Security domain in virtual environment

US 8,397,306 B1
Filed: 09/23/2010
Issued: 03/12/2013
Est. Priority Date: 09/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of generating a security domain, the method comprising:

defining the security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine to provide conditional access to a Trusted Platform Module (TMP) register,the security domain including kernel-space and user-space objects, and having a flag indicating the validity of the security domain;

allocating a memory space to a security domain, defining a root of trust area and associating computer resources with the security domain, such that the root of trust is guaranteed to be secure upon initialization of the security domain;

initializing the security domain using the root of trust, the security domain utilizing the memory space;

loading executable code into the security domain and the memory space;

allowing the executable code in the security domain access to the physical resources;

giving the executable code in the security domain permission to access the memory space; and

upon an attempt of illegal access to the memory space, setting the validity flag to indicate invalidity and invalidating the security domain;

wherein the domain invalidation is detectable by a user, andwherein, as long as the validity flag does not indicate invalidity, data stored in the memory space is known to be uncompromised.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for an isolated security domain which is a bounded area of the VM for protected objects. The objects are software units (including executable code data), hardware units (e.g., ports) or a combination thereof. The secure units in this area are accessible using secure rules used to ensure that objects are not malware. Authentication for connections to security domain is required and certain areas of the domain are made to be read only.

68 Citations

View as Search Results

31 Claims

1. A computer-implemented method of generating a security domain, the method comprising:
- defining the security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine to provide conditional access to a Trusted Platform Module (TMP) register,the security domain including kernel-space and user-space objects, and having a flag indicating the validity of the security domain;
  
  allocating a memory space to a security domain, defining a root of trust area and associating computer resources with the security domain, such that the root of trust is guaranteed to be secure upon initialization of the security domain;
  
  initializing the security domain using the root of trust, the security domain utilizing the memory space;
  
  loading executable code into the security domain and the memory space;
  
  allowing the executable code in the security domain access to the physical resources;
  
  giving the executable code in the security domain permission to access the memory space; and
  
  upon an attempt of illegal access to the memory space, setting the validity flag to indicate invalidity and invalidating the security domain;
  
  wherein the domain invalidation is detectable by a user, andwherein, as long as the validity flag does not indicate invalidity, data stored in the memory space is known to be uncompromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The method of claim 1, further comprising starting another security domain in the memory space after the invalidating.
  - 3. The method of claim 1, wherein a second security domain takes over functions of the security domain after the invalidating.
  - 4. The method of claim 1, wherein the executable code in the security domain includes operating system function calls.
  - 5. The method of claim 1, wherein the executable code in the security domain includes operating system function Application Process Interfaces (APIs).
  - 6. The method of claim 1, wherein the executable code in the security domain includes operating system function services.
  - 7. The method of claim 1, wherein the executable code is downloaded from a remote server.
  - 8. The method of claim 1, wherein the security domain controls any of the following resources:
    - operating system objects in user space;
      
      objects in kernel space;
      
      a virtual memory page;
      
      a physical page;
      
      a disk block;
      
      a file;
      
      a portion of a file; and
      
      file metadata.
  - 9. The method of claim 1, wherein the security domain controls any of the following resources:
    - page tables, including;
      
      page mapping tables;
      
      a Page Descriptor Entry (PDE);
      
      PTE;
      
      a Page Table Entry (PTE);
      
      a table of exports, including any of Dynamically Linked Libraries (DLLs) and shared libraries;
      
      an interrupts table;
      
      a shared memory page;
      
      a page file page; and
      
      a memory mapped file page.
  - 10. The method of claim 1, wherein the security domain controls any of the following resources:
    - configuration data which is processed during execution of domain code;
      
      an Input/Output (I/O) address range;
      
      a DMA (direct memory access) region;
      
      a Control Register 3 (CR3) map;
      
      hardware registers, including control registers;
      
      Advanced Programmable Interrupt Controller (APIC);
      
      Basic Input-Output System (BIOS) data;
      
      Extensible Firmware Interface (EFI) data; and
      
      an EPT map.
  - 11. The method of claim 1, wherein the security domain controls any of the following resources:
    - Peripheral Component Interface (PCI) devices;
      
      a memory bus;
      
      a Universal Serial Bus (USB);
      
      USB devices;
      
      a video card;
      
      a Graphical Processing Unit (GPU);
      
      a fire-wire bus;
      
      a fire-wire devices;
      
      a wireless device;
      
      a storage device;
      
      an infiniband device;
      
      a storage area network;
      
      coprocessors;
      
      processors extensions; and
      
      accelerator engines.
  - 12. The method of claim 1, wherein the security domain controls access to logical and physical resources.
  - 13. The method of claim 1, wherein the executable control includes Virtual Machine code.
  - 14. The method of claim 1, wherein the executable control includes hypervisor code.
  - 15. The method of claim 1, wherein the root of trust is launched after a host operating system (OS) is loaded into memory.
  - 16. The method of claim 1, wherein initializing the security domain and loading executable code into the security domain and the memory space is performed as an atomic operation.
  - 17. The method of claim 1, further comprising allowing a piece of code outside the memory space to access the memory space.
  - 18. The method of claim 1, wherein allowed access includes write to the memory space and/or reading from memory space and/or transferring control to the executable code in the memory space.
  - 19. The method of claim 1, wherein security of the root of trust is guaranteed by utilization of hardware support.
  - 20. The method of claim 19, wherein the hardware support includes any of:
    - Intel®
      
      Trusted Execution Technology;
      
      AMD Secure Virtual Machine;
      
      SecurCore processor;
      
      ARM TrustZone;
      
      Dallas Lock system personal identifier;
      
      Smart Card reader;
      
      Biometric identification hardware;
      
      Universal Serial Bus (USB) key; and
      
      Radio Frequency ID (RFID) identifier.
  - 21. The method of claim 1, wherein the physical resources include:
    - Trusted Platform Module registers;
      
      a Universal Serial Bus (USB) key;
      
      a Dallas lock key;
      
      SMART cards; and
      
      other secure areas.
  - 22. The method of claim 1, wherein the security domain is used for any of:
    - remote verification of a computing system'"'"'s assets and data center, including verification of hardware and installed software;
      
      secure wallet, banking and/or other databases access;
      
      secure certificate storage access; and
      
      secure antivirus and firewall implementation;
      
      access control means.
  - 23. The method of claim 1, wherein the domain invalidation includes a restriction for accessing the physical resources.
  - 24. The method of claim 1, wherein the executable code is isolated from the Host Operating System (OS).
  - 25. The method of claim 1, further comprising analyzing each access attempt to the memory space, and invalidating the security domain if the access attempt is illegal, wherein the illegal access attempt includes any of (a) write to the memory space (b) a read from memory space and (c) transferring control to the memory space.
  - 26. The method of claim 25, wherein the analyzing is performed using hardware means.
  - 27. The method of claim 25, wherein the access attempt is made from outside the security domain.
  - 28. The method of claim 1, wherein the security domain invalidation includes memory clearance.
  - 29. The method of claim 1, wherein the security domain is established automatically by compounding a set of secure data related to valid secure units.
  - 30. The method of claim 1, wherein the security domain invalidation includes memory/objects clearance.

31. A system for generating a security domain on a computer having a processor and a memory, the system comprising:
- a security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine to provide conditional access to a Trusted Platform Module (TMP) register,the security domain including kernel-space and user space-objects, and having a flag indicating the validity of the security domaina memory space in the memory allocated allocate to the security domain,a root of trust area having computer resources associated with the security domain, such that the root of trust is guaranteed to be secure upon initialization of the security domain;
  
  executable code loaded into the security domain and the memory space, such that the executable code in the security domain is permitted access to the physical resources to the memory space; and
  
  the security domain being invalidated upon an attempt of illegal access to the memory space, and the validity flag being set to indicate invalidity and the domain invalidation being detectable by a user andwherein, as long as the validity flag does not indicate invalidity, data stored in the memory space is known to be uncompromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Virtuozzo International GmbH
Original Assignee
Parallels Holdings Limited (HNA Technology Co. Ltd.)
Inventors
Tormasov, Alexander G.
Primary Examiner(s)
PHAM, LUU T

Application Number

US12/889,302
Time in Patent Office

901 Days
Field of Search

726/27, 726/15, 713/64, 713/65, 713/66, 711/163
US Class Current

726/27
CPC Class Codes

G06F 21/00 Security arrangements for p...

G06F 21/53 by executing in a restricte...

Security domain in virtual environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Security domain in virtual environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links