Secure platform voucher service for software components within an execution environment

US 8,132,003 B2
Filed: 09/28/2007
Issued: 03/06/2012
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

controlling, by a hardware processor running an operating system in a platform, operation of program logic in a guest execution environment;

identifying the program logic;

partitioning off a portion of the program logic to control access by the operating system to the portion of the program logic, wherein said partitioning comprises establishment of an active page table and a protected page table, which each store a copy of active content of the portion, wherein an attempt to access the active content of the portion in the active page table is referred to a corresponding location in the protected page table, such that any access of the protected page table outside locations storing the active content results in a page fault;

receiving a request from a remote entity for verification proof of integrity of the program logic, wherein the request includes a challenge;

signing the challenge with a private key for a virtual machine monitor (VMM); and

returning the signed challenge to the remote entity,wherein the request further includes a secret encrypted with a public key of a virtual machine monitor (VMM) of the platform, where the encrypted secret is decrypted by the VMM using the private key of the VMM and the secret is stored in the portion of the program logic such that only the program logic has access to the secret, and wherein the program logic uses the secret to establish a security association with the remote entity; and

wherein the VMM administers a plurality of parallel independent execution environments, including the guest execution environment, each of which has independent access to platform hardware resources and is configured to execute code on the hardware processor of the platform securely isolated from other execution environments and the VMM coordinates the access to the hardware platform resources from each of the plurality of parallel independent execution environments by monitoring and trapping register pointer changes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform'"'"'s public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

41 Citations

View as Search Results

9 Claims

1. A method comprising:
- controlling, by a hardware processor running an operating system in a platform, operation of program logic in a guest execution environment;
  
  identifying the program logic;
  
  partitioning off a portion of the program logic to control access by the operating system to the portion of the program logic, wherein said partitioning comprises establishment of an active page table and a protected page table, which each store a copy of active content of the portion, wherein an attempt to access the active content of the portion in the active page table is referred to a corresponding location in the protected page table, such that any access of the protected page table outside locations storing the active content results in a page fault;
  
  receiving a request from a remote entity for verification proof of integrity of the program logic, wherein the request includes a challenge;
  
  signing the challenge with a private key for a virtual machine monitor (VMM); and
  
  returning the signed challenge to the remote entity,wherein the request further includes a secret encrypted with a public key of a virtual machine monitor (VMM) of the platform, where the encrypted secret is decrypted by the VMM using the private key of the VMM and the secret is stored in the portion of the program logic such that only the program logic has access to the secret, and wherein the program logic uses the secret to establish a security association with the remote entity; and
  
  wherein the VMM administers a plurality of parallel independent execution environments, including the guest execution environment, each of which has independent access to platform hardware resources and is configured to execute code on the hardware processor of the platform securely isolated from other execution environments and the VMM coordinates the access to the hardware platform resources from each of the plurality of parallel independent execution environments by monitoring and trapping register pointer changes.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the platform is implemented as a virtual machine (VM) platform.
  - 3. The method of claim 1, further comprising verifying the challenge by the remote entity with the public key for the VMM.

4. A non-transitory machine-readable medium containing instructions which, when executed by a processing system, cause the processing system to perform a method, the method comprising:
- controlling, by a hardware processor running an operating system in a platform, operation of program logic in a guest execution environment;
  
  identifying the program logic;
  
  partitioning off a portion of the program logic to control access by the operating system to the portion of the program logic, wherein said partitioning comprises establishment of an active page table and a protected page table, which each store a copy of active content of the portion, wherein an attempt to access the active content of the portion in the active page table is referred to a corresponding location in the protected page table, such that any access of the protected page table outside locations storing the active content results in a page fault;
  
  receiving a request from a remote entity for verification proof of integrity of the program logic, wherein the request includes a challenge;
  
  signing the challenge with a private key for a virtual machine monitor (VMM); and
  
  returning the signed challenge to the remote entity,wherein the request further includes a secret encrypted with a public key of a virtual machine monitor (VMM) of the platform, where the encrypted secret is decrypted by the VMM using the private key of the VMM and the secret is stored in the portion of the program logic such that only the program logic has access to the secret, and wherein the program logic uses the secret to establish a security association with the remote entity; and
  
  wherein the VMM administers a plurality of parallel independent execution environments, including the guest execution environment, each of which has independent access to platform hardware resources and is configured to execute code on the hardware processor of the platform securely isolated from other execution environments and the VMM coordinates the access to the hardware platform resources from each of the plurality of parallel independent execution environments by monitoring and trapping register pointer changes.
- View Dependent Claims (5, 6)
- - 5. The non-transitory machine-readable medium of claim 4, wherein the platform is implemented as a virtual machine (VM) platform.
  - 6. The non-transitory machine-readable medium of claim 4, further comprising verifying the challenge by the remote entity with the public key for the VMM.

7. A system comprising:
- a hardware memory device, which stores program logic configured to be controlled by an operating system in a platform to operate within a guest execution environment; and
  
  management instructions, executable by a hardware processor, that identifies the program logic and to partition off a portion of the program logic and to control access by the operating system to the portion of the program logic, wherein the partitioning comprises establishment of an active page table and a protected page table, which each store a copy of active content of the portion, wherein an attempt to access the active content of the portion in the active page table is referred to a corresponding location in the protected page table, such that any access of the protected page table outside locations storing the active content results in a page fault,wherein the program logic stored on the hardware memory device is configured to receive a request from a remote entity for verification proof of integrity of the program logic, wherein the request includes a challenge, wherein the management instructions, executable by the hardware processor is configured to sign the challenge with a private key for a virtual machine monitor (VMM), and wherein the program logic stored on the hardware memory device is configured to return the signed challenge to the remote entity,wherein the request further includes a secret encrypted with a public key of the VMM of the platform, where the encrypted secret is decrypted by the VMM using the private key of the VMM and the secret is stored in the portion of the program logic such that only the program logic has access to the secret, and wherein the program logic stored on the hardware memory device uses the secret to establish a security association with the remote entity; and
  
  wherein the VMM administers a plurality of parallel independent execution environments, including the guest execution environment, each of which has independent access to platform hardware resources and is configured to execute code on the hardware processor of the platform securely isolated from other execution environments and the VMM coordinates the access to the hardware platform resources from each of the plurality of parallel independent execution environments by monitoring and trapping register pointer changes.
- View Dependent Claims (8, 9)
- - 8. The system of claim 7, wherein the platform is implemented as a virtual machine (VM) platform.
  - 9. The system of claim 7, wherein the remote entity to verify the challenge with the public key for the VMM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Durham, David, Khosravi, Hormuzd M., Blumenthal, Uri, Long, Men
Primary Examiner(s)
SHAN, APRIL YING

Application Number

US11/864,573
Publication Number

US 20080022129A1
Time in Patent Office

1,621 Days
Field of Search

713/190, 713/193, 713/150, 713/164, 713/170, 713/176, 713/169, 726/15, 711/6, 380/255, 380/282, 380/285, 717/171, 717/176
US Class Current

713/164
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 2209/60   Digital content management,...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/004   for fault attacks

H04L 9/3236   using cryptographic hash fu...

Secure platform voucher service for software components within an execution environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Secure platform voucher service for software components within an execution environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links