Security domain in virtual environment

US 8,839,455 B1
Filed: 02/14/2013
Issued: 09/16/2014
Est. Priority Date: 09/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of generating a security domain, the method comprising:

defining the security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine and to enable signing of code using a Trusted Platform Module (TPM),the security domain including kernel-space and user-space objects, and having a flag indicating the validity of the security domain;

allocating a memory space to the security domain and defining a root of trust area, such that the root of trust is guaranteed to be secure upon initialization of the security domain;

initializing the security domain using the root of trust;

loading executable code into the memory space;

allowing the executable code in the security domain access to physical resources of a computer and to the memory space; and

after an access attempt to the memory space from outside the memory space, setting the validity flag to indicate invalidity and invalidating the security domain,otherwise treating the security domain as uncompromised.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for an isolated security domain which is a bounded area of the VM for protected objects. The objects include executable code and/or data, hardware units (e.g., ports) or a combination thereof. The secure units in this area are accessible using secure rules used to ensure that objects are not malware. Authentication for connections to security domain is required and certain areas of the domain are made to be read only.

Citations

21 Claims

1. A computer-implemented method of generating a security domain, the method comprising:
- defining the security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine and to enable signing of code using a Trusted Platform Module (TPM),the security domain including kernel-space and user-space objects, and having a flag indicating the validity of the security domain;
  
  allocating a memory space to the security domain and defining a root of trust area, such that the root of trust is guaranteed to be secure upon initialization of the security domain;
  
  initializing the security domain using the root of trust;
  
  loading executable code into the memory space;
  
  allowing the executable code in the security domain access to physical resources of a computer and to the memory space; and
  
  after an access attempt to the memory space from outside the memory space, setting the validity flag to indicate invalidity and invalidating the security domain,otherwise treating the security domain as uncompromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising starting another security domain in the memory space after the invalidating.
  - 3. The method of claim 1, wherein a second security domain takes over functions of the security domain after the invalidating.
  - 4. The method of claim 1, wherein the executable code in the security domain includes operating system function calls.
  - 5. The method of claim 1, wherein the executable code in the security domain includes operating system Application Process Interfaces (APIs).
  - 6. The method of claim 1, wherein the executable code is downloaded from a remote server.
  - 7. The method of claim 1, wherein the secure domain controls any of the following resources:
    - operating system objects in user space;
      
      objects in kernel space;
      
      a virtual memory page;
      
      a physical page;
      
      a disk block;
      
      a file;
      
      a portion of a file; and
      
      file metadata.
  - 8. The method of claim 1, wherein the secure domain controls any of the following resources:
    - page tables, including;
      
      page mapping tables;
      
      a Page Descriptor Entry (PDE);
      
      a Page Table Entry (PTE);
      
      a table of exports, including any of Dynamically Linked Libraries (DLLs) and shared libraries;
      
      an interrupts table;
      
      a shared memory page;
      
      a page file page; and
      
      a memory mapped file page.
  - 9. The method of claim 1, wherein the secure domain controls any of the following resources:
    - configuration data which is processed during execution of domain code;
      
      an Input/Output (I/O) address range;
      
      a DMA (direct memory access) region;
      
      a Control Register 3 (CR3) map;
      
      hardware registers, including control registers;
      
      Advanced Programmable Interrupt Controller (APIC);
      
      Basic Input-Output System (BIOS) data;
      
      Extensible Firmware Interface (EFI) data; and
      
      an EPT map.
  - 10. The method of claim 1, wherein the secure domain controls any of the following resources:
    - Peripheral Component Interface (PCI) devices;
      
      a memory bus;
      
      a Universal Serial Bus (USB);
      
      USB devices;
      
      a video card;
      
      a Graphical Processing Unit (GPU);
      
      a fire-wire bus;
      
      a fire-wire devices;
      
      a wireless device;
      
      a storage device;
      
      an infiniband device;
      
      a storage area network;
      
      coprocessors;
      
      processors extensions; and
      
      accelerator engines.
  - 11. The method of claim 1, wherein the secure domain controls access to a register of the Trusted Platform Module (TPM).
  - 12. The method of claim 1, wherein the root of trust is launched after a host operating system (OS) is loaded into memory.
  - 13. The method of claim 1, wherein initializing the security domain and loading executable code into the security domain and the memory space is performed as an atomic operation.
  - 14. The method of claim 1, wherein allowed access includes writes to the memory space and/or reads from memory space and/or transferring control to the executable code in the memory space.
  - 15. The method of claim 1, wherein security of the root of trust is guaranteed by utilization of hardware support.
  - 16. The method of claim 15, wherein the hardware support includes any of:
    - Intel®
      
      Trusted Execution Technology;
      
      AMD Secure Virtual Machine;
      
      SecurCore processor;
      
      ARM TrustZone;
      
      a Dallas Lock system personal identifier;
      
      a Smart Card reader;
      
      Biometric identification hardware;
      
      a Universal Serial Bus (USB) key; and
      
      a Radio Frequency ID (RFID) identifier.
  - 17. The method of claim 1, wherein the secure domain is used for any of:
    - remote verification of a computing system'"'"'s assets and data center, including verification of hardware and installed software;
      
      secure wallet, banking and/or other databases access;
      
      secure certificate storage access; and
      
      secure antivirus and firewall implementation;
      
      access control means.
  - 18. The method of claim 1, further comprising analyzing each access attempt to the memory space, and invalidating the security domain if the access attempt is illegal, wherein the illegal access attempt includes any of (a) write to the memory space (b) a read from memory space and (c) transferring control to the memory space.
  - 19. The method of claim 1, wherein all access attempts to the memory space from outside the security domain are treated as illegal and trigger invalidating the security domain.
  - 20. The method of claim 1, wherein all write attempts to the memory space from outside the security domain are treated as illegal and trigger invalidating the security domain.

21. A system for generating a security domain on a computer having a processor and a memory, the system comprising:
- a security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine and to enable signing of code using a Trusted Platform Module (TPM),the security domain including kernel-space and user space-objects, and having a flag indicating the validity of the security domain;
  
  a memory space in the memory allocated to the security domain,a root of trust area associated with the security domain, such that the root of trust is guaranteed to be secure upon initialization of the security domain;
  
  executable code loaded into the memory space, such that the executable code in the security domain is permitted access to physical resources; and
  
  after an access attempt to the memory space from outside the memory space, the validity flag is set to indicate invalidity and the security domain is invalidated,otherwise the security domain is treated as uncompromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Virtuozzo International GmbH
Original Assignee
Parallels Holdings Limited (HNA Technology Co. Ltd.)
Inventors
Tormasov, Alexander G.
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/766,837
Time in Patent Office

579 Days
Field of Search

726/27, 713/164, 713/165, 713/166
US Class Current

726/27
CPC Class Codes

G06F 21/00 Security arrangements for p...

G06F 21/53 by executing in a restricte...

Security domain in virtual environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Security domain in virtual environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links