| 发明名称 |
SECURE INTERFACE FOR INVOKING PRIVILEGED OPERATIONS |
| 摘要 |
A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures. |
| 申请公布号 |
US2014208096(A1) |
申请公布日期 |
2014.07.24 |
| 申请号 |
US201313746737 |
申请日期 |
2013.01.22 |
| 申请人 |
Amazon Technologies, Inc. |
发明人 |
Brandwine Eric Jason;Wilson Matthew Shawn |
| 分类号 |
H04L9/32 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method for securing software modifications in a virtualized computing environment, said method comprising:
under the control of one or more computer systems configured with executable instructions,
providing at least one application programming interface (API) configured to receive requests submitted to a host computing device, the host computing device including a virtualization layer configured to host one or more guests;storing a public key capable of being used to decrypt information on the host computing device, wherein a corresponding private key capable of being used to encrypt the information is stored in a secure location that is external with respect to the host computing device;receiving, by the host computing device over the API, a request to execute a privileged operation in the virtualization layer of the host computing device, the request signed using the private key stored in the secure location; andexecuting, by the virtualization layer, the privileged operation if a signature of the request is successfully validated using the public key, wherein the privileged operation fails if the signature of the request is unable to be successfully validated using the public key. |
| 地址 |
Reno NV US |
