Cryptographic certification of secure hosted execution environments
First Claim
Patent Images
1. A method of persistence of an execution state, the method comprising:
- providing, by a host operating system of a computing system, an instruction that causes a security-enabled processor of the computing system to initialize a hardware-protected memory area established in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area by code that executes outside of the hardware-protected memory area via one or more entry gates, the software included in the hardware-protected memory area being non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module;
providing, by the host operating system of the computing system, the hardware-protected memory area with an encrypted checkpoint, the encrypted checkpoint including at least execution state information of an execution state from another hardware-protected memory area established, by the security-enabled processor or by another security-enabled processor, in another initial state to include the software, the security-enabled processor or the other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with a persistence key, the persistence key sealed with a public key of the client system; and
causing, by the host operating system, the persistence module in the hardware-protected memory area to execute, the persistence module configured, upon execution, to perform acts comprising;
receiving the persistence key sealed with the public key,providing the persistence key sealed with the public key to the client system,receiving an unsealed persistence key from the client system,decrypting the encrypted checkpoint using the unsealed persistence key to generate the execution state information, andpopulating the hardware-protected memory area with the execution state information to recreate the execution state from the other hardware-protected memory area.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
229 Citations
16 Claims
-
1. A method of persistence of an execution state, the method comprising:
-
providing, by a host operating system of a computing system, an instruction that causes a security-enabled processor of the computing system to initialize a hardware-protected memory area established in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area by code that executes outside of the hardware-protected memory area via one or more entry gates, the software included in the hardware-protected memory area being non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module; providing, by the host operating system of the computing system, the hardware-protected memory area with an encrypted checkpoint, the encrypted checkpoint including at least execution state information of an execution state from another hardware-protected memory area established, by the security-enabled processor or by another security-enabled processor, in another initial state to include the software, the security-enabled processor or the other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with a persistence key, the persistence key sealed with a public key of the client system; and causing, by the host operating system, the persistence module in the hardware-protected memory area to execute, the persistence module configured, upon execution, to perform acts comprising; receiving the persistence key sealed with the public key, providing the persistence key sealed with the public key to the client system, receiving an unsealed persistence key from the client system, decrypting the encrypted checkpoint using the unsealed persistence key to generate the execution state information, and populating the hardware-protected memory area with the execution state information to recreate the execution state from the other hardware-protected memory area. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage device comprising a plurality of programming instructions that are executable by one or more processors to cause a computing system to:
-
instruct a security-enabled processor of the computing system to initialize a hardware-protected memory area that is established in an initial state to include software and data identified in a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area, via one or more entry gates, by code that executes outside of the hardware-protected memory area, the hardware-protected memory area configured to execute non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module; provide the hardware-protected memory area with an encrypted checkpoint and a sealed persistence key, the encrypted checkpoint including at least execution state information from another hardware-protected memory area established, by the security-enabled processor or by another hardware-protected memory area, in another initial state, to include the software, the security-enabled processor or other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with the sealed persistence key, the sealed persistence key sealed with a public key of the security-enabled processor; and cause the persistence module in the hardware-protected memory area to execute, the persistence module configured to; receive the sealed persistence key, provide the sealed persistence key to the security-enabled processor, receive from the security-enabled processor an unsealed persistence key, decrypt the encrypted checkpoint using the unsealed persistence key to generate the execution state information from the other hardware-protected memory area, and populate the hardware-protected memory area with the execution state information to recreate an execution state from the other hardware-protected memory area. - View Dependent Claims (8, 9, 10)
-
-
11. A computing system comprising:
-
a memory; one or more processors, including a security-enabled processor configured to establish at least a hardware-protected memory area on the memory in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access via one or more entry gates to the hardware-protected memory area by code that executes outside of the hardware-protected memory area, the hardware-protected memory area configured to execute non-kernel mode code; and one or more programming instructions executable by the one or more processors to; instruct a loader module of the software in the hardware-protected memory area to execute, the loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the security-enabled processor has established the hardware-protected memory area in the initial state to include only the software and data identified by the request from the client system; instruct, in response to another request to persist an execution state of the hardware-protected memory area, a persistence module of the software stored in the hardware-protected memory area to execute, the persistence module configured to; cause execution threads associated with the execution state of the hardware-protected memory area, not including an execution thread associated with the persistence module, to quiesce; store execution state information of the execution state to the hardware-protected memory area; encrypt contents of the hardware-protected memory area, including the state information, to form an encrypted checkpoint, the encrypted checkpoint encrypted with a persistence key; seal the persistence key using a client public key of the client system or with a processor key of either the security-enabled processor or another security-enabled processor of a migration computing system to create a sealed persistence key; and transmit to persistent storage the encrypted checkpoint and the sealed persistence key. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification