| 摘要 |
Technologies related to quorum-based Virtual Machine (VM) security are generally described. In some examples, VM data, such as a VM payload or other VM data, may be quorum-encrypted, such that a quorum of decryption keys may be used to decrypt the data. Decryption keys may be distributed among multiple VMs, with different decryption keys provided to different VMs, so that single VMs may not decrypt the VM data without decryption keys held by other VMs. To decrypt its data, a VM may assemble a quorum of decryption keys by requesting decryption keys held by other operational VMs, and the VM may then decrypt its data using the assembled quorum of decryption keys. The VM may be prevented from decrypting its data without a sufficient quorum of other operational VMs. |
| 主权项 |
1. A method to secure data for a virtual machine in a data center, comprising:
generating, by a security system in the data center, a set of decryption keys; quorum-encrypting, by the security system, data for the virtual machine using the set of decryption keys, such that a number of decryption keys within the set of decryption keys is needed to decrypt quorum-encrypted data for the virtual machine, wherein the number of decryption keys comprises more than one decryption key; distributing, by the security system, decryption keys of the set of decryption keys to a plurality of virtual machines in the data center, wherein:
the virtual machine and each individual virtual machine of the plurality of virtual machines individually receive insufficient decryption keys to individually decrypt the quorum-encrypted data for the virtual machine; andthe virtual machine and the plurality of virtual machines together receive sufficient decryption keys to decrypt the quorum-encrypted data for the virtual machine; and assembling, by the virtual machine, a quorum of decryption keys to decrypt the quorum-encrypted data for the virtual machine, wherein assembling the quorum of decryption keys comprises:
requesting decryption keys from the plurality of virtual machines; andreceiving decryption keys from operational virtual machines among the plurality of virtual machines;wherein the quorum-encrypted data for the virtual machine may be decrypted when at least the quorum of decryption keys is received from operational virtual machines in the data center, and wherein the quorum-encrypted data for the virtual machine may not be decrypted when the quorum of decryption keys is not received from operational virtual machines in the data center. |
