Parallel virtual machine managers
First Claim
1. A system for managing access to secure information, comprising:
- a processor, the processor configured to concurrently operate a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM;
a trusted platform module (TPM) with stored secret information for a guest virtual machine (VM) running on the VMM; and
memory storing instructions that, when executed by the processor, cause the system to;
receive a first request to create the guest VM;
create the guest VM on the VMM and a corresponding vTPM on the SVMM, the vTPM being sealed to the TPM and holding a copy of the secret information;
expose, from the SVMM, at least one interface enabling the VMM and the guest VM to submit requests to the SVMM;
receive, to one of the at least one interface, a second request to perform an operation requiring at least a portion of the secret information;
identifying, by the SVMM, the vTPM associated with the second request to perform the operation; and
in response to verifying a source of the second request as one of the VMM or the guest VM, as well as in response to verifying an integrity of the source, allowing access to the at least the portion of the secret information associated with the vTPM and performing the operation using at least a portion of the secret information, wherein the secret information is not accessible from the TPM directly via the VMM.
1 Assignment
0 Petitions
Accused Products
Abstract
A processor on a host machine can concurrently operate a standard virtual machine manager (VMM) and a security VMM (SVMM), where the SVMM has a higher privilege level and manages access to a hardware TPM or other trusted source on the host machine. Such a configuration prevents a compromised VMM from gaining access to secrets stored in the hardware TPM. The SVMM can create a virtual TPM (vTPM) for each guest VM, and can seal information in each vTPM to the hardware TPM. A guest VM or the standard VMM can access information in the corresponding vTPM only through the corresponding SVMM. Such an approach enables the host to securely implement critical security functionality that can be exposed to customers, and provides protection against leakage of customer secrets in case of a security compromise.
-
Citations
24 Claims
-
1. A system for managing access to secure information, comprising:
-
a processor, the processor configured to concurrently operate a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM; a trusted platform module (TPM) with stored secret information for a guest virtual machine (VM) running on the VMM; and memory storing instructions that, when executed by the processor, cause the system to; receive a first request to create the guest VM; create the guest VM on the VMM and a corresponding vTPM on the SVMM, the vTPM being sealed to the TPM and holding a copy of the secret information; expose, from the SVMM, at least one interface enabling the VMM and the guest VM to submit requests to the SVMM; receive, to one of the at least one interface, a second request to perform an operation requiring at least a portion of the secret information; identifying, by the SVMM, the vTPM associated with the second request to perform the operation; and in response to verifying a source of the second request as one of the VMM or the guest VM, as well as in response to verifying an integrity of the source, allowing access to the at least the portion of the secret information associated with the vTPM and performing the operation using at least a portion of the secret information, wherein the secret information is not accessible from the TPM directly via the VMM. - View Dependent Claims (2, 3, 4)
-
-
5. A method, comprising:
-
executing, concurrently on a processor of a host machine, a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM; operating a guest virtual machine (VM) on the VMM and a corresponding vTPM on the SVMM; receiving, to an interface of the SVMM, a request to perform an operation involving information stored in the vTPM; identifying, by the SVMM, the vTPM associated with the request to perform the operation; verifying a source of the request as one of the VMM or the guest VM and verifying an integrity of the source; and allowing access to the information stored in the vTPM and performing the operation using the information stored in the vTPM in response to the source being verified and in response to the integrity of the source being verified, wherein the information is not accessible from the vTPM directly from the VMM. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to:
-
execute, concurrently, a virtual machine manager (VMM) and a security virtual machine manager (SVMM), the VMM and the SVMM operating in parallel, the SVMM having a higher privilege level on the processor than the VMM, and the SVMM being configured to manage access to a plurality of virtual TPMs (vTPMs) corresponding to a plurality of guest virtual machines (VMs) running on the VMM; operate a guest virtual machine (VM) on the VMM and a corresponding vTPM on the SVMM; receive, to an interface of the SVMM, a request to perform an operation involving information stored in the vTPM; identifying, by the SVMM, the vTPM associated with the request to perform the operation; verify an integrity of the request and a source of the request as one of the VMM or the guest VM; and allow access to the information stored in the vTPM and perform the operation using the information stored in the vTPM in response to the source being verified and the integrity being verified, wherein the information is not accessible from the vTPM directly from the VMM. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification