System for providing secure and trusted computing environments
First Claim
1. A system for providing a secure computing environment for an untrusted host, comprising:
- a trusted bus switch, the trusted bus switch separating shared resources from a processor of said untrusted host and controlling access of said processor to said shared resources; and
a controller subsystem coupled to said switch, the controller subsystem configured for executing a plurality of partitions with separation, the controller subsystem further configured for controlling said switch for enforcing a security policy and limiting application software to access only a corresponding partition included in the plurality of partitions, the controller subsystem including;
a trusted processor for implementing inter-partition separation, controlling execution of a plurality of computing functions and enforcing time sharing through allocating a time slice for each of said plurality of computing functions;
a partition management unit for monitoring and managing partitioned resources;
a local memory; and
a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources including memory and shared I/O devices and said controller subsystem reside on a trusted side of said switch and said processor resides on an untrusted side of said switch,wherein said computing function at a selected security level is executed in each time slice.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.
-
Citations
18 Claims
-
1. A system for providing a secure computing environment for an untrusted host, comprising:
-
a trusted bus switch, the trusted bus switch separating shared resources from a processor of said untrusted host and controlling access of said processor to said shared resources; and a controller subsystem coupled to said switch, the controller subsystem configured for executing a plurality of partitions with separation, the controller subsystem further configured for controlling said switch for enforcing a security policy and limiting application software to access only a corresponding partition included in the plurality of partitions, the controller subsystem including;
a trusted processor for implementing inter-partition separation, controlling execution of a plurality of computing functions and enforcing time sharing through allocating a time slice for each of said plurality of computing functions;
a partition management unit for monitoring and managing partitioned resources;
a local memory; and
a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent,wherein said shared resources including memory and shared I/O devices and said controller subsystem reside on a trusted side of said switch and said processor resides on an untrusted side of said switch, wherein said computing function at a selected security level is executed in each time slice. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for providing a secure computing environment for an untrusted host wherein said untrusted host includes a first processor and a second processor, comprising:
-
a controller subsystem for implementing security policies of said computing environment, said controller subsystem including; a processor for implementing inter-partition separation and controlling said first processor and said second processor to execute computing functions; a partition management unit being configured to interface with each processor through a local memory bus coupled to said each processor; a switch for controlling access of said first processor and said second processor to shared resources, wherein said switch performs a source selection function to prevent said second processor from accessing said memory; and a cryptographic engine, said cryptographic engine being configured for providing security separation between a first domain having a first security level and a second domain having a second security level, said second security level being a different security level than the first security level, said controller subsystem being configured for implementing intrinsic partitioning for providing an inter-partition separation of said shared resources, said intrinsic partitioning being operating system security pedigree-independent and hosted application security pedigree-independent, wherein said shared resources include memory and I/O resources residing on a trusted side of said switch, wherein each of said computing functions is executed at a selected security level in a time slice. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification