Enabling a Secure Environment Through Operating System Switching

摘要

Described systems and methods allow a host system, such as a computer or a smartphone, to enable a secure environment, which can be used to carry out secure communications with a remote service provider, for applications such as online banking, e-commerce, private messaging, and online gaming, among others. A hypervisor oversees a switch between an insecure environment and the secure environment, in response to a user input, or in response to an event such as receiving a telephone call. Switching from the insecure to the secure environment comprises transitioning the insecure environment to a sleeping state and loading the secure environment from a memory image (snapshot) saved to disk, after checking the integrity of the snapshot. Switching from the secure to the insecure environment comprises transitioning the secure environment into a sleeping state and waking up the insecure environment.

主权项

1. A host system comprising at least one processor configured to execute a hypervisor, the hypervisor configured to expose a client virtual machine (VM) and a secure VM, the client VM and secure VM executing alternately on the host system, wherein:
the client VM is configured to execute a VM switch application, the VM switch application configured, in response to detecting a trigger event indicative of a risk to a user's data security, to instruct an operating system of the client VM to perform a wake-to-sleep transition, the wake-to-sleep transition configured to transform the client VM from a state in which a peripheral device used by the client VM is in a high-powered condition to a state in which the peripheral device is in a low-powered condition; and the hypervisor is further configured to switch execution to the secure VM, wherein switching execution to the secure VM comprises:
loading a pre-determined core VM snapshot into memory, the core VM snapshot being determined by initializing an operating system of the secure VM while hiding the peripheral device from the operating system of the secure VM;in response to intercepting an event indicative of the wake-to-sleep transition, executing the core VM snapshot to launch the secure VM; andin response to launching the secure VM, revealing the peripheral device to the operating system of the secure VM.