Method and system for enforcing trusted computing policies in a hypervisor security module architecture
First Claim
Patent Images
1. A method for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor, comprising the steps of:
- receiving a request from a subject for access to an object;
obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM); and
making access control decisions based at least on the TC-related attribute values and TC-related policies.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor. Upon receiving a request from a subject for access to an object, TC-related attribute values are obtained for the subject and the object based on a virtualized trusted platform module (vTPM). Access control decisions are the made based at least on the TC-related attribute values and TC-related policies.
58 Citations
30 Claims
-
1. A method for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor, comprising the steps of:
-
receiving a request from a subject for access to an object; obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM); and making access control decisions based at least on the TC-related attribute values and TC-related policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a machine accessible medium; and instructions encoded in the machine accessible medium, wherein the instructions, when executed by a processing system, cause the processing system to enforce trusted computing (TC) policies for a hypervisor providing virtualized resources for virtual machines (VMs), the processing system obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM), and making access control decisions based at least on the TC-related attribute values and TC-related policies. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor providing virtualized resources for virtual machines (VMs), comprising:
-
an interface function configured for receiving a request from a subject for access to an object; a manager configured for obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM); and a security module configured for making access control decisions based at least on the obtained TC-related attribute values and TC-related policies. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A program product stored on a computer useable medium for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor, the program product comprising program code for causing a computer system to perform the following steps:
-
receiving a request from a subject for access to an object; obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM); and making access control decisions based at least on the TC-related attribute values and TC-related policies.
-
-
30. A computer-implemented method for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor, comprising:
-
receiving a request from a subject for access to an object; obtaining TC-related attribute values for the subject and the object based on a virtualized trusted platform module (vTPM); and making access control decisions based at least on the TC-related attribute values and TC-related policies.
-
Specification