Multiple single levels of security (MSLS) in a multi-tenant cloud
First Claim
Patent Images
1. A security system for Multiple Single Level Security (MSLS) domains, comprising one or more processors and one or more memory devices configured to implement:
- a Secure Kernel Hypervisor (SKH), wherein the SKH configures a single multi-tenant cloud to host the MSLS domains;
a Cloud Orchestration System (COS), wherein the COS configures the single multi-tenant cloud to set up a plurality of separate Virtual Work Packages (VWPs) for the MSLS domains, each of the plurality of separate VWPs is generated using at least the SKH; and
a Key Management System (KMS), wherein the KMS is configured to manage security objects associated with the MSLS domains, the security objects comprise encryption keys, wherein each of the plurality of separate VWPs comprises;
one or more virtual machines;
a disk encryption driver that encrypts first content that is being stored to a disk; and
a network encryption driver that encrypts second content that is being sent over a network.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are described herein for multiple single level security (MSLS) domains including, but not limited to, a secure kernel hypervisor (SKH). The SKH configures a single multi-tenant cloud to host the MSLS domains. A cloud orchestration system (COS) configures the single multi-tenant cloud to set up a plurality of separate virtual work packages (VWPs) for the MSLS domains. A key management system (KMS) is configured to manage security objects associated with the MSLS domains.
39 Citations
19 Claims
-
1. A security system for Multiple Single Level Security (MSLS) domains, comprising one or more processors and one or more memory devices configured to implement:
-
a Secure Kernel Hypervisor (SKH), wherein the SKH configures a single multi-tenant cloud to host the MSLS domains; a Cloud Orchestration System (COS), wherein the COS configures the single multi-tenant cloud to set up a plurality of separate Virtual Work Packages (VWPs) for the MSLS domains, each of the plurality of separate VWPs is generated using at least the SKH; and a Key Management System (KMS), wherein the KMS is configured to manage security objects associated with the MSLS domains, the security objects comprise encryption keys, wherein each of the plurality of separate VWPs comprises; one or more virtual machines; a disk encryption driver that encrypts first content that is being stored to a disk; and a network encryption driver that encrypts second content that is being sent over a network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
configuring a single multi-tenant cloud to host Multiple Single Level Security (MSLS) domains using a Secure Kernel Hypervisor (SKH); configuring the single multi-tenant cloud to set up a plurality of separate Virtual Work Packages (VWPs) for the MSLS domains, each of the plurality of separate VWPs is generated using at least the SKH; and managing security objects associated with the MSLS domains, the security objects comprise encryption keys, wherein each of the plurality of separate VWPs comprises; one or more virtual machines; a disk encryption driver that encrypts first content that is being stored to a disk; and a network encryption driver that encrypts second content that is being sent over a network. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A security system for Multiple Single Level Security (MSLS) domains, comprising:
-
one or more processors and one or more memory devices; means for configuring a single multi-tenant cloud to host the MSLS domains using a Secure Kernel Hypervisor (SKH); means for configuring the single multi-tenant cloud to set up a plurality of separate Virtual Work Packages (VWPs) for the MSLS domains, each of the plurality of separate VWPs is generated using at least the SKH; and means for managing security objects associated with the MSLS domains, the security objects comprise encryption keys, wherein each of the plurality of separate VWPs comprises; one or more virtual machines; a disk encryption driver that encrypts first content that is being stored to a disk; and a network encryption driver that encrypts second content that is being sent over a network.
-
-
19. A non-transitory processor-readable medium comprising processor-readable instructions such that, when executed, causes one or more processors to:
-
configure a single multi-tenant cloud to host Multiple Single Level Security (MSLS) domains using a Secure Kernel Hypervisor (SKH); configure the single multi-tenant cloud to set up a plurality of separate Virtual Work Packages (VWPs) for the MSLS domains, each of the plurality of separate VWPs is generated using at least the SKH; and manage security objects associated with the MSLS domains, the security objects comprise encryption keys, wherein each of the plurality of separate VWPs comprises; one or more virtual machines; a disk encryption driver that encrypts first content that is being stored to a disk; and a network encryption driver that encrypts second content that is being sent over a network.
-
Specification