Attestation protocol for securely booting a guest operating system

摘要

In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.

主权项

1. A method comprising:
receiving at a boot server device a first image file of a virtual machine (VM) from an external device, the first image file of the VM including a guest operating system (OS) to be booted; disabling a connection between the boot server device and the external device; booting the guest OS on the boot server device as a booted guest OS; saving a second image file of the VM, the second image file of the VM including the booted guest OS; restoring the connection between the boot server device and the external device, including employing an attestation protocol to attest to a particular software configuration of the boot server device by providing a second address for a network interface of the boot server device; and providing the second image file to the external device.