Invention Title:

SECURE LIVE MIGRATION OF TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINES USING SMART CONTRACTS

Publication number:

US20240168787

Publication date:

2024-05-23

Section:

Physics

Class:

G06F9/45558

Inventors:

Vinothini Gunasekaran Bangalore, India

Santosh Deshpande Bangalore, India

Ajay Kishore Bengaluru, India

Assignee:

INTEL CORPORATION Santa Clara, CA, United States

Applicant:

Intel Corporation Santa Clara, CA, United States

Drawings (4 of 10)

Drawing 01 for SECURE LIVE MIGRATION OF TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINES USING SMART CONTRACTS

Drawing 02 for SECURE LIVE MIGRATION OF TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINES USING SMART CONTRACTS

Drawing 03 for SECURE LIVE MIGRATION OF TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINES USING SMART CONTRACTS

Drawing 04 for SECURE LIVE MIGRATION OF TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINES USING SMART CONTRACTS

Smart overview of the Invention

The disclosed technology enables the secure live migration of trusted execution environment virtual machines (TVMs) across multiple destination computing systems. It operates by broadcasting a migration request to several systems, receiving bids for the migration, and selecting a destination based on these bids. The migration process is streamlined through automation, eliminating the need for manual intervention by an orchestrator in cloud service provider (CSP) environments.

Current Challenges in TVM Migration

Existing methods for migrating TVMs, such as cold and live migration, present challenges. Cold migration requires stopping applications before transferring them, while live migration is limited to one-to-one transfers between systems. Additionally, current processes necessitate manual configuration changes by network administrators, which can be cumbersome and inefficient in dynamic computing environments.

Automation and Security Features

The proposed technology addresses these challenges by automating the live migration process. It allows for multiple destination systems to be targeted simultaneously without manual adjustments. The use of smart contracts ensures that migration decisions are transparent and secure, storing allocation information on a blockchain to maintain integrity and accountability throughout the process.

Compatibility with Confidential Computing Architectures

This technology is compatible with various confidential computing architectures, including Intel® Trust Domain Extensions (TDX), AMD® Secure Encrypted Virtualization (SEV), and ARM® Realm Management Extension (RME). This flexibility allows CSPs to implement secure migration solutions tailored to their specific environments while ensuring that sensitive data remains protected during the transition.

Implications for Cloud Service Providers

The ability to perform secure live migrations efficiently enhances CSPs' offerings by improving operational agility and reducing administrative overhead. By leveraging automated processes and smart contracts, CSPs can provide better service to clients requiring cryptographic isolation for their workloads, thereby fostering trust and security in cloud computing environments.