Methods and systems for securing sensitive information using a hypervisor-trusted client
First Claim
1. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a method for securing information using a hypervisor-trusted client, comprising:
- executing, by a hypervisor, a control virtual machine;
requesting, by a user of a non-trusted virtual machine executed by a processor of a computing device, to establish a connection to a remote computing device, wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine;
launching, by the control virtual machine executed by the processor of the computing device, a client agent, responsive to the request, the client agent authorized to access the remote computing device, wherein launching the client agent comprises creating an instance of the client agent;
assigning, by a graphics manager executed by the processor of the computing device, a secure section of a memory of a graphics processing unit of the computing device to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent having a different level of access than the non-trusted virtual machine;
rendering, by the graphics manager, graphical data generated by the client agent to the secure section of the memory of the graphics processing unit;
receiving, by the graphics manager, a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit;
preventing, by the graphics manager, the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit;
establishing, by the control virtual machine, a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device;
receiving, by the client agent, via the secure communications channel, a message from the non-trusted virtual machine, the message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein only the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data;
gathering, by the client agent, the at least one of security credentials and access credentials from the user in a secure trusted environment; and
establishing, by the client agent, a connection with the remote computing device with the received network address.
8 Assignments
0 Petitions
Accused Products
Abstract
The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine requests to establish a connection to a remote computing device. Responsive to the request, a control virtual machine launches a client agent. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.
-
Citations
17 Claims
-
1. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a method for securing information using a hypervisor-trusted client, comprising:
-
executing, by a hypervisor, a control virtual machine; requesting, by a user of a non-trusted virtual machine executed by a processor of a computing device, to establish a connection to a remote computing device, wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine; launching, by the control virtual machine executed by the processor of the computing device, a client agent, responsive to the request, the client agent authorized to access the remote computing device, wherein launching the client agent comprises creating an instance of the client agent; assigning, by a graphics manager executed by the processor of the computing device, a secure section of a memory of a graphics processing unit of the computing device to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent having a different level of access than the non-trusted virtual machine; rendering, by the graphics manager, graphical data generated by the client agent to the secure section of the memory of the graphics processing unit; receiving, by the graphics manager, a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit; preventing, by the graphics manager, the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit; establishing, by the control virtual machine, a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device; receiving, by the client agent, via the secure communications channel, a message from the non-trusted virtual machine, the message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein only the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data; gathering, by the client agent, the at least one of security credentials and access credentials from the user in a secure trusted environment; and establishing, by the client agent, a connection with the remote computing device with the received network address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a system for securing information using a hypervisor-trusted client, comprising:
-
a remote computing device; and a local computing device comprising; a graphics processing unit comprising a memory, and a processor executing a graphics manager and a hypervisor hosting a non-trusted virtual machine and a control virtual machine; wherein the hypervisor is configured to; execute the control virtual machine; and direct input data from the user to the client agent, responsive to a window of the client agent having focus; wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine; wherein the control virtual machine is configured to; launch a client agent, responsive to receiving a request by a user of the non-trusted virtual machine to establish a connection to the remote computing device, the client agent authorized to access the remote computing device; and establish a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device; wherein the graphics manager is configured to; assign a secure section of the memory of the graphics processing unit to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent given a different level of access than the non-trusted virtual machine, render graphical data generated by the client agent to the secure section of the memory of the graphics processing unit, receive a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit, prevent the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit, and return, in response to preventing the non-trusted virtual machine from reading the client agent, data stored in another section of the memory of the graphics processing unit accessible by the non-trusted virtual machine, wherein the client agent is configured to receive, via a secure communications channel, a message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein at least one of the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data, gather, from the user in a trusted virtual machine, the at least one of security credentials and access credentials in a secure trusted environment, and establish a connection with the remote computing device with the received network address. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification