SYSTEM AND METHOD FOR PROVIDING SECURE VIRTUAL MACHINES
First Claim
1. A processor for hosting a plurality of secure virtual machines created at the request of an owner, comprisinga memory configured to store a processor private key;
- a first generator configured to generate a first public/private key pair to be associated with an instance of a zone manager;
a first certification agent for certifying said first public/private key pair by means of said processor private key;
a receiver configured to securely receive a virtual machine instantiation command from said owner;
a second generator configured to generate a second public/private key pair to be associated with an instance of a virtual machine of said plurality of virtual machines, created in response to said instantiation command; and
a second certification agent for certifying said second public/private key pair by means of said first public/private key pair.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed.
95 Citations
15 Claims
-
1. A processor for hosting a plurality of secure virtual machines created at the request of an owner, comprising
a memory configured to store a processor private key; -
a first generator configured to generate a first public/private key pair to be associated with an instance of a zone manager; a first certification agent for certifying said first public/private key pair by means of said processor private key; a receiver configured to securely receive a virtual machine instantiation command from said owner; a second generator configured to generate a second public/private key pair to be associated with an instance of a virtual machine of said plurality of virtual machines, created in response to said instantiation command; and a second certification agent for certifying said second public/private key pair by means of said first public/private key pair. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for setting up a secure virtual machine in a processor at the request of an owner, comprising
booting said processor with a zone manager image; -
procuring at said processor a first public/private key pair associated with the zone manager session; certifying the public key of said first public/private key pair at said processor with a private key associated with said processor; receiving at said zone manager a secure virtual machine instantiation command from said owner; creating between said zone manager and said user a secure communication channel; procuring a second public/private key pair associated with the secure virtual machine; and certifying the public key of said second public/private key pair with the private key of said first public/private key pair. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification