| 发明名称 | Validating machine images | ||
| 摘要 | In a resource-on-demand environment, virtual machine images are validated before use. A provider or source of a virtual machine image may generate a manifest, indicating executable components of the machine image. Before use, a created virtual machine may compare its executable components with those specified by the manifest. To ensure authenticity, the manifest may be associated with a signature, and the virtual machine may use the signature to verify the manifest and the source of the machine image. | ||
| 申请公布号 | US9009840(B1) | 申请公布日期 | 2015.04.14 |
| 申请号 | US201213356497 | 申请日期 | 2012.01.23 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Stickle Thomas C. |
| 分类号 | G06F7/04;G06F21/12;G06F21/50;G06F21/53;G06F21/10 | 主分类号 | G06F7/04 |
| 代理机构 | Lee & Haynes, PLLC | 代理人 | Lee & Haynes, PLLC |
| 主权项 | 1. A resource provider, comprising: a plurality of stored machine images; source manifests corresponding respectively to the stored machine images, wherein each source manifest indicates executable components of the corresponding stored machine image; verifiable signatures corresponding respectively to the source manifests; one or more processors configured to perform actions comprising: receiving, using a application programming interface, a plurality of machine images;storing the plurality of machine images as the plurality of stored machine images;using a specified one of the stored machine images, creating a virtual machine associated with the specified one of the stored machine images;installing an inventory module to execute on the virtual machine associated with the specified one of the stored machine images;executing the inventory module in conjunction with a startup or booting of the virtual machine associated with the specified one of the stored machine images;generating, by the inventory module, a source manifest corresponding to the specified one of the stored machine images;signing the source manifest corresponding to the specified one of the stored machine images to generate a verifiable signature;receiving a request to create a virtual machine based at least in part on the specified one of the stored machine images;inventorying, by the inventory module, the specified one of the stored machine images to identify executable components of the specified one of the stored machine images; andvalidating the specified one of the stored machine images by (a) verifying the signature of the source manifest corresponding to the specified one of the stored machine images and (b) comparing the identified executable components of the specified one of the stored machine images with the source manifest corresponding to the specified one of the stored machine images. | ||
| 地址 | Reno NV US | ||