Secure inter-process communication

US 9,672,052 B1
Filed: 02/16/2012
Issued: 06/06/2017
Est. Priority Date: 02/16/2012
Status: Active Grant

First Claim

Patent Images

1. A system having one or more physical machines, comprising:

a secure execution domain established on a host operating system executing a first trusted process;

a hardware virtualization component operating within the secure execution domain and configured to implement a virtual machine, wherein the virtual machine is a hardware virtualization of a data processing apparatus, and wherein the virtual machine is isolated such that the virtual machine has limited access to resources not included in the virtual machine and the hardware virtualization component, and comprises;

a shared virtual memory device within the virtual machine; and

a guest software application, executed within the virtual machine and communicatively coupled to the shared virtual memory device, the virtual machine being configured such that the guest software application executed in the virtual machine does not have access to memory and resources that are external to the virtual machine and the guest software application can communicate with a second trusted process executed within the secure execution domain but external to the virtual machine using only the shared virtual memory device;

the second trusted process running in the secure execution domain on the host operating system, the second trusted process being separate from the virtual machine and enabled to access at least some of the resources of the secure execution domain, wherein the second trusted process is communicatively coupled to the shared virtual memory device and configured to communicate with the guest software application only through the shared virtual memory device via a communication channel using a memory driver associated with the snared virtual memory device,wherein communications between the second trusted process and the guest software application are secure communications based on the guest software application being configured such that the guest software application does not have access to memory and resources that are external to the virtual machine and can communicate with the second trusted process using only the shared virtual memory device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Among other disclosed subject matter, a system includes a secure execution domain configured to execute trusted processes. The system also includes a hardware virtualization component in the secure execution domain and configured to implement a virtual machine. The virtual machine is a hardware virtualization of a data processing apparatus and includes a shared virtual memory device and a guest software application coupled to the shared virtual memory device. The system also includes a trusted process in the secure execution domain, separate from the virtual machine and coupled to the shared virtual memory device. The trusted process is configured to communicate with the guest software application through the shared virtual memory device. Communication with the guest software application includes secure communication.

Citations

18 Claims

1. A system having one or more physical machines, comprising:
- a secure execution domain established on a host operating system executing a first trusted process;
  
  a hardware virtualization component operating within the secure execution domain and configured to implement a virtual machine, wherein the virtual machine is a hardware virtualization of a data processing apparatus, and wherein the virtual machine is isolated such that the virtual machine has limited access to resources not included in the virtual machine and the hardware virtualization component, and comprises;
  
  a shared virtual memory device within the virtual machine; and
  
  a guest software application, executed within the virtual machine and communicatively coupled to the shared virtual memory device, the virtual machine being configured such that the guest software application executed in the virtual machine does not have access to memory and resources that are external to the virtual machine and the guest software application can communicate with a second trusted process executed within the secure execution domain but external to the virtual machine using only the shared virtual memory device;
  
  the second trusted process running in the secure execution domain on the host operating system, the second trusted process being separate from the virtual machine and enabled to access at least some of the resources of the secure execution domain, wherein the second trusted process is communicatively coupled to the shared virtual memory device and configured to communicate with the guest software application only through the shared virtual memory device via a communication channel using a memory driver associated with the snared virtual memory device,wherein communications between the second trusted process and the guest software application are secure communications based on the guest software application being configured such that the guest software application does not have access to memory and resources that are external to the virtual machine and can communicate with the second trusted process using only the shared virtual memory device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the second trusted process is configured to provide data from a database to the guest software application using the shared virtual memory device.
  - 3. The system of claim 1 wherein the secure communication between the second trusted process and guest software application comprises a Unix domain socket.
  - 4. The system of claim 1 wherein the shared virtual memory device comprises a semaphore configured to control access to the shared virtual memory device.
  - 5. The system of claim 1 wherein the guest software application comprises an untrusted software application.
  - 6. The system of claim 5 wherein the untrusted software application comprises a software application associated with a third party user that is associated with the virtual machine.
  - 7. The system of claim 1 wherein the second trusted process comprises a software application associated with an operator of the secure execution domain.
  - 8. The system of claim 1 wherein the shared virtual memory device comprises a virtualization of a Peripheral Component Interconnect device including memory.
  - 9. The system of claim 1 wherein a communication between the second trusted process and the guest software application comprises:
    - data written into the shared virtual memory device; and
      
      the signal provided to the guest software application to indicate that data has been written into the shared virtual memory device, wherein the signal is provided to the guest software application using the communication channel.

