Method and Apparatus for On-Demand Isolated I/O Channels for Secure Applications

US 20170177854A1
Filed: 05/15/2015
Published: 06/22/2017
Est. Priority Date: 05/15/2014
Status: Active Grant

First Claim

Patent Images

1. A system for providing input/output channels to a secure application, comprising:

one or more processors;

one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and

memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having;

one or more untrusted operating systems;

a trusted computing base;

a trusted I/O kernel; and

a communications channel between said untrusted operating system and said trusted I/O kernel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform for on-demand I/O channels, which enable secure application to dynamically connect to diverse peripheral devices of untrusted commodity OSes

34 Citations

View as Search Results

19 Claims

1. A system for providing input/output channels to a secure application, comprising:
- one or more processors;
  
  one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and
  
  memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having;
  
  one or more untrusted operating systems;
  
  a trusted computing base;
  
  a trusted I/O kernel; and
  
  a communications channel between said untrusted operating system and said trusted I/O kernel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system of claim 1 wherein one or more secure applications may be run on top of said trusted input/output kernel.
  - 3. The system of claim 2 wherein said trusted computing base creates one or more isolated domains, each of said isolated domains comprising:
    - processor contents; and
      
      one or more regions of memory, said regions of memory being for the exclusive use of said isolated domain.
  - 4. The system of claim 3 wherein said trusted computing base partitions memory into a plurality of portions comprising:
    - a portion for the exclusive use of said trusted computing base;
      
      a portion for the exclusive use of said trusted input/output kernel and one or more secure applications; and
      
      a portion for the exclusive use of said one or more untrusted operating systems and one or more untrusted applications.
  - 5. The system of claim 4 wherein said trusted I/O kernel runs in a first isolated domain.
  - 6. The system of claim 5 wherein said secure application runs in a second isolated domain.
  - 7. The system of claim 4 wherein said trusted I/O kernel and said secure application run in the same isolated domain
  - 8. The system of claim 5 wherein each of said one or more secure applications includes one or more device drivers and further wherein each of said one or more secured application has exclusive use of an I/O device associated with said device driver.
  - 9. The system of claim 8 wherein said trusted kernel decomposes said device drivers and exports portions of said device drivers to said secure applications for execution.
  - 10. The system of claim 8 wherein input/output devices are reserved for exclusive and verified use by said secured application when:
    - said untrusted operating system configures an I/O device for use by a secure application and releases said device to said trusted I/O kernel;
      
      said trusted I/O kernel verifies the configuration of the I/O device and assigns the I/O device to said secure application; and
      
      said trusted I/O kernel provides channel isolation between said secure application and said I/O device.
  - 11. The system of claim 9 wherein data transferred between said secure application and said I/O device cannot be intercepted or altered by said untrusted operating system, by other secure applications or by other I/O devices.
  - 12. The system of claim 10 wherein said trusted I/O kernel provides isolation of interrupts generated by I/O devices assigned to a secure application.
  - 13. The system of claim 3 wherein said trusted computing base performs the functions of:
    - creating an isolated domain;
      
      mapping a secure application to said isolated domain;
      
      mapping I/O device resources required by said secure application to said isolated domain; and
      
      transferring control to said trusted I/O kernel
  - 14. The system of claim 1 further comprising a plug-in to said untrusted operating system, said plug-in performing the functions of configuring I/O devices for use by the trusted I/O kernel and releasing control of said I/O devices to said trusted I/O kernel.
  - 15. The system of claim 1 wherein said trusted computing base runs at the highest privilege level of said computing platform.
  - 16. The system of claim 3 wherein said trusted computing base relies on a trusted platform module to implement a security primitive.
  - 17. The system of claim 16 wherein said trusted computing base employs a plurality of security primitives, including:
    - controlling which of said isolated domains can access which memory regions;
      
      controlling which device can perform direct memory access operations to the memory of aid isolated domain; and
      
      performing sealed storage and attestation root-of-trust
  - 18. The system of claim 17 wherein said sealed storage allows the biding of data with the identity of one or more isolated domains.
  - 19. The system of claim 17 where said attestation root-or-trust allows the measurement of the identity of an isolated domain and the reporting of the measured identity to a third party for verification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carnegie Mellon University
Original Assignee
Carnegie Mellon University
Inventors
Gligor, Virgil D, Zhou, Zongwei, Yu, Miao

Granted Patent

US 10,235,515 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 9/45558   Hypervisor-specific managem...

Method and Apparatus for On-Demand Isolated I/O Channels for Secure Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for On-Demand Isolated I/O Channels for Secure Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links