ATTESTATION PROTOCOL FOR SECURELY BOOTING A GUEST OPERATING SYSTEM

摘要

In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.

主权项

1. A method comprising:
at a boot server device, receiving from an external device a first image file of a virtual machine (VM), including a guest operating system (OS) to be booted; disabling a connection between the boot server device and the external device, including providing a first address for a network interface of the boot server, wherein the first address is blocked at a switch; booting the guest OS on the boot server device; saving a second image file of the VM, including the booted guest OS; restoring the connection between the boot server device and the external device, including employing an attestation protocol to attest to a particular software configuration of the boot server device by providing a second address for the network interface of the boot server, wherein the second address is allowed at the switch; and providing the second image file to the external device, to enable the booted guest OS to operate on the external device.