Secure Management of Operations on Protected Virtual Machines

US 20150319160A1
Filed: 10/01/2014
Published: 11/05/2015
Est. Priority Date: 05/05/2014
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method of establishing trust for a host, the method comprising:

a host attestation service receiving from a host deployed on a physical machine, a verifiable indication of certain characteristics that the host meets;

attempting to determine from the indication of the certain characteristics that the host meets certain requirements; and

if the host meets the certain requirements, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host attestation service issuing a certificate to the host that the host can use to authenticate to one or more entities having a trust relationship with the host attestation service.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.

213 Citations

27 Claims

1. In a computing environment, a method of establishing trust for a host, the method comprising:
- a host attestation service receiving from a host deployed on a physical machine, a verifiable indication of certain characteristics that the host meets;
  
  attempting to determine from the indication of the certain characteristics that the host meets certain requirements; and
  
  if the host meets the certain requirements, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host attestation service issuing a certificate to the host that the host can use to authenticate to one or more entities having a trust relationship with the host attestation service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the certain requirements further comprise a requirement related to a TPM (trusted platform module) on a physical machine implementing the host.
  - 3. The method of claim 1, the method further comprising as a result of a failure in determining that the physical machine implementing the host verifiably meets the certain requirements, notifying a Virtual Machine Manager (VMM) configured to deploy guest virtual machines that the host does not meet the certain requirements.
  - 4. The method of claim 1, the method further comprising, as a result of a failure in determining that the host verifiably meets the certain requirements, notifying a Virtual Machine Manager (VMM) that the host is not available for deployments of shielded guest virtual machines.
  - 5. The method of claim 1, wherein the certain requirements further comprise a requirement that a correct and trustworthy UEFI (unified extensible firmware interface) report be provided for a physical host machine implementing the host to verify that an uncompromised boot has occurred.
  - 6. The method of claim 1, wherein the certain requirements further comprise a requirement that a verifiable indication be provided that the host includes a correct HVCI (Hypervisor-enforced Code Integrity) policy validation.
  - 7. The method of claim 1, wherein the certain requirements further comprise a requirement that the host be located in a particular geographical location.
  - 8. The method of claim 1, wherein the certain requirements further comprise a requirement that the host be coupled to a secure network.
  - 9. The method of claim 1, further comprising creating a trust relationship between the host attestation service and a key distribution service from which the host can obtain keys by presenting the certificate.
  - 10. The method of claim 1, wherein the method is performed in an environment where the host attestation service is implemented in an environment with a fabric management system, where the fabric management system is configured to administer at least one of the host operating system, the host configuration, HVCI whitelists, HVCI revocation lists, UEFI whitelists or UEFI revocation list, and wherein a different authentication and/or authorization service is used to authenticate administrators of the host attestation service than is used to authenticate administrators of the fabric management system.
  - 11. The method of claim 1, wherein the method is performed in an environment where the host attestation service is implemented in an environment with a virtual machine manager, where the virtual machine manager is configured to deploy shielded guest virtual machines to the host, but wherein the virtual machine manager is unable to decrypt the shielded guest virtual machines.
  - 12. The method of claim 11, wherein the method is practiced in an environment where a different authentication service is used to authenticate administrators of the host attestation service than is used to authenticate administrators of the virtual machine manager.

13. In a computing environment, a method of establishing trust for a host, the method comprising:
- a host implemented using a physical machine sending a verifiable indication of certain characteristics of the host to a host attestation service; and
  
  as a result of the host meeting certain requirements, as determined by the host attestation service evaluating the indication of certain characteristics, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host receiving from the host attestation service a certificate that the host can use to authenticate to one or more entities having a trust relationship to the host attestation service.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the certain requirements further comprise a requirement selected from the group consisting of:
    - (a) a requirement related to a TPM (trusted platform module) on the physical machine implementing the host,(b) a requirement that a correct and trustworthy UEFI (unified extensible firmware interface) report be provided for the physical machine on which the host is implemented,(c) a requirement that a verifiable indication be provided that the host includes a correct HVCI (Hypervisor-enforced Code Integrity) policy validation,(d) a requirement that the host be located in a particular geographical location, and(e) a requirement that the host be coupled to a secure network.
  - 15. The method of claim 13, wherein the method is practiced in an environment where there is a trust relationship between the host attestation service and a key distribution service from which the host can obtain keys by presenting the certificate.
  - 16. The method of claim 15, wherein an shielded guest virtual machine is deployed by a virtual machine manager at the request of a tenant to the host, where the virtual machine manager is unable to decrypt the shielded guest virtual machine, the method further comprising:
    - the host using the certificate to obtain a key from a key distribution service that trusts the host attestation service in that the key distribution service accepts certificates signed by the host attestation service; and
      
      the host using the key to decrypt the shielded guest virtual machine so that the guest virtual machine can be run on the host.
  - 17. The method of claim 16, further comprising:
    - the host preparing an encrypted message regarding security details of the deployment of the guest virtual machine, wherein the encrypted message is not able to be decrypted by the virtual machine manager, but able to be decrypted by the tenant; and
      
      the host sending the encrypted message to the virtual machine manager, where it can be forwarded on to the tenant without the virtual machine manager being able to read the encrypted message.

18. In a computing environment, a method of deploying an encrypted entity on a trusted entity, the method comprising:
- at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity, where the untrusted entity is not trusted by the authority;
  
  at the trusted entity, using a trust credential from the authority to obtain a key from a key distribution service, where the key distribution service is trusted by the authority; and
  
  using the key, decrypting the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The method of claim 18 wherein the certain requirements comprise a requirement that the trusted entity be a virtual machine having a trusted execution environment (TEE).
  - 20. The method of claim 18 wherein the certain requirements comprise a requirement related to a TPM (trusted platform module) on a physical machine implementing the trusted entity.
  - 21. The method of claim 18 wherein the certain requirements comprise a requirement that the trusted entity be implemented using a physical machine having a correct and trustworthy UEFI report.
  - 22. The method of claim 18 wherein the certain requirements comprise a requirement that the trusted entity includes a correct HVCI (Hypervisor-enforced Code Integrity) policy validation.
  - 23. The method of claim 18 wherein the certain requirements comprise a requirement that the trusted entity be physically located in a particular geographical location.
  - 24. The method of claim 18 wherein the certain requirements comprise a requirement that the trusted entity be coupled to a secure network.
  - 25. The method of claim 18 wherein the encrypted entity comprises network translation information to be deployed on the trusted entity.
  - 26. The method of claim 18 wherein the encrypted entity comprises sensitive data to be deployed on the trusted entity.
  - 27. The method of claim 18 wherein the encrypted entity comprises configuration data used to configure the trusted entity or other entities to be deployed on the trusted entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ferguson, Niels T., Kinshumann, Kinshuman, Novak, Mark Fishel, McCarron, Christopher, Tamhane, Amitabh Prakash, Kruse, David Matthew, Ben-Zvi, Nir, Samsonov, Yevgeniy Anatolievich, Chandrashekar, Samartha, Messec, John Anthony, Wang, Qiang, Vinberg, Anders Bertil

Granted Patent

US 9,578,017 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/08   in hierarchically structure...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 21/57   Certifying or maintaining t...

G06F 21/6209   to a single file or object,...

G06F 21/6281   at program execution time, ...

G06F 2212/652   Page size control

G06F 9/45558   Hypervisor-specific managem...

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247 : involving digital signatures

H04W 12/10 : Integrity

View All

Secure Management of Operations on Protected Virtual Machines

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

213 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Management of Operations on Protected Virtual Machines

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

213 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links