Cryptographic certification of secure hosted execution environments

US 9,425,965 B2
Filed: 02/13/2012
Issued: 08/23/2016
Est. Priority Date: 12/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method of persistence of an execution state, the method comprising:

providing, by a host operating system of a computing system, an instruction that causes a security-enabled processor of the computing system to initialize a hardware-protected memory area established in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area by code that executes outside of the hardware-protected memory area via one or more entry gates, the software included in the hardware-protected memory area being non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module;

providing, by the host operating system of the computing system, the hardware-protected memory area with an encrypted checkpoint, the encrypted checkpoint including at least execution state information of an execution state from another hardware-protected memory area established, by the security-enabled processor or by another security-enabled processor, in another initial state to include the software, the security-enabled processor or the other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with a persistence key, the persistence key sealed with a public key of the client system; and

causing, by the host operating system, the persistence module in the hardware-protected memory area to execute, the persistence module configured, upon execution, to perform acts comprising;

receiving the persistence key sealed with the public key,providing the persistence key sealed with the public key to the client system,receiving an unsealed persistence key from the client system,decrypting the encrypted checkpoint using the unsealed persistence key to generate the execution state information, andpopulating the hardware-protected memory area with the execution state information to recreate the execution state from the other hardware-protected memory area.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.

229 Citations

16 Claims

1. A method of persistence of an execution state, the method comprising:
- providing, by a host operating system of a computing system, an instruction that causes a security-enabled processor of the computing system to initialize a hardware-protected memory area established in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area by code that executes outside of the hardware-protected memory area via one or more entry gates, the software included in the hardware-protected memory area being non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module;
  
  providing, by the host operating system of the computing system, the hardware-protected memory area with an encrypted checkpoint, the encrypted checkpoint including at least execution state information of an execution state from another hardware-protected memory area established, by the security-enabled processor or by another security-enabled processor, in another initial state to include the software, the security-enabled processor or the other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with a persistence key, the persistence key sealed with a public key of the client system; and
  
  causing, by the host operating system, the persistence module in the hardware-protected memory area to execute, the persistence module configured, upon execution, to perform acts comprising;
  
  receiving the persistence key sealed with the public key,providing the persistence key sealed with the public key to the client system,receiving an unsealed persistence key from the client system,decrypting the encrypted checkpoint using the unsealed persistence key to generate the execution state information, andpopulating the hardware-protected memory area with the execution state information to recreate the execution state from the other hardware-protected memory area.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the method further comprises providing the persistence module with the sealed persistence key.
  - 3. The method of claim 1, wherein the other hardware-protected memory area was established on another computing system by the other security-enabled processor.
  - 4. The method of claim 3, wherein the execution state information of the other hardware-protected memory area was persisted prior to a shut-down of the other computing system.
  - 5. The method of claim 1, wherein the other hardware-protected memory area was established on the computing system by the other security-enabled processor.
  - 6. The method of claim 1, further comprising instructing the persistence module of the software loaded into the other hardware-protected memory area to quiesce all execution threads of the software executing within the other hardware-protected memory area other than an execution thread of the persistence module, and to encrypt the execution state information of the other hardware-protected memory area to generate the encrypted checkpoint.

7. A computer-readable storage device comprising a plurality of programming instructions that are executable by one or more processors to cause a computing system to:
- instruct a security-enabled processor of the computing system to initialize a hardware-protected memory area that is established in an initial state to include software and data identified in a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area, via one or more entry gates, by code that executes outside of the hardware-protected memory area, the hardware-protected memory area configured to execute non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module;
  
  provide the hardware-protected memory area with an encrypted checkpoint and a sealed persistence key, the encrypted checkpoint including at least execution state information from another hardware-protected memory area established, by the security-enabled processor or by another hardware-protected memory area, in another initial state, to include the software, the security-enabled processor or other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with the sealed persistence key, the sealed persistence key sealed with a public key of the security-enabled processor; and
  
  cause the persistence module in the hardware-protected memory area to execute, the persistence module configured to;
  