10. A computer-implemented method comprising:
- executing, by one or more physical machines, a secure execution domain established on a host operating system executing a first trusted process;
  
  executing a hardware virtualization component operating within the secure execution domain and the hardware virtualization component implementing a virtual machine, wherein the virtual machine is a hardware virtualization of a data processing apparatus, and wherein the virtual machine is isolated such that the virtual machine has limited access to resources not included in the virtual machine and the hardware virtualization component, and comprises;
  
  a shared virtual memory device within the virtual machine; and
  
  a guest software application, executed within the virtual machine and communicatively coupled to the shared virtual memory device, the virtual machine being configured such that the guest software application executed in the virtual machine does not have access to memory and resources that are external to the virtual machine and the guest software application can communicate with a second trusted process executed within the secure execution domain but external to the virtual machine using only the shared virtual memory device;
  
  executing the second trusted process, the second trusted process running in the secure execution domain on the host operating system, the second trusted process being separate from the virtual machine and enabled to access at least some of the resources of the secure execution domain, wherein the second trusted process is communicatively coupled to the shared virtual memory device and configured to communicate with the guest software application only through the shared virtual memory device via a communication channel using a memory driver associated with the shared virtual memory device; and
  
  exchanging data between the guest software application and the second trusted process, wherein communications between the second trusted process and the guest software application are secure communications based on the guest software application being configured such that the guest software application does not have access to memory and resources that are external to the virtual machine and can communicate with the second trusted process using only the shared virtual memory device.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-implemented method of claim 10, wherein exchanging data comprises:
    - writing data to the shared virtual memory device, wherein the data is from the second trusted process;
      
      providing a signal to the guest software application to indicate that data has been written into the shared virtual memory device; and
      
      in response to the signal, reading the data from the shared virtual memory device, wherein the data is read from the shared virtual memory device by the guest software application.
  - 12. The computer-implemented method of claim 11, wherein the signal comprises a flag or an interrupt signal.
  - 13. The computer-implemented method of claim 11, further comprising:
    - checking out a semaphore before writing data, wherein the semaphore is configured to control access to the shared virtual memory device.
  - 14. The computer-implemented method of claim 10, wherein the shared virtual memory device comprises a virtualization of a Peripheral Component Interconnect device including memory or a dual ported memory device.

15. A non-transitory computer readable medium encoded with a computer program comprising instructions that, when executed, operate to cause a computer to perform operations of:
- execute, on the computer, a secure execution domain established on a host operating system executing a first trusted process;
  
  execute a hardware virtualization component operating within the secure execution domain and the hardware virtualization component implementing a virtual machine, wherein the virtual machine is a hardware virtualization of a data processing apparatus, and wherein the virtual machine is isolated such that the virtual machine has limited access to resources not included in the virtual machine and the hardware virtualization component, and comprises;
  
  a shared virtual memory device within the virtual machine; and
  
  a guest software application, executed within the virtual machine and communicatively coupled to the shared virtual memory device, the virtual machine being configured such that the guest software application executed in the virtual machine does not have access to memory and resources that are external to the virtual machine and the guest software application can communicate with a second trusted process executed within the secure execution domain but external to the virtual machine using only the shared virtual memory device;
  
  execute the second trusted process, the second trusted process running in the secure execution domain on the host operating system, the second trusted process being separate from the virtual machine and enabled to access at least some of the resources of the secure execution domain, wherein the second trusted process is communicatively coupled to the shared virtual memory device and configured to communicate with the guest software application only through the shared virtual memory device via a communication channel using a memory driver associated with the shared virtual memory device; and
  
  exchange data between the guest software application and the second trusted process, wherein communications between the second trusted process and the guest software application are secure communications based on the guest software application being configured such that the guest software application does not have access to memory and resources that are external to the virtual machine and can communicate with the second trusted process using only the shared virtual memory device.
- View Dependent Claims (16, 17, 18)
- - 16. The computer readable medium of claim 15, further comprising instructions that, when executed, operate to cause the computer to perform operations:
    - writing data to the shared virtual memory device, wherein the data is from the second trusted process;
      
      providing a signal to the guest software application to indicate that data has been written into the shared virtual memory device; and
      
      in response to the signal, reading the data from the shared virtual memory device, wherein the data is read from the shared virtual memory device by the guest software application.
  - 17. The computer readable medium of claim 16, wherein the signal comprises a flag or an interrupt signal.
  - 18. The computer readable medium of claim 16 further comprising instructions that, when executed, operate to cause the computer to perform operations:
    - checking out a semaphore before writing data, wherein the semaphore is configured to control access to the shared virtual memory device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Henry, Robert R., Berreth, Frank, Moon, Eric A.
Primary Examiner(s)
An, Meng
Assistant Examiner(s)
Arcos, Caroline H

Application Number

US13/398,715
Time in Patent Office

1,937 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/46   Multiprogramming arrangements

G06F 9/50   Allocation of resources, e....

G06F 9/54   Interprogram communication

G06F 9/544   Buffers; Shared memory; Pipes

Secure inter-process communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure inter-process communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links