PRIVILEGED CRYPTOGRAPHIC SERVICES IN A VIRTUALIZED ENVIRONMENT

摘要

A privileged cryptographic service is described, such as a service running in system management mode (SMM). The privileged service is operable to store and manage cryptographic keys and/or other security resources in a multitenant remote program execution environment. The privileged service can receive requests to use the cryptographic keys and issue responses to these requests. In addition, the privileged service can measure the hypervisor at runtime (e.g., either periodically or in response to the requests) in an attempt to detect evidence of tampering with the hypervisor. Because the privileged service is operating in system management mode that is more privileged than the hypervisor, the privileged service can be robust against virtual machine escape and other hypervisor attacks.

主权项

1. A computing device, comprising:
at least one processor; memory including instructions that are executed by the at least one processor of the device to implement:
a hypervisor that manages one or more virtual machines, each virtual machine associated with a respective customer and operable to execute customer-provided code; anda privileged service that is capable of suspending the hypervisor and running in system management mode (SMM) on the host computing device, the privileged service operable to:
receive a cryptographic key associated with a customer and store the cryptographic key on the host computing device;receive a request to use the cryptographic key from at least one of: the hypervisor or the one or more virtual machines, the request generated by initiating a system management interrupt (SMI);measure one or more values associated with the hypervisor;determine whether the hypervisor was altered based on the one or more values; andgenerate a response to the request if the one or more values indicate that the hypervisor was not altered, the response based at least in part on the cryptographic key stored on the host computing device.