perform the operation; and
  
  in response to verifying a source of the second request as one of the VMM or the guest VM, as well as in response to verifying an integrity of the source, allowing access to the at least the portion of the secret information associated with the vTPM and performing the operation using at least a portion of the secret information, wherein the secret information is not accessible from the TPM directly via the VMM.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the instructions when executed further cause the system to:
    - create the plurality of guest VMs on the VMM; and
      
      create the vTPM on the SVMM for each of the plurality of guest VMs and for the VMM.
  - 3. The system of claim 1, wherein the instructions when executed further cause the system to:
    - control, via the SVMM, access to system resources used to execute privileged security functionality.
  - 4. The system of claim 1, wherein the instructions when executed further cause the system to:
    - verify the integrity of the source by comparing a cryptographic hash, computed by the SVMM from source memory pages, to a copy of a known cryptographic hash available to the SVMM either locally or remotely.

5. A method, comprising:
- executing, concurrently on a processor of a host machine, a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM;
  
  operating a guest virtual machine (VM) on the VMM and a corresponding vTPM on the SVMM;
  
  receiving, to an interface of the SVMM, a request to perform an operation involving information stored in the vTPM;
  
  identifying, by the SVMM, the vTPM associated with the request to perform the operation;
  
  verifying a source of the request as one of the VMM or the guest VM and verifying an integrity of the source; and
  
  allowing access to the information stored in the vTPM and performing the operation using the information stored in the vTPM in response to the source being verified and in response to the integrity of the source being verified, wherein the information is not accessible from the vTPM directly from the VMM.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The method of claim 5, wherein verifying the source of the request further includes validating the integrity of the source, the request being denied if the integrity of the source is determined to have been compromised.
  - 7. The method of claim 5, further comprising:
    - encrypting contents of the vTPM with one or more encryption keys and storing the one or more encryption keys to a trusted platform module (TPM) on the host machine.
  - 8. The method of claim 5, wherein the SVMM has access to memory pages of the VMM but the VMM does not have access to memory pages of the SVMM, andwherein the vTPM is capable of being implemented as one of the memory pages in the SVMM.
  - 9. The method of claim 5, wherein the request received to the interface of the SVMM is one of an interrupt or a hypercall.
  - 10. The method of claim 9, wherein the interrupt is a system management interrupt (SMI), and further comprising:
    - processing the SMI using an SMI handler in the vTPM running on the SVMM.
  - 11. The method of claim 5, wherein the operation comprises at least one of encrypting an item, sealing or binding a secret, performing platform measurement, or performing attestation.
  - 12. The method of claim 5, further comprising:
    - receiving an instruction to migrate the guest VM to a second host machine;
      
      encrypting, using the SVMM, the information stored in the vTPM on behalf of the guest VM, the information being encrypted with a secret shared among a plurality of host machines;
      
      sending the encrypted information to the second host machine, the second host machine having a new vTPM for the guest VM on an SVMM of a second processor on the second host machine;
      
      decrypting the information using a copy of the secret stored in the SVMM on the second processor; and
      
      storing the information to the vTPM on the second host machine.
  - 13. The method of claim 5, further comprising:
    - providing the SVMM by operating a portion of the processor in a dual SMM monitor mode.
  - 14. The method of claim 5, further comprising:
    - creating the plurality of guest VMs on the VMM; and
      
      creating the vTPM on the SVMM for each of the plurality of guest VMs and for the VMM.
  - 15. The method of claim 5, further comprising:
    - restricting access to the vTPM, an underlying hardware TPM, and one or more privileged resources on the host machine to only the guest VM and the VMM through the SVMM.

16. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to:
- execute, concurrently, a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM;
  
  operate a guest virtual machine (VM) on the VMM and a corresponding vTPM on the SVMM;
  
  receive, to an interface of the SVMM, a request to perform an operation involving information stored in the vTPM;
  
  identifying, by the SVMM, the vTPM associated with the request to perform the operation;
  
  verify an integrity of the request and a source of the request as one of the VMM or the guest VM; and
  
  allow access to the information stored in the vTPM and perform the operation using the information stored in the vTPM in response to the source being verified and the integrity being verified, wherein the information is not accessible from the vTPM directly from the VMM.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed further cause the processor to:
    - encrypt contents of the vTPM with one or more encryption keys and store the one or more encryption keys to a trusted platform module (TPM).
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the SVMM has access to memory pages of the VMM but the VMM does not have access to memory pages of the SVMM.
  - 19. The non-transitory computer-readable storage medium of claim 16, wherein the request received to the interface of the SVMM is one of an interrupt or a hypercall.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the interrupt is an SMI, and wherein the instructions when executed further cause the processor to:
    - process the SMI using an SMI handler in the vTPM running on the SVMM.
  - 21. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed further cause the processor to:
    - receive an instruction to migrate the guest VM to a second host machine;
      
      encrypt, using the SVMM, the information stored in the vTPM on behalf of the guest VM, the information being encrypted with a secret shared among a plurality of host machines;
      
      send the encrypted information to the second host machine, the second host machine having a new vTPM for the guest VM on an SVMM of a second processor on the second host machine;
      
      decrypt the information using a copy of the secret stored in the SVMM on the second processor; and
      
      store the information to the vTPM on the second host machine.
  - 22. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed further cause the processor to:
    - provide the SVMM by operating a portion of the processor in a dual SMM monitor mode.
  - 23. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed further cause the processor to:
    - create the plurality of guest VMs on the VMM; and
      
      create the vTPM on the SVMM for each of the plurality of guest VMs.
  - 24. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed further cause the processor to:
    - restrict access to the vTPM, an underlying hardware TPM, and one or more privileged security resources on the host device to only the guest VM and the VMM through the SVMM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Potlapally, Nachiketh Rao, Marr, Michael David
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US13/799,134
Time in Patent Office

2,547 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/602   Providing cryptographic fac...

G06F 2221/2153   Using hardware token as a s...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45541   Bare-metal, i.e. hypervisor...

G06F 9/45545   Guest-host, i.e. hypervisor...

Parallel virtual machine managers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Parallel virtual machine managers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links