Unlock instant, AI-driven research and patent intelligence for your innovation.

Virtual Machine Monitor Measurement Agent

A technology of virtual machine monitor and measurement value, applied in the field of authorization and authentication for accessing security services, which can solve the problems of trusted applications failing to authenticate client applications, malicious application masquerading, and DRM trusted applications failing to detect security attacks.

Active Publication Date: 2021-09-14
HUAWEI TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] A security issue arises in the above use case: a malicious application may masquerade as a media player
DRM trusted applications cannot detect security attacks and may provide requested security services to malicious applications
In general, trusted applications cannot authenticate client applications and therefore may provide sensitive information to unauthorized client applications

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual Machine Monitor Measurement Agent
  • Virtual Machine Monitor Measurement Agent
  • Virtual Machine Monitor Measurement Agent

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] figure 1 A block diagram of an exemplary computing device 100 incorporating aspects of the disclosed embodiments is shown. The exemplary computing device 100 includes a processor 210 and memory 212 for providing a secure execution environment (SEE) 112 and a rich execution environment (REE), as described further below. 230. The term “secure execution environment” (SEE) 112 is used herein to refer generally to a computing environment for ensuring the confidentiality and integrity of computer program code and data being executed or stored within the SEE 112 .

[0030] The integrity and security of the SEE 112 can be improved by reducing the amount of program code and functionality provided by the SEE 112 . Accordingly, a modestly secure SEE 112 fails to provide the rich computing experience expected by users of computing devices. To support this desirable rich computing experience, the computing device 100 is configured to provide a rich execution environment 230 that ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An apparatus is provided that includes a processor and a memory for providing a SEE and a REE. The processor is configured to provide: a client application for executing at a user privilege level, and a virtual machine monitor for executing at a virtual machine monitor privilege level. The user permission level is more restrictive than the virtual machine monitor permission level. The processor is also configured to provide a trusted application for execution within the SEE. The trusted application provides security services to the client application. The processor is configured to: send a security service request from the client application to the trusted application; send a measurement request to the virtual machine monitor; generating a measurement; returning the measurement to the trusted application; and determining whether the client application is authorized to access the secure service. The authorization determination is based on the measured value.

Description

technical field [0001] Aspects of the invention relate generally to software security, and more particularly to authorization and authentication of access to secure services. Background technique [0002] Modern computing devices, particularly those used in mobile communication devices, increasingly rely on digital security to protect sensitive and valuable digital information. Ideally, safety-critical software programs should be executed in a secure execution environment, such as a hardware-based trusted execution environment. A secure execution environment is preferably an isolated computing space where cryptographically secure resources such as cryptographic keys, sensitive data, and proprietary cryptographic algorithms can be safely used. Isolation ensures that only authorized entities, processes, objects, etc. can access protected security services and secure resources. [0003] To improve security, it is necessary to restrict the secure execution environment to a sma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/44G06F21/57G06F21/74
CPCG06F21/44G06F21/57G06F21/74G06F21/126G06F21/602
Inventor 桑泊·索维欧马蒂·塔卡拉瓦伦丁·马尼亚帕尔韦兹·沙克吴黎明
Owner HUAWEI TECH CO LTD