Hypervisor enforcement of cryptographic policy
First Claim
Patent Images
1. A computer-implemented method, comprising:
- collecting a plurality of execution traces, each execution trace comprising one or more items of information corresponding to execution of a computer executable instruction executed on a virtual machine;
grouping one or more of the plurality of execution traces into a set of groups of execution traces based at least in part on identifying a set of instructions that is executed in a consistent pattern;
selecting a subset of the set of groups of execution traces based at least in part on one or more data elements shared in common between one or more members of the subset of the set of groups;
computing one or more scores based at least in part on comparing a first set of execution traces comprising the execution traces contained in one or more of the groups of execution traces in the subset of the set of groups against a second set of execution traces comprised of one or more execution traces in a reference algorithm, the one or more scores based at least in part on one or more similarity measurements between the first set of execution traces and the second set of execution traces, the one or more scores indicating whether the first set of execution traces includes at least a portion of an implementation of an algorithm;
making a determination whether the first set of execution traces matches the algorithm based at least in part on the one or more scores; and
causing the virtual machine to perform one or more actions based at least in part on the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions. If the first set is similar to the reference set, and if the execution of the algorithm corresponding to the reference set is restricted by one or more computer system polices, one or more operations limiting the execution of the restricted algorithm are performed, thus ensuring conformance with the computer system policies.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
collecting a plurality of execution traces, each execution trace comprising one or more items of information corresponding to execution of a computer executable instruction executed on a virtual machine; grouping one or more of the plurality of execution traces into a set of groups of execution traces based at least in part on identifying a set of instructions that is executed in a consistent pattern; selecting a subset of the set of groups of execution traces based at least in part on one or more data elements shared in common between one or more members of the subset of the set of groups; computing one or more scores based at least in part on comparing a first set of execution traces comprising the execution traces contained in one or more of the groups of execution traces in the subset of the set of groups against a second set of execution traces comprised of one or more execution traces in a reference algorithm, the one or more scores based at least in part on one or more similarity measurements between the first set of execution traces and the second set of execution traces, the one or more scores indicating whether the first set of execution traces includes at least a portion of an implementation of an algorithm; making a determination whether the first set of execution traces matches the algorithm based at least in part on the one or more scores; and causing the virtual machine to perform one or more actions based at least in part on the determination. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
at least one computing device configured to implement one or more services, the one or more services configured to; obtain a first representation of a first subset of execution traces, the first subset of execution traces comprising execution traces selected, based at least in part on one or more common data elements shared between execution traces, from a set of execution traces comprising samples of execution of a computer executable instruction executed on a virtual machine, the set of execution traces grouped together based at least in part on identifying a set of instructions that are executed in a consistent pattern; make a determination, based at least in part on comparing the first representation to a second representation of a second subset of execution traces, the second subset of execution traces comprising execution traces selected from a set of execution traces comprising traces of execution of a reference algorithm implementation, whether one or more of the first subset of execution traces includes at least a portion of an implementation of an algorithm; and cause the virtual machine to perform one or more actions based at least in part on the determination. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
-
obtain a first subset of execution traces from an application, the first subset of execution traces comprising execution traces selected from a set of execution traces comprising samples of execution of a computer executable instruction from the application executed on a machine, the set of execution traces grouped together based at least in part on identifying a set of instructions that are executed in a consistent pattern; compare the first subset of execution traces to a second subset of execution traces comprising execution traces selected from a set of execution traces comprising samples of execution of an implementation of an algorithm to make a determination whether the first subset of execution traces includes at least a portion of the implementation of the algorithm; and cause the machine to perform one or more actions based at least in part on the determination. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification