Method and apparatus for on-demand isolated I/O channels for secure applications

US 10,235,515 B2
Filed: 05/15/2015
Issued: 03/19/2019
Est. Priority Date: 05/15/2014
Status: Active Grant

First Claim

Patent Images

1. A system for providing input/output channels to a secure application, comprising:

one or more processors;

one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and

memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having;

one or more untrusted operating systems;

a trusted computing base;

a trusted I/O kernel; and

a communications channel between said untrusted operating system and said trusted I/O kernel;

wherein a secure application is executed on top of the trusted I/O kernel;

wherein the untrusted operating system configures an I/O device for use by the secure application and releases the configured I/O device to the trusted I/O kernel;

wherein the trusted I/O kernel verifies the configuration of the released I/O device and assigns the I/O device to the secure application; and

wherein the trusted I/O kernel provides channel isolation between the secure application and the I/O device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform for on-demand I/O channels, which enable secure application to dynamically connect to diverse peripheral devices of untrusted commodity OSes.

Citations

17 Claims

1. A system for providing input/output channels to a secure application, comprising:
- one or more processors;
  
  one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and
  
  memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having;
  
  one or more untrusted operating systems;
  
  a trusted computing base;
  
  a trusted I/O kernel; and
  
  a communications channel between said untrusted operating system and said trusted I/O kernel;
  
  wherein a secure application is executed on top of the trusted I/O kernel;
  
  wherein the untrusted operating system configures an I/O device for use by the secure application and releases the configured I/O device to the trusted I/O kernel;
  
  wherein the trusted I/O kernel verifies the configuration of the released I/O device and assigns the I/O device to the secure application; and
  
  wherein the trusted I/O kernel provides channel isolation between the secure application and the I/O device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1 wherein said trusted computing base creates one or more isolated domains, each of said isolated domains comprising:
    - processor contents; and
      
      one or more regions of memory, said regions of memory being for the exclusive use of said isolated domain.
  - 3. The system of claim 2 wherein said trusted computing base partitions memory into a plurality of portions comprising:
    - a portion for the exclusive use of said trusted computing base;
      
      a portion for the exclusive use of said trusted input/output kernel and one or more secure applications; and
      
      a portion for the exclusive use of said one or more untrusted operating systems and one or more untrusted applications.
  - 4. The system of claim 3 wherein said trusted I/O kernel runs in a first isolated domain.
  - 5. The system of claim 4 wherein said secure application runs in a second isolated domain.
  - 6. The system of claim 3 wherein said trusted I/O kernel and said secure application run in the same isolated domain.
  - 7. The system of claim 4 wherein each of said one or more secure applications includes one or more device drivers and further wherein each of said one or more secured application has exclusive use of an I/O device associated with said device driver.
  - 8. The system of claim 7 wherein said trusted kernel decomposes said device drivers and exports portions of said device drivers to said secure applications for execution.
  - 9. The system of claim 8 wherein data transferred between said secure application and said I/O device cannot be intercepted or altered by said untrusted operating system, by other secure applications or by other I/O devices.
  - 10. The system of claim 1 wherein said trusted I/O kernel provides isolation of interrupts generated by I/O devices assigned to a secure application.
  - 11. The system of claim 2 wherein said trusted computing base performs the functions of:
    - creating an isolated domain;
      
      mapping a secure application to said isolated domain;
      
      mapping I/O device resources required by said secure application to said isolated domain; and
      
      transferring control to said trusted I/O kernel.
  - 12. The system of claim 1 further comprising a plug-in to said untrusted operating system, said plug-in performing the functions of configuring I/O devices for use by the trusted I/O kernel and releasing control of said I/O devices to said trusted I/O kernel.
  - 13. The system of claim 1 wherein said trusted computing base runs at a highest privilege level of said computing platform.
  - 14. The system of claim 2 wherein said trusted computing base relies on a trusted platform module to implement a security primitive.
  - 15. The system of claim 14 wherein said trusted computing base employs a plurality of security primitives, including:
    - controlling which of said isolated domains can access which memory regions;
      
      controlling which device can perform direct memory access operations to the memory of said isolated domain; and
      
      performing sealed storage and attestation root-of-trust.
  - 16. The system of claim 15 wherein said sealed storage allows binding of data with the identity of one or more isolated domains.
  - 17. The system of claim 15 where said attestation root-of-trust allows measurement of an identity of an isolated domain and reporting of the measured identity to a third party for verification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carnegie Mellon University
Original Assignee
Carnegie Mellon University
Inventors
Gligor, Virgil D, Zhou, Zongwei, Yu, Miao
Primary Examiner(s)
Chang, Kenneth W

Application Number

US15/129,548
Publication Number

US 20170177854A1
Time in Patent Office

1,404 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 9/45558   Hypervisor-specific managem...

Method and apparatus for on-demand isolated I/O channels for secure applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for on-demand isolated I/O channels for secure applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links