Execution stack securing process
First Claim
Patent Images
1. A computer-implemented method, comprising:
- separating, by a computing device, an image into a plurality of layers to form a trusted execution stack, each layer comprising a plurality of components combined into a logical grouping; and
hardening, by the computing device, each of the plurality of layers of the trusted execution stack, whereinthe hardening of the plurality of layers comprises digitally signing the respective logical grouping into the respective layer and applying a digital signature of each of the plurality of layers to a next layer in the plurality of layers such that each of the plurality of layers are authenticated in an order when loading the trusted execution stack, and the plurality of layers comprises hardware and software layers, and whereinthe hardening of each of the plurality of layers further comprises attesting firmware, hardware, reconfiguration hardware, hardware emulators, at least one host operating system, and at least one hypervisor.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach to securing an execution stack (or cloud architecture) is provided. For example, an image is separated into a plurality of layers to form a trusted execution stack. Each of the plurality of layers is hardened to secure key cloud components of the trusted execution stack.
46 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
separating, by a computing device, an image into a plurality of layers to form a trusted execution stack, each layer comprising a plurality of components combined into a logical grouping; and hardening, by the computing device, each of the plurality of layers of the trusted execution stack, wherein the hardening of the plurality of layers comprises digitally signing the respective logical grouping into the respective layer and applying a digital signature of each of the plurality of layers to a next layer in the plurality of layers such that each of the plurality of layers are authenticated in an order when loading the trusted execution stack, and the plurality of layers comprises hardware and software layers, and wherein the hardening of each of the plurality of layers further comprises attesting firmware, hardware, reconfiguration hardware, hardware emulators, at least one host operating system, and at least one hypervisor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
at least one processor; and memory comprising instructions, wherein the instructions, when executed by the at least one processor, are configured to cause the apparatus to; separate an image into a plurality of layers to form a trusted execution stack; harden each of the plurality of layers of the trusted execution stack; apply a digital signature of each of the plurality of layers to a next layer in the plurality of layers such that each of the plurality of layers are authenticated in an order when loading the trusted execution stack; digitally sign the entire trusted execution stack by applying one final signature across an entire enterprise layer of the plurality of layers as a multitude of signatures to ensure that each individual layer is trusted in the trusted execution stack, wherein the plurality of layers comprises hardware and software layers, and attest firmware, hardware, reconfiguration hardware, hardware emulators, at least one host operating system, and at least one hypervisor. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method, comprising:
-
separating, by a computing device, an image of a device into a plurality of layers to create a trusted execution stack, each layer comprising a plurality of components combined into a logical grouping; and hardening, by the computing device, each of the plurality of layers to secure the trusted execution stack, wherein the hardening of each of the plurality of layers comprises digitally signing the respective logical grouping into the respective layer and applying a digital signature of each of the plurality of layers to a next layer in the plurality of layers such that each of the plurality of layers are authenticated in an order when loading the trusted execution stack, and the plurality of layers comprises hardware and software layers, and wherein the hardening of each of the plurality of layers comprises attesting bare metal components, hosted components, or both. - View Dependent Claims (16, 17, 18, 19)
-
Specification