×

System for providing secure and trusted computing environments

  • US 7,716,720 B1
  • Filed: 06/17/2005
  • Issued: 05/11/2010
  • Est. Priority Date: 06/17/2005
  • Status: Active Grant
First Claim
Patent Images

1. A system for providing a secure computing environment for an untrusted host, comprising:

  • a trusted bus switch, the trusted bus switch separating shared resources from a processor of said untrusted host and controlling access of said processor to said shared resources; and

    a controller subsystem coupled to said switch, the controller subsystem configured for executing a plurality of partitions with separation, the controller subsystem further configured for controlling said switch for enforcing a security policy and limiting application software to access only a corresponding partition included in the plurality of partitions, the controller subsystem including;

    a trusted processor for implementing inter-partition separation, controlling execution of a plurality of computing functions and enforcing time sharing through allocating a time slice for each of said plurality of computing functions;

    a partition management unit for monitoring and managing partitioned resources;

    a local memory; and

    a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources including memory and shared I/O devices and said controller subsystem reside on a trusted side of said switch and said processor resides on an untrusted side of said switch,wherein said computing function at a selected security level is executed in each time slice.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×