Scalable techniques for data transfer between virtual machines

US 10,628,192 B2
Filed: 12/24/2015
Issued: 04/21/2020
Est. Priority Date: 12/24/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

circuitry;

a virtual machine management component for execution by the circuitry to;

define a plurality of public virtual memory spaces including a first public virtual memory space and a second public virtual memory space; and

for each of the public virtual memory spaces, assign the respective public virtual memory space to a respective one of a plurality of virtual machines, the plurality of virtual machines comprising a first virtual machine and a second virtual machine, the first public virtual memory space to be assigned to the first virtual machine, the second public virtual memory space to be assigned to the second virtual machine, each public virtual memory space writable only by the virtual machine to which the public virtual memory space is assigned and readable by the plurality of virtual machines; and

the first virtual machine to;

identify data to be provided to the second virtual machine by writing to the first public virtual memory space, the second virtual machine not permitted to write to the first public virtual memory space,encrypt the data using a symmetric encryption key dedicated for use in encryption of data for the second virtual machine, andwrite the encrypted data to the first public virtual memory space, andthe second virtual machine to decrypt the encrypted data in the first public virtual memory space using the symmetric encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Scalable techniques for data transfer between virtual machines (VMs) are described. the disclosure provides an apparatus including circuitry, a virtual machine management component for execution by the circuitry to define a plurality of public virtual memory spaces and assign each one of the plurality of public virtual memory spaces to a respective one of a plurality of VMs including a first VM and a second VM, and a virtual machine execution component for execution by the circuitry to execute a first virtual machine process corresponding to the first VM and a second virtual machine process corresponding to the second VM, the first virtual machine process to identify data to be provided to the second VM by the first VM and provide the data to the second VM by writing to a public virtual memory space assigned to the first VM. Other embodiments are described and claimed.

Citations

22 Claims

1. An apparatus, comprising:
- circuitry;
  
  a virtual machine management component for execution by the circuitry to;
  
  define a plurality of public virtual memory spaces including a first public virtual memory space and a second public virtual memory space; and
  
  for each of the public virtual memory spaces, assign the respective public virtual memory space to a respective one of a plurality of virtual machines, the plurality of virtual machines comprising a first virtual machine and a second virtual machine, the first public virtual memory space to be assigned to the first virtual machine, the second public virtual memory space to be assigned to the second virtual machine, each public virtual memory space writable only by the virtual machine to which the public virtual memory space is assigned and readable by the plurality of virtual machines; and
  
  the first virtual machine to;
  
  identify data to be provided to the second virtual machine by writing to the first public virtual memory space, the second virtual machine not permitted to write to the first public virtual memory space,encrypt the data using a symmetric encryption key dedicated for use in encryption of data for the second virtual machine, andwrite the encrypted data to the first public virtual memory space, andthe second virtual machine to decrypt the encrypted data in the first public virtual memory space using the symmetric encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, the second virtual machine to retrieve the encrypted data from the first public virtual memory space.
  - 3. The apparatus of claim 1, the symmetric encryption key to comprise a dedicated key for use in encryption and decryption of data to be provided to the second virtual machine by the first virtual machine.
  - 4. The apparatus of claim 1, the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
  - 5. The apparatus of claim 4, the public key to comprise a dedicated key for use in encryption of symmetric encryption keys to be provided to the second virtual machine, the private key to comprise the dedicated key for use in decryption of encrypted symmetric encryption keys provided to the second virtual machine.
  - 6. The apparatus of claim 1, the second public virtual memory space writable only by the second virtual machine and not the other virtual machines, the other virtual machines permitted to read from the second public virtual memory space.
  - 7. The apparatus of claim 6, the virtual machine management component for execution by the circuitry to:
    - define a plurality of private virtual memory spaces; and
      
      for each of the private virtual memory spaces, assign the respective private virtual memory space to a respective one of the plurality of virtual machines, each private virtual memory space accessible only by the respective virtual machine to which the private virtual memory space is assigned.
  - 8. The apparatus of claim 7, a first private virtual memory space of the plurality of private virtual memory spaces assigned to the first virtual machine, the first private virtual memory space accessible by the first virtual machine and not accessible by the other virtual machines.

