TECHNOLOGIES FOR IMPLEMENTING MUTUALLY DISTRUSTING DOMAINS

US 20190103976A1
Filed: 09/29/2017
Published: 04/04/2019
Est. Priority Date: 09/29/2017
Status: Active Grant

First Claim

Patent Images

1. A platform for cloud computing, comprising:

one or more processors to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients;

a shared virtual machine manager (sVMM) operated by the one or more processors to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted; and

a cryptographic engine (CE) coupled with the one or more processors to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for providing shared immutable code among untrusting domains are provided. The untrusting domains may be cryptographically separated within a cloud computing service or environment. The shared immutable code may be a shared virtual machine monitor (sVMM) that is setup by system software to indicate that the sVMM code pages need integrity alone and should be protected with an integrity key associated with individual domains. This indication may be stored in page tables and carried over the memory bus to a cryptographic engine. The cryptographic engine may use this indication to protect the integrity of data before storing the data to memory. In order to ensure cryptographic isolation, integrity values may be generated using a domain-specific key ensuring that an attempt to modify the code by one domain is detected by a different domain. Other embodiments are described herein and claimed.

Citations

24 Claims

1. A platform for cloud computing, comprising:
- one or more processors to host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients;
  
  a shared virtual machine manager (sVMM) operated by the one or more processors to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted; and
  
  a cryptographic engine (CE) coupled with the one or more processors to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The platform of claim 1, wherein, to provide integrity protection services, the CE is to:
    - obtain a request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of a requesting domain of the plurality of mutually untrusting domain that issued the request;
      
      when the request is a read request indicating a requested memory location from which to read data, issue a read command to the requested memory location and a read command to another memory location including a first Message Authentication Code (MAC) for the requested memory location;
      
      generate a second MAC using an integrity key associated with the DID;
      
      send data read from the requested memory location to the one or more processors when the first MAC matches the second MAC; and
      
      issue a security exception to the one or more processors when the first MAC does not match the second MAC.
  - 3. The platform of claim 2, wherein the CE comprises:
    - a key table to store a plurality of domain keys comprising the integrity keys and a plurality of encryption keys in association with corresponding DIDs of a plurality of DIDs, wherein individual DIDs of the plurality of DIDs are associated with the individual domains; and
      
      a cryptographic (crypto-)pipeline to encrypt and decrypt, using a corresponding ones of the plurality of encryption keys, domain-specific data associated with the individual domains,wherein the CE is to;
      
      decrypt, using an encryption key of the plurality of encryption keys associated with the requesting domain, the data read from the requested memory location before the data is sent to the requesting domain, andgenerate the second MAC using the integrity key associated with the requesting domain.
  - 4. The platform of claim 3, wherein, when the request is a write request indicating another requested memory location in which to write data, the CE is to:
    - encrypt, using the encryption key associated with the requesting domain, the requested data via the crypto-pipeline and using a DID of the plurality of DIDs associated with an entity that issued the request; and
      
      issue a write command to write the encrypted data to the other requested memory location.
  - 5. The platform of claim 3, wherein the CE is to:
    - perform a lookup operation on the key table using the I-bit or the DID to obtain the integrity key of the requesting domain.
  - 6. The platform of claim 2, wherein the data read from the requested memory location includes program code for the sVMM, and wherein the other memory location including the first MAC is within a reserved memory area associated with the domain.
  - 7. The platform of claim 6, wherein a portion of the DID comprises a physical address space of a physical memory associated the reserved memory area.
  - 8. The platform of claim 6, wherein the program code of the sVMM is mapped to a page table entry that contains the I-bit.
  - 9. The platform of claim 2, further comprising:
    - one or more processor cores comprising the one or more processors;
      
      data access circuitry to provide the request to the CE, wherein the data access circuitry is to obtain the request from the one or more processors;
      
      a memory controller to obtain the read command and the other read command from the CE, and provide, to the CE, the data and the first MAC of the requested memory location and the other memory location, respectively, and wherein the memory controller is communicatively coupled with the CE via a memory bus.
  - 10. The platform of claim 9, wherein:
    - the data access circuitry is implemented by microprocessor circuitry, image processing unit (IPU) circuitry, or display engine circuitry;
      
      the CE is implemented by the microprocessor circuitry or other microprocessor circuitry; and
      
      the one or more processor cores, the data access circuitry, and the CE are communicatively coupled to one another via an in-die interconnect (IDI).

11. One or more computer-readable storage media (CRSM) including program code, which when execute by one or more processors, causes a computer system to:
- host a plurality of virtual machines (VMs), wherein individual VMs of the plurality of VMs are arranged into a plurality of mutually untrusting domains associated with individual cloud computing clients individual cloud computing clients of a plurality of cloud computing clients;
  
  operate a shared virtual machine manager (sVMM) to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the untrusting domains, but not encrypted; and
  
  operate a cryptographic engine (CE) to provide separated encryption services for the plurality of mutually untrusting domains, and provide integrity protection services for individual ones of the plurality of mutually untrusting domains when accessing the sVMM.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The one or more CRSM of claim 11, wherein, to provide integrity protection services, the program code, when executed, is to cause the computer system to:
    - obtain a request from a requesting domain of the plurality of mutually untrusting domains, the request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of the requesting domain;
      
      when the request is a read request indicating a requested memory location from which to read data, issue a read command to the requested memory location and a read command to another memory location including a first Message Authentication Code (MAC) for the requested memory location;
      
      generate a second MAC using a domain key associated with the DID;
      
      send data read from the requested memory location to the requesting domain when the first MAC matches the second MAC; and
      
      issue a security exception to the one or more processors when the first MAC does not match the second MAC.
  - 13. The one or more CRSM of claim 12, wherein the program code, when executed, is to cause the computer system to operate the CE to:
    - perform a lookup operation on a key table to obtain the domain key associated with the DID associated with the requesting domain; and
      
      perform one or more stages of a cryptographic pipeline to generate the second MAC using the domain key or another domain key associated with the DID of the requesting domain.
  - 14. The one or more CRSM of claim 13, wherein, when the request is a write request indicating another requested memory location in which to write data, the program code, when executed, is to cause the computer system to operate the CE to:
    - perform a lookup operation on the key table using at least the DID of the requesting domain to obtain the encryption key associated with the requesting domain;
      
      perform one or more stages of a cryptographic pipeline to encrypt the requested data and use a DID of the plurality of DIDs associated with an entity that issued the request; and
      
      control writing of the encrypted data to the other requested memory location.
  - 15. The one or more CRSM of claim 13, wherein the program code, when executed, is to cause the computer system to operate the CE to:
    - perform a lookup operation on the key table using at least the DID of the requesting domain to obtain the encryption key associated with the requesting domain; and
      
      perform one or more stages of a cryptographic pipeline to decrypt, using the obtained encryption key, the data read from the requested memory location before the data is sent to the requesting domain.
  - 16. The one or more CRSM of claim 14, wherein the data read from the requested memory location includes program code for the sVMM, and wherein the other memory location including the first MAC is within a reserved memory area associated with the requesting domain.
  - 17. The one or more CRSM of claim 16, wherein a portion of the DID comprises a physical address space of a physical memory associated the reserved memory area, and wherein the program code of the sVMM is mapped to a page table entry that contains the I-bit.

18. A computer-implemented method for sharing shared immutable code among a plurality of mutually untrusting domains, the method comprising:
- obtaining, by a cryptographic engine (CE), a request from a requesting domain of the plurality of mutually untrusting domains, the request comprising an immutable-bit (I-bit) along with a domain identifier (DID) of the requesting domain;
  
  issuing, by the CE when the request is a read request indicating a requested memory location from which to read data, a read command to a requested memory location and a read command to another memory location including a first Message Authentication Code (MAC) for the requested memory location;
  
  generating, by the CE, a second MAC using a domain key associated with the DID;
  
  sending, by the CE, data read from the requested memory location to the requesting domain when the first MAC matches the second MAC; and
  
  issuing, by the CE, a security exception to the one or more processors when the first MAC does not match the second MAC.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18, wherein the method comprises:
    - performing, by the CE, a lookup operation on a key table to obtain the domain key associated with the DID of the requesting domain; and
      
      performing, by the CE, one or more stages of a cryptographic pipeline to generate the second MAC using the domain key or another domain key associated with the DID of the requesting domain.
  - 20. The method of claim 19, wherein, when the request is a write request indicating another requested memory location in which to write data, the method comprises:
    - performing, by the CE, a lookup operation on the key table using at least the DID of the requesting domain to obtain the encryption key associated with the requesting domain;
      
      performing, by the CE, one or more stages of a cryptographic pipeline to encrypt the requested data and use a DID of the plurality of DIDs associated with an entity that issued the request; and
      
      writing, by the CE, the encrypted data to the other requested memory location.
  - 21. The method of claim 20, further comprising:
    - performing, by the CE, a lookup operation on the key table using at least the DID of the requesting domain to obtain the encryption key associated with the requesting domain; and
      
      performing, by the CE, one or more stages of a cryptographic pipeline to decrypt, using the obtained encryption key, the data read from the requested memory location before the data is sent to the requesting domain.
  - 22. The method of claim 18, further comprising:
    - tagging, by the CE, each memory access with the DID of the requesting domain.
  - 23. The method of claim 18, wherein one or more bits of the DID comprise a physical address space of a physical memory associated the reserved memory area, and wherein the program code of the shared immutable code is mapped to a page table entry that contains the I-bit.
  - 24. The method of claim 18, wherein:
    - a plurality of virtual machines (VMs) are hosted by a platform in which the CE is implemented, wherein individual VMs of the plurality of VMs are arranged into corresponding ones of the plurality of mutually untrusting domains, and wherein each of the mutually untrusting domains are associated with individual cloud computing clients of a plurality of cloud computing clients,the shared immutable code comprises a shared virtual machine manager (sVMM) to manage operations of the individual VMs of each domain of the plurality of mutually untrusting domains, wherein the sVMM is respectively integrity protected with integrity keys associated with individual domains of the plurality of mutually untrusting domains, but not encrypted, andthe data read from the requested memory location includes program code for the sVMM, and wherein the other memory location including the first MAC is within a reserved memory area associated with the requesting domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Chhabra, Siddhartha, Durham, David M.

Granted Patent

US 10,686,605 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1009   using page tables, e.g. pag...

G06F 12/1408   by using cryptography for d...

G06F 12/1425   the protection being physic...

G06F 12/1441   for a range

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2009/45595   Network integration; Enabli...

G06F 21/00   Security arrangements for p...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/74   operating in dual or compar...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2212/65   Details of virtual memory a...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3242   involving keyed hash functi...

TECHNOLOGIES FOR IMPLEMENTING MUTUALLY DISTRUSTING DOMAINS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNOLOGIES FOR IMPLEMENTING MUTUALLY DISTRUSTING DOMAINS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links