Technologies for implementing mutually distrusting domains
First Claim
1. A platform for cloud computing, comprising:
- one or more hardware processors arranged to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients of a plurality of cloud computing clients;
a single immutable shared virtual machine manager (sVMM) operated by the one or more hardware processors, the sVMM arranged to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is shared among the plurality of mutually untrusting domains without replicating the sVMM across each of the plurality of mutually untrusting domains and integrity protected with respective integrity values associated with individual domains of the plurality of mutually untrusting domains but not encrypted, and the respective integrity values being stored in a reserved memory space; and
a cryptographic engine (CE) coupled with the one or more hardware processors, the CE arranged to;
provide separated encryption services for the plurality of mutually untrusting domains, andprovide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM, wherein, to provide integrity protection services, the CE is arranged to;
obtain a read request indicating a requested memory location from which to read data, the read request including an immutable-bit (I-bit) and a domain identifier (DID) of a requesting domain of the plurality of mutually untrusting domains that issued the request;
issue a read command to the requested memory location;
issue another read command to another memory location in the reserved memory space associated with the requested memory location, the other memory location storing a first integrity value of the respective integrity values;
generate a second integrity value using a domain key associated with the DID;
send data read from the requested memory location to the one or more hardware processors when the first integrity value matches the second integrity value; and
issue a security exception to the one or more hardware processors when the first integrity value does not match the second integrity value.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for providing shared immutable code among untrusting domains are provided. The untrusting domains may be cryptographically separated within a cloud computing service or environment. The shared immutable code may be a shared virtual machine monitor (sVMM) that is setup by system software to indicate that the sVMM code pages need integrity alone and should be protected with an integrity key associated with individual domains. This indication may be stored in page tables and carried over the memory bus to a cryptographic engine. The cryptographic engine may use this indication to protect the integrity of data before storing the data to memory. In order to ensure cryptographic isolation, integrity values may be generated using a domain-specific key ensuring that an attempt to modify the code by one domain is detected by a different domain. Other embodiments are described herein and claimed.
-
Citations
24 Claims
-
1. A platform for cloud computing, comprising:
-
one or more hardware processors arranged to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients of a plurality of cloud computing clients; a single immutable shared virtual machine manager (sVMM) operated by the one or more hardware processors, the sVMM arranged to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is shared among the plurality of mutually untrusting domains without replicating the sVMM across each of the plurality of mutually untrusting domains and integrity protected with respective integrity values associated with individual domains of the plurality of mutually untrusting domains but not encrypted, and the respective integrity values being stored in a reserved memory space; and a cryptographic engine (CE) coupled with the one or more hardware processors, the CE arranged to; provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM, wherein, to provide integrity protection services, the CE is arranged to; obtain a read request indicating a requested memory location from which to read data, the read request including an immutable-bit (I-bit) and a domain identifier (DID) of a requesting domain of the plurality of mutually untrusting domains that issued the request; issue a read command to the requested memory location; issue another read command to another memory location in the reserved memory space associated with the requested memory location, the other memory location storing a first integrity value of the respective integrity values; generate a second integrity value using a domain key associated with the DID; send data read from the requested memory location to the one or more hardware processors when the first integrity value matches the second integrity value; and issue a security exception to the one or more hardware processors when the first integrity value does not match the second integrity value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 22)
-
-
10. One or more non-transitory computer-readable storage media (NTCRSM) comprising program code, wherein execution of the program code by one or more processors is to cause a computer system to:
-
host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients of a plurality of cloud computing clients; operate a single immutable shared virtual machine manager (sVMM) to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is shared among the plurality of mutually untrusting domains without replicating the sVMM across each of the plurality of mutually untrusting domains and is integrity protected with respective domain keys associated with individual domains of the untrusting domains, but not encrypted, the respective domain keys being stored in a reserved memory space; and operate a cryptographic engine (CE) to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM, wherein, to provide integrity protection services, execution of the program code is to cause the computer system to; obtain a read request from a requesting domain of the plurality of mutually untrusting domains indicating a requested memory location from which to read data, the read request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of the requesting domain; issue a read command to the requested memory location; issue a read command to another memory location in the reserved memory space associated with the requesting domain, the other memory location including a first Message Authentication Code (MAC); generate a second MAC using a domain key associated with the DID; send data read from the requested memory location to the requesting domain when the first MAC matches the second MAC; and issue a security exception to the one or more processors when the first MAC does not match the second MAC. - View Dependent Claims (11, 12, 13, 14, 15, 23)
-
-
16. A computer-implemented method for sharing shared immutable code of a single immutable shared virtual machine manager (sVMM) among a plurality of mutually untrusting domains without replicating the sVMM across each of the plurality of mutually untrusting domains, each of the mutually untrusting domains are associated with individual cloud computing clients of a plurality of cloud computing clients, the sVMM is arranged to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted, and the method comprising:
-
obtaining, by a cryptographic engine (CE), a read request from a requesting domain of the plurality of mutually untrusting domains indicating a requested memory location from which to read data, the read request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of the requesting domain, wherein a plurality of virtual machines (VMs) are hosted by a platform that implements the CE, and individual VMs of the plurality of VMs are arranged into corresponding ones of the plurality of mutually untrusting domains; issuing, by the CE, a read command to a requested memory location, the data read from the requested memory location including program code for the sVMM; issuing, by the CE, a read command to another memory location in a reserved memory space associated with the requesting domain, the other memory location storing a first Message Authentication Code (MAC) associated with the requesting domain, and the reserved memory space to store MACs for each of the plurality of mutually untrusting domains; generating, by the CE, a second MAC using a domain key associated with the DID; sending, by the CE, data read from the requested memory location to the requesting domain when the first MAC matches the second MAC; and issuing, by the CE, a security exception to the one or more processors when the first MAC does not match the second MAC. - View Dependent Claims (17, 18, 19, 20, 21, 24)
-
Specification