Methods and systems for securing sensitive information using a hypervisor-trusted client

US 9,804,866 B2
Filed: 12/14/2010
Issued: 10/31/2017
Est. Priority Date: 12/14/2009
Status: Active Grant

First Claim

Patent Images

1. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a method for securing information using a hypervisor-trusted client, comprising:

executing, by a hypervisor, a control virtual machine;

requesting, by a user of a non-trusted virtual machine executed by a processor of a computing device, to establish a connection to a remote computing device, wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine;

launching, by the control virtual machine executed by the processor of the computing device, a client agent, responsive to the request, the client agent authorized to access the remote computing device, wherein launching the client agent comprises creating an instance of the client agent;

assigning, by a graphics manager executed by the processor of the computing device, a secure section of a memory of a graphics processing unit of the computing device to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent having a different level of access than the non-trusted virtual machine;

rendering, by the graphics manager, graphical data generated by the client agent to the secure section of the memory of the graphics processing unit;

receiving, by the graphics manager, a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit;

preventing, by the graphics manager, the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit;

establishing, by the control virtual machine, a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device;

receiving, by the client agent, via the secure communications channel, a message from the non-trusted virtual machine, the message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein only the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data;

gathering, by the client agent, the at least one of security credentials and access credentials from the user in a secure trusted environment; and

establishing, by the client agent, a connection with the remote computing device with the received network address.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine requests to establish a connection to a remote computing device. Responsive to the request, a control virtual machine launches a client agent. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

Citations

17 Claims

1. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a method for securing information using a hypervisor-trusted client, comprising:
- executing, by a hypervisor, a control virtual machine;
  
  requesting, by a user of a non-trusted virtual machine executed by a processor of a computing device, to establish a connection to a remote computing device, wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine;
  
  launching, by the control virtual machine executed by the processor of the computing device, a client agent, responsive to the request, the client agent authorized to access the remote computing device, wherein launching the client agent comprises creating an instance of the client agent;
  
  assigning, by a graphics manager executed by the processor of the computing device, a secure section of a memory of a graphics processing unit of the computing device to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent having a different level of access than the non-trusted virtual machine;
  
  rendering, by the graphics manager, graphical data generated by the client agent to the secure section of the memory of the graphics processing unit;
  
  receiving, by the graphics manager, a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit;
  
  preventing, by the graphics manager, the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit;
  
  establishing, by the control virtual machine, a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device;
  
  receiving, by the client agent, via the secure communications channel, a message from the non-trusted virtual machine, the message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein only the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data;
  
  gathering, by the client agent, the at least one of security credentials and access credentials from the user in a secure trusted environment; and
  
  establishing, by the client agent, a connection with the remote computing device with the received network address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising receiving, by the client agent via a communications channel established between the non-trusted virtual machine and the control virtual machine, network address information to establish the connection to the remote computing device.
  - 3. The method of claim 1, wherein the input data comprises login credentials for the remote computing device.
  - 4. The method of claim 1, further comprising receiving, by the client agent from the non-trusted virtual machine, an identification that the window generated by the client agent is being given focus.
  - 5. The method of claim 1, further comprising preventing, by the hypervisor, the non-trusted virtual machine from accessing the input data while the window of the client agent has focus.
  - 6. The method of claim 1, further comprising directing, by the hypervisor, input data from the user to the non-trusted virtual machine, responsive to the window of the client agent no longer having focus.
  - 7. The method of claim 1, comprising locking, by the control virtual machine, the secure section of the memory to exclude a third virtual machine from reading or writing to the memory region, wherein the secure section of the memory is only accessible by the control virtual machine and the non-trusted virtual machine.
  - 8. The method of claim 1, comprising:
    - identifying, by the control virtual machine, the levels of access based on one or more security policies.
  - 9. The method of claim 8, comprising:
    - querying, by the control virtual machine, the one or more security policies using at least one of a serial number of the computing device or a device type of the computing device.