9. A method, comprising:
- defining a plurality of public virtual memory spaces including a first public virtual memory space and a second public virtual memory space;
  
  for each of the public virtual memory spaces, assigning the respective public virtual memory space to a respective one of a plurality of virtual machines, the plurality of virtual machines comprising a first virtual machine and a second virtual machine, the first public virtual memory space to be assigned to the first virtual machine, the second public virtual memory space to be assigned to the second virtual machine, each public virtual memory space writable only by the virtual machine to which the public virtual memory space is assigned and readable by the plurality of virtual machines; and
  
  the first virtual machine to;
  
  identify data to be provided to the second virtual machine by writing to the first public virtual memory space, the second virtual machine not permitted to write to the first public virtual memory space,encrypt the data using a symmetric encryption key dedicated for use in encryption of data for the second virtual machine, andwrite the encrypted data to the first public virtual memory space, andthe second virtual machine to decrypt the encrypted data in the first public virtual memory space using the symmetric encryption key.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, the second virtual machine to retrieve the encrypted data from the first public virtual memory space.
  - 11. The method of claim 9, the symmetric encryption key to comprise a dedicated key for use in encryption and decryption of data to be provided to the second virtual machine by the first virtual machine.
  - 12. The method of claim 9, the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
  - 13. The method of claim 12, the public key to comprise a dedicated key for use in encryption of symmetric encryption keys to be provided to the second virtual machine, the private key to comprise the dedicated key for use in decryption of encrypted symmetric encryption keys provided to the second virtual machine.

14. At least one non-transitory computer-readable storage medium comprising a set of instructions that, in response to being executed on a computing device, cause the computing device to:
- define a plurality of public virtual memory spaces including a first public virtual memory space and a second public virtual memory space;
  
  for each of the public virtual memory spaces, assign the respective public virtual memory space to a respective one of a plurality of virtual machines, the plurality of virtual machines comprising a first virtual machine and a second virtual machine, the first public virtual memory space to be assigned to the first virtual machine, the second public virtual memory space to be assigned to the second virtual machine, each public virtual memory space writable only by the virtual machine to which the public virtual memory space is assigned and readable by the plurality of virtual machines; and
  
  the first virtual machine to;
  
  identify data to be provided to the second virtual machine by writing to the first public virtual memory space, the second virtual machine not permitted to write to the first public virtual memory space,encrypt the data using a symmetric encryption key dedicated for use in encryption of data for the second virtual machine, andwrite the encrypted data to the first public virtual memory space, andthe second virtual machine to decrypt the encrypted data in the first public virtual memory space using the symmetric encryption key.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The at least one non-transitory computer-readable storage medium of claim 14, the second virtual machine to retrieve the encrypted data from the first public virtual memory space.
  - 16. The at least one non-transitory computer-readable storage medium of claim 14, the symmetric encryption key to comprise a dedicated key for use in encryption and decryption of data to be provided to the second virtual machine by the first virtual machine.
  - 17. The at least one non-transitory computer-readable storage medium of claim 14, the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
  - 18. The at least one non-transitory computer-readable storage medium of claim 17, the public key to comprise a dedicated key for use in encryption of symmetric encryption keys to be provided to the second virtual machine, the private key to comprise the dedicated key for use in decryption of encrypted symmetric encryption keys provided to the second virtual machine.

19. An apparatus, comprising:
- means for defining a plurality of public virtual memory spaces including a first public virtual memory space and a second public virtual memory space;
  
  for each of the public virtual memory spaces, means for assigning the respective public virtual memory space to a respective one of a plurality of virtual machines, the plurality of virtual machines comprising a first virtual machine and a second virtual machine, the first public virtual memory space to be assigned to the first virtual machine, the second public virtual memory space to be assigned to the second virtual machine, each public virtual memory space writable only by the virtual machine to which the public virtual memory space is assigned and readable by the plurality of virtual machines; and
  
  means for, the first virtual machine to;
  
  identify data to be provided to the second virtual machine by writing to the first public virtual memory space, the second virtual machine not permitted to write to the first public virtual memory space,encrypt the data using a symmetric encryption key dedicated for use in encryption of data for the second virtual machine, andwrite the encrypted data to the first public virtual memory space, andthe second virtual machine to decrypt the encrypted data in the first public virtual memory space using the symmetric encryption key.
- View Dependent Claims (20, 21, 22)
- - 20. The apparatus of claim 19, the symmetric encryption key to comprise a dedicated key for use in encryption and decryption of data to be provided to the second virtual machine by the first virtual machine.
  - 21. The apparatus of claim 20, the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
  - 22. The apparatus of claim 21, the public key to comprise a dedicated key for use in encryption of symmetric encryption keys to be provided to the second virtual machine, the private key to comprise the dedicated key for use in decryption of encrypted symmetric encryption keys provided to the second virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Friedman, Ben-Zion, Tamir, Eliezer
Primary Examiner(s)
Lwin, Maung T

Application Number

US14/998,361
Publication Number

US 20170187694A1
Time in Patent Office

1,580 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45583   Memory management, e.g. acc...

G06F 21/53   by executing in a restricte...

G06F 21/606   by securing the transmissio...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/54   Interprogram communication

Scalable techniques for data transfer between virtual machines

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable techniques for data transfer between virtual machines

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links