System for providing secure and trusted computing environments

US 7,716,720 B1
Filed: 06/17/2005
Issued: 05/11/2010
Est. Priority Date: 06/17/2005
Status: Active Grant

First Claim

Patent Images

1. A system for providing a secure computing environment for an untrusted host, comprising:

a trusted bus switch, the trusted bus switch separating shared resources from a processor of said untrusted host and controlling access of said processor to said shared resources; and

a controller subsystem coupled to said switch, the controller subsystem configured for executing a plurality of partitions with separation, the controller subsystem further configured for controlling said switch for enforcing a security policy and limiting application software to access only a corresponding partition included in the plurality of partitions, the controller subsystem including;

a trusted processor for implementing inter-partition separation, controlling execution of a plurality of computing functions and enforcing time sharing through allocating a time slice for each of said plurality of computing functions;

a partition management unit for monitoring and managing partitioned resources;

a local memory; and

a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources including memory and shared I/O devices and said controller subsystem reside on a trusted side of said switch and said processor resides on an untrusted side of said switch,wherein said computing function at a selected security level is executed in each time slice.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.

Citations

18 Claims

1. A system for providing a secure computing environment for an untrusted host, comprising:
- a trusted bus switch, the trusted bus switch separating shared resources from a processor of said untrusted host and controlling access of said processor to said shared resources; and
  
  a controller subsystem coupled to said switch, the controller subsystem configured for executing a plurality of partitions with separation, the controller subsystem further configured for controlling said switch for enforcing a security policy and limiting application software to access only a corresponding partition included in the plurality of partitions, the controller subsystem including;
  
  a trusted processor for implementing inter-partition separation, controlling execution of a plurality of computing functions and enforcing time sharing through allocating a time slice for each of said plurality of computing functions;
  
  a partition management unit for monitoring and managing partitioned resources;
  
  a local memory; and
  
  a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources including memory and shared I/O devices and said controller subsystem reside on a trusted side of said switch and said processor resides on an untrusted side of said switch,wherein said computing function at a selected security level is executed in each time slice.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system as described in claim 1, wherein said selected security level includes a Top secret level, a Secret level, and an Unclassified level.
  - 3. The system as described in claim 1, wherein said processor of said untrusted host and local I/O devices of said processor of said untrusted host reside on an untrusted side of said switch.
  - 4. The system as described in claim 3, wherein said local I/O devices of said processor of said untrusted host are not shared I/O devices.
  - 5. The system as described in claim 1, wherein said processor of said controller subsystem causes execution of a next scheduled computing function after finishing execution of a current computing function.
  - 6. The system as described in claim 5, wherein a current state of said processor of said untrusted host is saved and an internal state of said processor of said untrusted host is zeroized after finishing execution of said current computing function.
  - 7. The system as described in claim 6, wherein said next scheduled computing function is executed after said saved current state is loaded and a partition management unit state is re-established.
  - 8. The system as described in claim 1, wherein said partition management unit controls access to partitioned resources for each time slice.
  - 9. The system as described in claim 1, wherein said controller subsystem includes a decode path coupled to said partition management unit and shared resources.
  - 10. The system as described in claim 1, wherein said decode path is utilized to enforce separation requirements for smart I/O devices.
  - 11. The system as described in claim 10, wherein said smart I/O devices include biometrics devices.
  - 12. The system as described in claim 1, wherein said processor is COTS.

13. A system for providing a secure computing environment for an untrusted host wherein said untrusted host includes a first processor and a second processor, comprising:
- a controller subsystem for implementing security policies of said computing environment, said controller subsystem including;
  
  a processor for implementing inter-partition separation and controlling said first processor and said second processor to execute computing functions;
  
  a partition management unit being configured to interface with each processor through a local memory bus coupled to said each processor;
  
  a switch for controlling access of said first processor and said second processor to shared resources, wherein said switch performs a source selection function to prevent said second processor from accessing said memory; and
  
  a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources include memory and I/O resources residing on a trusted side of said switch,wherein each of said computing functions is executed at a selected security level in a time slice.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system as described in claim 13, wherein said processor of said controller subsystem causes said second processor to be zeroized and prepared for a next scheduled computing function while said first processor is executing a current computing function in a current time slice.
  - 15. The system as described in claim 13, wherein said processor of said controller subsystem causes said second processor to execute said next scheduled computing function after said first processor finishes executing said current computing function.
  - 16. The system as described in claim 13, wherein said partition management unit enforces access to shared resources for each time slice.
  - 17. The system as described in claim 13, wherein said switch is controlled by said controller subsystem.
  - 18. The system as described in claim 13, wherein said first processor and said second processor are COTS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Original Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Inventors
Mass, Allen P., Kamin, Raymond A. III, Koenck, Steven E., Hardin, David S., Marek, James A.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US11/155,874
Time in Patent Office

1,789 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

G06F 21/74 operating in dual or compar...

System for providing secure and trusted computing environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing secure and trusted computing environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links