System and Method for Trusted Operability When Moving Between Network Functions Virtualization States
First Claim
1. A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
- receiving, by a physical server operating in a virtual computing environment and associated with an NFV network, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit;
assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server, wherein the trusted hypervisor is executing on the physical server, is programmed to boot from a trusted state, and is configured to provide trusted operability using software assisted security;
assigning, by the trusted hypervisor, the first virtual server to execute the trusted process on a first core processing unit;
dedicating, by the trusted hypervisor, physical portions of cache, memory, and disk storage to the first core processing unit executing the trusted process;
executing, by the first core processing unit, the trusted process;
receiving, by the physical server operating in a virtual computing environment and associated with an NFV network, a request to execute an untrusted process;
assigning, by the trusted hypervisor, the untrusted process to execute on a second virtual server, wherein the second virtual server is different than the first virtual server executing the trusted process;
assigning, by the trusted hypervisor, the second virtual server to execute the untrusted process on a second core processing unit, wherein the second core processing unit is different than the first core processing unit that is executing the trusted process;
executing the untrusted process on the second core processing unit; and
restricting, by the trusted hypervisor, access to the trusted process executing on the first virtual server.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment is disclosed. The method comprises receiving, by a physical server, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit. The method further comprises assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server on a first core processing unit, dedicating physical portions of cache, memory, and disk storage to the first core processing unit; and executing the trusted process. The method further comprises receiving, by the physical server, a request to execute an untrusted process and assigning, by the trusted hypervisor, the execution of the untrusted process to a second virtual server on a second core processing unit, and restricting access to the trusted process.
19 Citations
20 Claims
-
1. A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
-
receiving, by a physical server operating in a virtual computing environment and associated with an NFV network, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit; assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server, wherein the trusted hypervisor is executing on the physical server, is programmed to boot from a trusted state, and is configured to provide trusted operability using software assisted security; assigning, by the trusted hypervisor, the first virtual server to execute the trusted process on a first core processing unit; dedicating, by the trusted hypervisor, physical portions of cache, memory, and disk storage to the first core processing unit executing the trusted process; executing, by the first core processing unit, the trusted process; receiving, by the physical server operating in a virtual computing environment and associated with an NFV network, a request to execute an untrusted process; assigning, by the trusted hypervisor, the untrusted process to execute on a second virtual server, wherein the second virtual server is different than the first virtual server executing the trusted process; assigning, by the trusted hypervisor, the second virtual server to execute the untrusted process on a second core processing unit, wherein the second core processing unit is different than the first core processing unit that is executing the trusted process; executing the untrusted process on the second core processing unit; and restricting, by the trusted hypervisor, access to the trusted process executing on the first virtual server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
-
a physical server operating in a virtual computing environment and associated with an NFV network; a processor located on the physical server, comprising at least one core processing unit, wherein the processor is configured to execute a trusted process on a dedicated core processing unit; a cache dedicated to the core processing unit; a memory dedicated to the core processing unit; a disk storage dedicated to the core processing unit; and a trusted hypervisor, executing on the physical server, wherein the trusted hypervisor is programmed to boot from a trusted state, is configured to provide trusted operability using software assisted security, is configured to assign trusted processes to a dedicated core processing unit, and wherein the trusted hypervisor is configured to monitor and restrict software and hardware access to the trusted processes executing on the dedicated core processing unit. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
-
a physical server operating in a virtual computing environment and associated with an NFV network; a processor located on the physical server, comprising one or more core processing units, wherein the processor is configured to execute a trusted process on a dedicated core processing unit; a cache dedicated to the core processing unit; a memory dedicated to the core processing unit; and a disk storage dedicated to the core processing unit; a trusted hypervisor, executing on the physical server, wherein the trusted hypervisor is programmed to boot from a trusted state, is configured to provide trusted operability using software assisted security, is configured to assign trusted processes to a dedicated core processing unit, and wherein the trusted hypervisor is configured to monitor and restrict software and hardware access to the trusted processes executing on the dedicated core processing unit; and a second hypervisor, executing on the physical server, wherein the second hypervisor does not provide trusted operability; - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification