Securing customer virtual machines in a multi-tenant cloud
First Claim
1. A method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, comprising:
- configuring a server computer with an attestation module;
installing a software stack on the server computer;
measuring, with the attestation module, a static property of the software stack and storing the measurement in the attestation module;
receiving a request to start a virtual machine using the software stack on the server computer;
in response to receiving the request to start the virtual machine, transmitting the measurement stored in the attestation module to an external entity and, in response to a verification that the measurement matches an expected value at the external entity, receiving from the external entity a key for running the virtual machine using the software stack;
running the virtual machine on top of the software stack using the key;
receiving a request to execute a management operation on the virtual machine; and
creating an audit trail by sending the management operation to the external entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A trusted virtualization platform protects sensitive customer data during operation of virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.
-
Citations
23 Claims
-
1. A method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, comprising:
-
configuring a server computer with an attestation module; installing a software stack on the server computer; measuring, with the attestation module, a static property of the software stack and storing the measurement in the attestation module; receiving a request to start a virtual machine using the software stack on the server computer; in response to receiving the request to start the virtual machine, transmitting the measurement stored in the attestation module to an external entity and, in response to a verification that the measurement matches an expected value at the external entity, receiving from the external entity a key for running the virtual machine using the software stack; running the virtual machine on top of the software stack using the key; receiving a request to execute a management operation on the virtual machine; and creating an audit trail by sending the management operation to the external entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory machine readable storage medium for securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, the machine readable storage medium having computer instructions encoded thereon causing a computer configured as a trusted virtualization platform to perform a method, the method comprising:
-
receiving a request for a key to run a virtual machine on a server computer configured with an attestation module, the key request initiated by a request for a virtual machine received at the server computer, the key request including a customer ID associated with the virtual machine; in response to the key request, requesting the server computer for static property measurements of a software stack on top which the virtual machine will be run, the static property measurements stored in the attestation module on the server computer; receiving the static property measurements stored in the attestation module from the server computer; confirming from the static property measurements that the software stack is a trusted software stack by verifying that the static property measurements stored in the attestation module match an expected value and, after said confirming, transmitting to the server computer the key to run the virtual machine on the server computer; receiving a request to execute a management operation on the virtual machine; and creating an audit trail by storing the requested management operation. - View Dependent Claims (20, 21)
-
-
14. The machine readable storage medium of 13, wherein the method further comprises:
-
receiving a public key of the attestation module from the server computer; and searching for the public key in an inventory associated with the multi-tenant data center, wherein the key to run the virtual machine on the server computer is transmitted to the server computer after it is confirmed that the public key has been found in the inventory of associated with the multi-tenant data center.
-
-
15. The machine readable storage medium of 13, wherein the method further comprises:
-
receiving a request to perform an operation on the virtual machine running on the server computer; and examining a policy associated with the virtual machine and transmitting a key for performing the operation on the virtual machine if the policy permits the operation and transmitting a message denying the request if the policy does not permit the operation.
-
-
16. The machine readable storage medium of 13, wherein the method further comprises:
after the virtual machine is running on the server computer, transmitting a key for encrypting and decrypting data stored in a virtual disk of the virtual machine.
-
17. The machine readable storage medium of 13, wherein the method further comprises:
-
receiving a request to transmit a network packet to another virtual machine running in a different server computer; confirming that the different server computer is running a trusted software stack and said another virtual machine is running on top of the trusted software stack; and upon said confirming, transmitting to the server computer a key for encrypting the network packet to be transmitted to said another virtual machine.
-
-
18. The machine readable storage medium of 13, wherein the method further comprises:
-
receiving a public portion of an attestation identification key (AIK) from the server computer, wherein the static property measurements are encrypted with a private portion of the AIK and decrypted using the public portion of the AIK.
-
-
19. The machine readable storage medium of 13, wherein the method further comprises:
-
transmitting a random nonce to the server computer; and confirming that the static property measurements were actually transmitted by the server computer when the random nonce is also received from the server computer.
-
-
22. A multi-tenant data center system comprising:
-
a plurality of server computers, each of which is configured with a trusted platform module (TPM) and a trusted virtualization platform having one or more software layers on top of which a virtual machine is to be executed; and a persistent storage system coupled to the server computers, in which files for launching the virtual machine are stored, the files including an encrypted portion and a plain text portion that identifies a customer and a network location associated with the customer, wherein the trusted virtualization platform is programmed to; create an audit trail by reporting any changes to the trusted virtualization platform to the network location associated with the customer; in response to receiving a request for a virtual machine, obtain one or more keys from the network location associated with the customer to decrypt the encrypted portion of the files for launching the customer application, the one or more keys obtained by transmitting one or more measurements stored in the TPM to the network location and receiving the one or more keys if the one or more measurements match expected values in the network location; receiving a request to execute a management operation on the virtual machine; and adding the requested management operation to the audit trail by sending the management operation to the network location associated with the customer. - View Dependent Claims (23)
-
Specification