TECHNOLOGIES FOR IMPLEMENTING MUTUALLY DISTRUSTING DOMAINS
First Claim
1. A platform for cloud computing, comprising:
- one or more processors to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients;
a shared virtual machine manager (sVMM) operated by the one or more processors to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted; and
a cryptographic engine (CE) coupled with the one or more processors to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for providing shared immutable code among untrusting domains are provided. The untrusting domains may be cryptographically separated within a cloud computing service or environment. The shared immutable code may be a shared virtual machine monitor (sVMM) that is setup by system software to indicate that the sVMM code pages need integrity alone and should be protected with an integrity key associated with individual domains. This indication may be stored in page tables and carried over the memory bus to a cryptographic engine. The cryptographic engine may use this indication to protect the integrity of data before storing the data to memory. In order to ensure cryptographic isolation, integrity values may be generated using a domain-specific key ensuring that an attempt to modify the code by one domain is detected by a different domain. Other embodiments are described herein and claimed.
-
Citations
24 Claims
-
1. A platform for cloud computing, comprising:
-
one or more processors to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients; a shared virtual machine manager (sVMM) operated by the one or more processors to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted; and a cryptographic engine (CE) coupled with the one or more processors to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more computer-readable storage media (CRSM) including program code, which when execute by one or more processors, causes a computer system to:
-
host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients; operate a shared virtual machine manager (sVMM) to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the untrusting domains, but not encrypted; and operate a cryptographic engine (CE) to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer-implemented method for sharing shared immutable code among a plurality of mutually untrusting domains, the method comprising:
-
obtaining, by a cryptographic engine (CE), a request from a requesting domain of the plurality of mutually untrusting domains, the request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of the requesting domain; issuing, by the CE when the request is a read request indicating a requested memory location from which to read data, a read command to a requested memory location and a read command to another memory location including a first Message Authentication Code (MAC) for the requested memory location; generating, by the CE, a second MAC using a domain key associated with the DID; sending, by the CE, data read from the requested memory location to the requesting domain when the first MAC matches the second MAC; and issuing, by the CE, a security exception to the one or more processors when the first MAC does not match the second MAC. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification