Securing service layer on third party hardware
First Claim
1. A computer-implemented method, comprising:
- adding one or more computer systems to a set of computer systems, the one or more computer systems controlled by one or more third parties to a computing resource service provider;
receiving a first application programming interface request from a customer of the computing resource service provider; and
fulfilling the first application programming interface request by at least;
selecting a target computer system from the set of computer systems, the target computer system selected based at least in part on the target computer system being operable to instantiate a secure execution environment, the target computer system selected from the one or more computer systems controlled by a third party of the one or more third parties;
sending a provisioning request to the target computer system, the provisioning request causing the target computer system to instantiate the secure execution environment on the target computer system by at least;
causing the target computer system to increase an available computer resource capacity based at least in part on the available computer resource capacity;
increasing the available computer resource capacity of the target computer system; and
causing the target computer system to instantiate an agent within the secure execution environment using a secure execution environment key; and
upon validating the secure execution environment using one or more first cryptographic measurements calculated by a processor of the target computer system, instantiating the application within the secure execution environment, the application providing one or more computer system resources.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.
114 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
adding one or more computer systems to a set of computer systems, the one or more computer systems controlled by one or more third parties to a computing resource service provider; receiving a first application programming interface request from a customer of the computing resource service provider; and fulfilling the first application programming interface request by at least; selecting a target computer system from the set of computer systems, the target computer system selected based at least in part on the target computer system being operable to instantiate a secure execution environment, the target computer system selected from the one or more computer systems controlled by a third party of the one or more third parties; sending a provisioning request to the target computer system, the provisioning request causing the target computer system to instantiate the secure execution environment on the target computer system by at least; causing the target computer system to increase an available computer resource capacity based at least in part on the available computer resource capacity; increasing the available computer resource capacity of the target computer system; and causing the target computer system to instantiate an agent within the secure execution environment using a secure execution environment key; and upon validating the secure execution environment using one or more first cryptographic measurements calculated by a processor of the target computer system, instantiating the application within the secure execution environment, the application providing one or more computer system resources. - View Dependent Claims (2, 3, 20)
-
-
4. A system, comprising:
at least one computing device including a hardware processor and instructions stored in memory that, as a result of being executed by the hardware processor, implements one or more services, wherein the one or more services; select a target computer system from a set of one or more computer systems operated by an entity distinct from a service provider, the target computer system selected based at least in part on the target computer system being operable to instantiate a secure execution environment; instantiate, within the secure execution environment, executable code associated with a computer system service, the computer system service provided by the service provider, the executable code, as a result of being executed, causes fulfillment of one or more service application programming interface requests associated with the computer system service; cause the target computer system to increase an amount of available computing resources accessible to the computer system service based at least in part on a set of available computing resources; increase the amount of available computing resources of the target computer system; and cause the target computer system to instantiate an agent within the secure execution environment using a secure execution environment key. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 19)
-
13. A non-transitory computer-readable storage medium having stored thereon a set of executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
select a target computer system based at least in part on the target computer system being operable to instantiate a secure execution environment; instantiate, within the secure execution environment, a subset of the set of executable instructions, the subset of the set of executable instructions associated with a service of the computer system, the service provided by a computing resource service provider; increase an amount of computing resources accessible to the service of the target computer system based at least in part after causing the target computer system to increase the amount of computing resources based at least in part on an available computer resource capacity; cause the target computer system to instantiate an agent within the secure execution environment using a secure execution environment key; and execute one or more instructions of the subset of the set of executable instructions that, as a result of being executed within the secure execution environment, cause the target computer system to perform a set of operations that include at least a partial fulfillment of an application programming interface request associated with the service, the target computer system operated by a third party distinct from the computing resource service provider. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification