| 发明名称 |
Cryptographically verified repeatable virtualized computing |
| 摘要 |
A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria. |
| 申请公布号 |
US9294282(B1) |
申请公布日期 |
2016.03.22 |
| 申请号 |
US201313933040 |
申请日期 |
2013.07.01 |
| 申请人 |
Amazon Technologies, Inc. |
发明人 |
Potlapally Nachiketh Rao;Brandwine Eric Jason;Singh Deepak |
| 分类号 |
H04L29/06;H04L9/32 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A non-transitory computer readable storage medium storing one or more sequences of instructions for performing a repeatable computation, the instructions executed by one or more processors to:
receive, from a client, a request to perform the repeatable computation by a virtual machine provisioned for the client on a host computing device; identify checkpoints in the repeatable computation and execute the repeatable computation using the virtual machine; determine whether each checkpoint of the checkpoints in the repeatable computation has been reached to yield a determination, and based on the determination:
verify a state of a computing environment on the host computing device at a time of the checkpoint by using a trusted platform module on the host computing device;generate a hash measurement of a state of the repeatable computation at the time of the each checkpoint, wherein the state of the repeatable computation captures output of the repeatable computation running at the each checkpoint;cryptographically sign the hash measurement of the state of the repeatable computation at the time of the each checkpoint using a key embedded in the trusted platform module of the host computing device to yield a signed hash measurement; andrecord the signed hash measurement; and generate a cumulative hash measurement of the repeatable computation based on all of the hash measurements generated at the checkpoints. |
| 地址 |
Reno NV US |
