Method and system for isolating computing environment

A computing environment and trusted computing technology, applied in computing, computer security devices, protection of internal/peripheral computer components, etc., can solve problems such as inability to apply application software

Inactive Publication Date: 2012-03-14
EMC CORP
View PDF3 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these IO disabling methods cannot be applied to application software because application softwa

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for isolating computing environment
  • Method and system for isolating computing environment
  • Method and system for isolating computing environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] Firstly, the computing environment according to the present invention is introduced. The computing environment according to the present invention generally includes computing hardware with an open architecture (such as but not limited to, Intel X86 architecture) and a software stack.

[0053] Generally, the hardware architecture includes a Trusted Platform Module (TPM), a Program Control Unit (PCU), a Memory Management Unit (MMU) and an Input / Output Memory Management Unit (IOMMU).

[0054] When starting the software stack of the computing platform, the trusted platform module can measure the Root Trusted Computing Base (RTCB, Root Trusted Computing Base), and store the measurement result in the trusted platform module for future verification. The method and device for measuring, storing and verifying the RTCB by the trusted platform module are common techniques in the art and will not be described here. See, eg, US Patent Application filed by the present applicant (Atto...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for isolating and protecting a computing environment in a protected process by using root trusted computing base (RTCB), which comprises an initialized protected process; controlling the dynamic computing environment in a protected process to prevent the dynamic computing environment from being used illegally; monitoring the use of a memory management unit (MMU) and isolating and protecting the memory space in a protected process; and monitoring the use of an input/output memory management unit (IOMMU), and controlling the interaction operation conducted by peripheral equipment with the protected process through the IOMMU. When the method is used, other processes beyond a safe access policy collection of the protected process are prevented from accessing the memory space through the MMU or any input/output (IO) equipment from accessing the memory space according to the memory space distributed to the protected process when the protected process is run, and thus, real safe isolation can be formed.

Description

technical field [0001] The present invention relates to the field of security of computing environments, and more particularly, to methods and systems for isolating computing environments to protect software applications executing in the isolated computing environments. Background technique [0002] Currently, it is well known that a large amount of software codes and data in clear text are usually stored in a computing environment. To prevent compromise of execution integrity and / or data confidentiality from any unauthorized access, some software code and data need to be run in an isolated secure computing environment. Strong isolation is an important security requirement for a backup device service configuration platform, such as a server in cloud computing. [0003] A virtual machine (VM) has been widely used as an isolation platform, and security isolation is provided through the natural separation between various virtual machines in the application. In Amazon Web Serv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/79
Inventor 毛文波杨子夜张京城陈海波张逢喆臧斌宇
Owner EMC CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap