MY177609A - A system and method to secure virtual machine images in cloud computing - Google Patents

A system and method to secure virtual machine images in cloud computing

Info

Publication number
MY177609A
MY177609A MYPI2013004370A MYPI2013004370A MY177609A MY 177609 A MY177609 A MY 177609A MY PI2013004370 A MYPI2013004370 A MY PI2013004370A MY PI2013004370 A MYPI2013004370 A MY PI2013004370A MY 177609 A MY177609 A MY 177609A
Authority
MY
Malaysia
Prior art keywords
module
virtual machine
key
trusted platform
images
Prior art date
Application number
MYPI2013004370A
Inventor
Bhagyalaxmi Aakula
Abd Aziz Norazah
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Priority to MYPI2013004370A priority Critical patent/MY177609A/en
Priority to PCT/MY2014/000158 priority patent/WO2015084144A1/en
Publication of MY177609A publication Critical patent/MY177609A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The system (100) of the present invention to secure Virtual Machine images in cloud computing comprising at least one hypervisor with Integrity Measurement Architecture (IMA) (122) embedded with at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160); at least one Cloud Manager (CM) module (120) configured with serial communication function; at least one trusted storage server (170) storing modified Virtual Machine images with sealed key indexed by Virtual Machine Universally Unique Identifier (UUID); and at least one Serial Guest Control interface (130) embedded in kernel module configured with serial communication function and interface to said Cloud Manager (CM) module (120). The general methodology of the present invention comprises steps of configuring a server with at least one Cloud Manager (CM) module and at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160) by creating new Virtual Machines in the cloud (202); generating Trusted Platform Module (TPM) Key for Virtual Machine (206); installing and compiling Virtual Machines with new module containing encrypted static object of kernel module with said symmetric key (208); sealing said symmetric key of the Virtual Machine associated with Trusted Platform Module (TPM) with Virtual Machine Universally Unique Identifier (UUID) (210, 212); storing said sealed key and modified Virtual Machine images indexed with Virtual Machine Universally Unique Identifier (UUID) into a trusted storage server (214); and accessing said Virtual Machines by decrypting said static object of kernel module using stored unseal symmetric key during booting process (216). The distinctiveness lies in the utilization of embedded new module comprising static object encryption module and built-in serial communication in the kernel of Virtual Machine (VM) images to provide a system and method to protect Virtual Machine (VM) images from running in different cloud providers.
MYPI2013004370A 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing MY177609A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing
PCT/MY2014/000158 WO2015084144A1 (en) 2013-12-04 2014-06-04 A system and method to secure virtual machine images in cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing

Publications (1)

Publication Number Publication Date
MY177609A true MY177609A (en) 2020-09-22

Family

ID=51703363

Family Applications (1)

Application Number Title Priority Date Filing Date
MYPI2013004370A MY177609A (en) 2013-12-04 2013-12-04 A system and method to secure virtual machine images in cloud computing

Country Status (2)

Country Link
MY (1) MY177609A (en)
WO (1) WO2015084144A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10339317B2 (en) * 2015-12-18 2019-07-02 Intel Corporation Computing devices
CN105718794B (en) * 2016-01-27 2018-06-05 华为技术有限公司 The method and system of safeguard protection are carried out to virtual machine based on VTPM
US10425229B2 (en) * 2016-02-12 2019-09-24 Microsoft Technology Licensing, Llc Secure provisioning of operating systems
US10303899B2 (en) * 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US11323259B2 (en) 2016-09-22 2022-05-03 Telefonaktiebolaget Lm Ericsson (Publ) Version control for trusted computing
CN109144667A (en) * 2018-08-03 2019-01-04 北京东软望海科技有限公司 A kind of virtual machine creation method and virtual machine creating device
US11144251B2 (en) 2018-10-17 2021-10-12 International Business Machines Corporation Providing a global unique identifier for a storage volume
CN110321709A (en) * 2019-07-01 2019-10-11 电子科技大学 Policy configuration management tool based on MILS
CN113285816B (en) * 2020-02-19 2022-10-28 华为技术有限公司 Control request sending method, device and system based on key value configuration
US11907375B2 (en) 2021-04-13 2024-02-20 Hewlett Packard Enterprise Development Lp System and method for signing and interlocking a boot information file to a host computing system
CN114462063B (en) * 2022-01-28 2025-08-08 苏州浪潮智能科技有限公司 A cloud host creation method, device, equipment and computer-readable storage medium
US12463808B2 (en) 2024-01-23 2025-11-04 Saudi Arabian Oil Company Machine learning encryption keys storage system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8151262B2 (en) * 2007-03-30 2012-04-03 Lenovo (Singapore) Pte. Ltd. System and method for reporting the trusted state of a virtual machine
US8539551B2 (en) 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
WO2011116459A1 (en) * 2010-03-25 2011-09-29 Enomaly Inc. System and method for secure cloud computing
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures

Also Published As

Publication number Publication date
WO2015084144A1 (en) 2015-06-11

Similar Documents

Publication Publication Date Title
MY177609A (en) A system and method to secure virtual machine images in cloud computing
US9536063B2 (en) Methods and apparatus for protecting software from unauthorized copying
EP3869332B1 (en) Roots-of-trust for measurement of virtual machines
Hunt et al. Confidential computing for OpenPOWER
US10686605B2 (en) Technologies for implementing mutually distrusting domains
US9189609B1 (en) Securing virtual machines with virtual volumes
US20140007087A1 (en) Virtual trusted platform module
Chen et al. Towards verifiable resource accounting for outsourced computation
CN107003866A (en) The safety establishment of encrypted virtual machine from encrypted template
US20160124751A1 (en) Access isolation for multi-operating system devices
CN107667350A (en) Virtualization-based Platform Protection Technology
CN103995732A (en) Virtual trusted platform module function implementation method and management equipment
US10243746B2 (en) Systems and methods for providing I/O state protections in a virtualized environment
US20240248742A1 (en) Initiating executable containers in trusted execution environments
CN103812862A (en) Dependable security cloud computing composition method
Wan et al. Building trust into cloud computing using virtualization of TPM
Jang et al. Securing a communication channel for the trusted execution environment
Yang et al. Designing and implementing live migration support for Arm-based confidential VMs
Nimgaonkar et al. Ctrust: A framework for secure and trustworthy application execution in cloud computing
CN114499867B (en) Trusted root management method, device, equipment and storage medium
Cheng et al. Sealed storage for trusted cloud computing
CN107579823A (en) A method and device for resetting a virtual machine login password
US12306932B2 (en) Attesting on-the-fly encrypted root disks for confidential virtual machines
Van't Hof New Container Architectures for Mobile, Drone, and Cloud Computing
Kuhne et al. Bringing Confidential Computing to Android