10. In a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine, a system for securing information using a hypervisor-trusted client, comprising:
- a remote computing device; and
  
  a local computing device comprising;
  
  a graphics processing unit comprising a memory, anda processor executing a graphics manager and a hypervisor hosting a non-trusted virtual machine and a control virtual machine;
  
  wherein the hypervisor is configured to;
  
  execute the control virtual machine; and
  
  direct input data from the user to the client agent, responsive to a window of the client agent having focus;
  
  wherein the non-trusted virtual machine is identified as non-trusted and not authorized to access the remote computing device based on an analysis of at least one of security credentials and access credentials of the non-trusted virtual machine;
  
  wherein the control virtual machine is configured to;
  
  launch a client agent, responsive to receiving a request by a user of the non-trusted virtual machine to establish a connection to the remote computing device, the client agent authorized to access the remote computing device; and
  
  establish a secure communications channel between the non-trusted virtual machine and the control virtual machine that is a private communications channel only accessible by the non-trusted virtual machine and the control virtual machine, the secure communications channel established by locking a shared memory region that is only accessible by the non-trusted virtual machine and the control virtual machine, wherein the non-trusted virtual machine and the control virtual machine have a different level of access to the computing device;
  
  wherein the graphics manager is configured to;
  
  assign a secure section of the memory of the graphics processing unit to the client agent by portioning a segment of the memory of the graphics processing unit for access by the non-trusted virtual machine via the client agent, the client agent given a different level of access than the non-trusted virtual machine,render graphical data generated by the client agent to the secure section of the memory of the graphics processing unit,receive a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit,prevent the non-trusted virtual machine from reading the client agent rendered graphics stored in the secure section of the memory of the graphics processing unit, andreturn, in response to preventing the non-trusted virtual machine from reading the client agent, data stored in another section of the memory of the graphics processing unit accessible by the non-trusted virtual machine,wherein the client agent is configured to receive, via a secure communications channel, a message comprising encrypted data including a network address of the remote computing device from the non-trusted virtual machine, wherein at least one of the non-trusted virtual machine and the control virtual machine can decrypt the encrypted data, gather, from the user in a trusted virtual machine, the at least one of security credentials and access credentials in a secure trusted environment, and establish a connection with the remote computing device with the received network address.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the graphics manager is further configured to:
    - receive a request from the non-trusted virtual machine to read graphics rendered from the client agent graphical data and stored in the secure section of the memory of the graphics processing unit, andprevent the non-trusted virtual machine from reading the client agent rendered graphics stored in the memory of the secure section of the graphics processing unit.
  - 12. The system of claim 10, wherein the client agent is configured to:
    - receive, via a communications channel established between the non-trusted virtual machine and the control virtual machine, network address information to establish the connection to the remote computing device.
  - 13. The system of claim 10, wherein the input data comprises login credentials for the remote computing device.
  - 14. The system of claim 10, wherein the client agent is configured to receive, from the non-trusted virtual machine, an identification that the window generated by the client agent is being given focus.
  - 15. The system of claim 10, wherein the hypervisor is configured to prevent the non-trusted virtual machine from accessing the input data while the window of the client agent has focus.
  - 16. The system of claim 10, wherein the hypervisor is configured to direct input data from the user to the non-trusted virtual machine, responsive to the window of the client agent no longer having focus.
  - 17. The system of claim 10, wherein the control virtual machine is configured to lock the secure section of the memory to exclude a third virtual machine from reading or writing to the secure section of memory, wherein the secure section of the memory is only accessible by the control virtual machine and the non-trusted virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Halls, David, Van Der Linden, Rob
Primary Examiner(s)
Nguyen, Vu
Assistant Examiner(s)
LEE, KWANG B

Application Number

US12/968,091
Publication Number

US 20110141124A1
Time in Patent Office

2,513 Days
Field of Search

345522
US Class Current
CPC Class Codes

G06F 2009/45575   Starting, stopping, suspend...

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/556   involving covert channels, ...

G06F 21/57   Certifying or maintaining t...

G06F 21/629   to features or functions of...

G06F 21/79   in semiconductor storage me...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/84   output devices, e.g. displa...

G06F 21/85   interconnection devices, e....

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2107   File encryption

G06F 2221/2115   Third party

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2147   Locking files

G06F 2221/2149   Restricted operating enviro...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558 : Hypervisor-specific managem...

H04L 63/20 : for managing network securi...

View All

Methods and systems for securing sensitive information using a hypervisor-trusted client

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for securing sensitive information using a hypervisor-trusted client

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links