TRUSTED VIRTUAL COMPUTING SYSTEM
First Claim
Patent Images
1. A trusted computing system, comprising:
- one or more hardware components;
a hypervisor configured to execute on at least one of the hardware components; and
a privileged domain comprising;
a security module configured to;
authorize access to the hypervisor, andmanage one or more virtual machines that are grouped with one or more additional virtual machines disposed on other network nodes to form one or more respective trusted logic virtual domains based on one or more predetermined criteria, one or more trusted platform modules (TPMs), each of which corresponds to each of the one or more respective trusted logic virtual domains, each of which is configured to generate a system security state for each of the respective one or more trusted logic virtual domains, anda synchronization module configured to synchronize the system security state between at least one of the one or more virtual machines and the one or more additional virtual machines in a same one of the one or more trusted logic virtual domains.
0 Assignments
0 Petitions
Accused Products
Abstract
In a computing environment that includes multiple virtual machines performing computing tasks for a same entity, the integrity of each of the virtual machines may be synchronized between different virtual machines to create a trusted logic virtual domain for a user.
25 Citations
21 Claims
-
1. A trusted computing system, comprising:
-
one or more hardware components; a hypervisor configured to execute on at least one of the hardware components; and a privileged domain comprising; a security module configured to; authorize access to the hypervisor, and manage one or more virtual machines that are grouped with one or more additional virtual machines disposed on other network nodes to form one or more respective trusted logic virtual domains based on one or more predetermined criteria, one or more trusted platform modules (TPMs), each of which corresponds to each of the one or more respective trusted logic virtual domains, each of which is configured to generate a system security state for each of the respective one or more trusted logic virtual domains, and a synchronization module configured to synchronize the system security state between at least one of the one or more virtual machines and the one or more additional virtual machines in a same one of the one or more trusted logic virtual domains. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. (canceled)
-
8. A method, comprising:
-
managing one or more virtual machines on a physical node; forming a trusted logic virtual domain by grouping each of the one or more virtual machines with one or more other virtual machines on other physical nodes; generating a system security state for each of the trusted logic virtual domain; identifying one or more events that change the system security state of one of the one or more virtual machines in the trusted logic virtual domain; changing the system security state of one of the one or more virtual machines in the trusted logic virtual domain; and synchronizing the system security states of other virtual machines in the trusted logic virtual domain. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium that stores executable-instructions that, when executed, cause one or more processors to perform operations comprising:
-
activating a privileged domain to manage one or more virtual machines, each of which is grouped with other virtual machines on at least one physical nodes to form a trusted logic virtual domain that is assigned a system security state; allocating a portion of physical memory to each of the one or more virtual machines to store the system security state; transmitting the system security state of one of the one or more trusted logic virtual domains to a corresponding trusted platform module in the privileged domain; and authorizing a synchronization module in the privileged domain to update the system security state to other virtual machines hosted on the plurality of physical nodes. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification