Multiple trusted computing environments
First Claim
Patent Images
1. A method, comprising:
- (a) providing a host operating system;
(b) obtaining an integrity metric for the host operating system, wherein obtaining the integrity metric includes performing a hash function to all or selected data files associated with the host operating system;
(c) running a plurality of virtual machine applications on the host operating system;
(d) running a guest operating system in each of the virtual machine applications; and
(e) obtaining an integrity metric for each of the virtual machine applications.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.
145 Citations
28 Claims
-
1. A method, comprising:
-
(a) providing a host operating system; (b) obtaining an integrity metric for the host operating system, wherein obtaining the integrity metric includes performing a hash function to all or selected data files associated with the host operating system; (c) running a plurality of virtual machine applications on the host operating system; (d) running a guest operating system in each of the virtual machine applications; and (e) obtaining an integrity metric for each of the virtual machine applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for verifying integrity of a plurality of trusted computing environments on a single host computing platform running a host operating system, each computing environment comprising a virtual machine application and a guest operating system running in the virtual machine application, the method comprising:
-
(a) identifying the plurality of virtual machine applications; (b) supplying integrity metric of the host operating system, wherein at least a portion of the integrity metric corresponds to a result from applying a hash function to all or selected data files associated with the host operating system; and (c) supplying integrity metrics associated with the plurality of virtual machine applications. - View Dependent Claims (22)
-
-
23. A computing platform, comprising:
a host operating system; a plurality of virtual machine applications each comprising a guest operating system running on the host operating system; a computing unit including a main processor on which the virtual machine applications run; and a trusted device that is separate from the main processor and configured to determine an integrity metric of the host operating system and an integrity metric of each virtual machine application, wherein the trusted device calculates the integrity metric for the host operating system by applying a hash function to all or selected data files associated with the host operating system. - View Dependent Claims (24, 25, 26, 27)
-
28. A method comprising:
-
(a) providing a host operating system; (b) obtaining and storing an integrity metric for the host operating system, wherein at least a portion of the integrity metric corresponds to a result from applying a hash function to all or selected data files associated with the host operating system; (c) providing a plurality of discrete, logically distinct, computing environments each comprising a respective guest operating system running on the host operating system; and (d) obtaining and storing an integrity metric for each of the guest operating systems.
-
Specification