×

Security domain in virtual environment

  • US 8,839,455 B1
  • Filed: 02/14/2013
  • Issued: 09/16/2014
  • Est. Priority Date: 09/23/2009
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method of generating a security domain, the method comprising:

  • defining the security domain representing a bounded area of a Virtual Machine for storing protected objects of the Virtual Machine and to enable signing of code using a Trusted Platform Module (TPM),the security domain including kernel-space and user-space objects, and having a flag indicating the validity of the security domain;

    allocating a memory space to the security domain and defining a root of trust area, such that the root of trust is guaranteed to be secure upon initialization of the security domain;

    initializing the security domain using the root of trust;

    loading executable code into the memory space;

    allowing the executable code in the security domain access to physical resources of a computer and to the memory space; and

    after an access attempt to the memory space from outside the memory space, setting the validity flag to indicate invalidity and invalidating the security domain,otherwise treating the security domain as uncompromised.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×