摘要 |
A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment is disclosed. The method comprises receiving, by a physical server, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit. The method further comprises assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server on a first core processing unit, dedicating physical portions of cache, memory, and disk storage to the first core processing unit; and executing the trusted process. The method further comprises receiving, by the physical server, a request to execute an untrusted process and assigning, by the trusted hypervisor, the execution of the untrusted process to a second virtual server on a second core processing unit, and restricting access to the trusted process. |
主权项 |
1. A method of establishing trusted operability between virtualized states of a Network Functions Virtualization (NFV) system providing a network service and operating in a virtual computing environment, comprising:
receiving, by a physical server operating in a virtual computing environment and associated with an NFV network, a request to execute a trusted process, wherein the physical server comprises a processor with at least one core processing unit; assigning, by a trusted hypervisor, the execution of the trusted process to a first virtual server, wherein the trusted hypervisor is executing on the physical server, is programmed to boot from a trusted state, and is configured to provide trusted operability using software assisted security; assigning, by the trusted hypervisor, the first virtual server to execute the trusted process on a first core processing unit; dedicating, by the trusted hypervisor, physical portions of cache, memory, and disk storage to the first core processing unit executing the trusted process; executing, by the first core processing unit, the trusted process; receiving, by the physical server operating in a virtual computing environment and associated with an NFV network, a request to execute an untrusted process; assigning, by the trusted hypervisor, the untrusted process to execute on a second virtual server, wherein the second virtual server is different than the first virtual server executing the trusted process; assigning, by the trusted hypervisor, the second virtual server to execute the untrusted process on a second core processing unit, wherein the second core processing unit is different than the first core processing unit that is executing the trusted process; executing the untrusted process on the second core processing unit; and restricting, by the trusted hypervisor, access to the trusted process executing on the first virtual server. |