  receive the sealed persistence key,provide the sealed persistence key to the security-enabled processor,receive from the security-enabled processor an unsealed persistence key,decrypt the encrypted checkpoint using the unsealed persistence key to generate the execution state information from the other hardware-protected memory area, andpopulate the hardware-protected memory area with the execution state information to recreate an execution state from the other hardware-protected memory area.
- View Dependent Claims (8, 9, 10)
- - 8. The computer-readable storage device of claim 7, wherein the other hardware-protected memory area was established on another computing system, and wherein the execution state of the other hardware-protected memory area is migrated to the hardware-protected memory area of the computing system from the other computing system.
  - 9. The computer-readable storage device of claim 7, wherein the other hardware-protected memory area was established on the computing system, and wherein the execution state of the other hardware-protected memory area is re-created in the hardware-protected memory area on the computing system.
  - 10. The computer-readable storage device of claim 7, wherein the plurality of programming instructions are further executable by the one or more processors to cause the computing system to instruct the persistence module of the software loaded into the other hardware-protected memory area to quiesce all execution threads of the software executing within the other hardware-protected memory area other than an execution thread of the persistence module, and to encrypt the execution state information of the other hardware-protected memory area to generate the encrypted checkpoint.

11. A computing system comprising:
- a memory;
  
  one or more processors, including a security-enabled processor configured to establish at least a hardware-protected memory area on the memory in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access via one or more entry gates to the hardware-protected memory area by code that executes outside of the hardware-protected memory area, the hardware-protected memory area configured to execute non-kernel mode code; and
  
  one or more programming instructions executable by the one or more processors to;
  
  instruct a loader module of the software in the hardware-protected memory area to execute, the loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the security-enabled processor has established the hardware-protected memory area in the initial state to include only the software and data identified by the request from the client system;
  
  instruct, in response to another request to persist an execution state of the hardware-protected memory area, a persistence module of the software stored in the hardware-protected memory area to execute, the persistence module configured to;
  
  cause execution threads associated with the execution state of the hardware-protected memory area, not including an execution thread associated with the persistence module, to quiesce;
  
  store execution state information of the execution state to the hardware-protected memory area;
  
  encrypt contents of the hardware-protected memory area, including the state information, to form an encrypted checkpoint, the encrypted checkpoint encrypted with a persistence key;
  
  seal the persistence key using a client public key of the client system or with a processor key of either the security-enabled processor or another security-enabled processor of a migration computing system to create a sealed persistence key; and
  
  transmit to persistent storage the encrypted checkpoint and the sealed persistence key.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computing system of claim 11, wherein the other request to persist the execution state includes a request to migrate hardware-protected memory area to the migration computing system.
  - 13. The computing system of claim 11, wherein the other request to persist the execution state includes a request to re-create the hardware-protected memory area on the computing system.
  - 14. The computing system of claim 11, wherein the one or more programming instructions are further executable by the one or more processors to cause another persistence module to be instantiated on another hardware-protected memory area by the security-enabled processor or by the other security-enabled processor, the other persistence module configured to cause the sealed persistence key to be unsealed to generate the persistence key and to decrypt the encrypted checkpoint using the persistence key.
  - 15. The computing system of claim 14, wherein the other persistence module is further configured to:
    - receive the sealed persistence key,transmit the sealed persistence key to the security-enabled processor or to the other security-enabled processor,receive the persistence key from the security-enabled processor or from the other security-enabled processor,decrypt the encrypted checkpoint using the persistence key, andload one or more execution threads associated with the execution state of hardware-protected memory area.
  - 16. The computing system of claim 14, wherein the other persistence module is further configured to:
    - receive the sealed persistence key;
      
      transmit the sealed persistence key to the client system;
      
      receive the persistence key from the client system;
      
      decrypt the encrypted checkpoint using the persistence key; and
      
      load one or more of the execution threads associated with the execution state of the hardware-protected memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Baumann, Andrew A., Hunt, Galen C., Peinado, Marcus
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US13/372,390
Publication Number

US 20130151848A1
Time in Patent Office

1,653 Days
Field of Search

713/150, 713/164, 713/166
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 9/3263   involving certificates, e.g...

Cryptographic certification of secure hosted execution environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

229 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic certification of secure hosted execution environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

229 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links