Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020197810 - VERIFIED ISOLATED RUN-TIME ENVIRONMENTS FOR ENHANCED SECURITY COMPUTATIONS WITHIN COMPUTE INSTANCES

Publication Number WO/2020/197810
Publication Date 01.10.2020
International Application No. PCT/US2020/022889
International Filing Date 16.03.2020
IPC
G06F 21/53 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
CPC
G06F 2009/45587
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
45533Hypervisors; Virtual machine monitors
45558Hypervisor-specific management and integration aspects
45587Isolation or security of virtual machine instances
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 2221/2149
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2149Restricted operating environment
G06F 9/45558
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
45533Hypervisors; Virtual machine monitors
45558Hypervisor-specific management and integration aspects
Applicants
  • AMAZON TECHNOLOGIES, INC. [US]/[US]
Inventors
  • LIGUORI, Anthony Nicholas
  • BRANDWINE, Eric Jason
  • WILSON, Matthew Shawn
Agents
  • KOWERT, Robert C.
Priority Data
16/368,74728.03.2019US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) VERIFIED ISOLATED RUN-TIME ENVIRONMENTS FOR ENHANCED SECURITY COMPUTATIONS WITHIN COMPUTE INSTANCES
(FR) ENVIRONNEMENTS D'EXÉCUTION ISOLÉS ET VÉRIFIÉS POUR DES CALCULS DE SÉCURITÉ AMÉLIORÉS DANS DES INSTANCES DE CALCUL
Abstract
(EN)
At a virtualization host, an isolated run-time environment is established within a compute instance. The configuration of the isolated run-time environment is analyzed by a security manager of the hypervisor of the host. After the analysis, computations are performed at the isolated run-time environment.
(FR)
Au niveau d'un hôte de virtualisation, un environnement d'exécution isolé est établi dans une instance de calcul. La configuration de l'environnement d'exécution isolé est analysée par un gestionnaire de sécurité de l'hyperviseur de l'hôte. Après l'analyse, des calculs sont effectués dans l'environnement d'exécution isolé.
Also published as
Latest bibliographic data on file with the International Bureau