公开(公告)号：US20160170785A1

公开(公告)日：2016-06-16

申请号：US14567789

申请日：2014-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5016 ,  G06F9/5027 ,  G06F2009/4557 ,  G06F2009/45579

Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a interconnect interface. The interconnect interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.

Abstract translation: 通常描述，本申请涉及使用物理计算设备和卸载设备管理虚拟机实例的系统和方法。 卸载设备可以是单独的计算设备，其包括与物理计算设备的计算资源分离的计算资源（例如，处理器和存储器）。 卸载设备可以经由互连接口连接到物理计算设备。 互连接口可以是高速，高吞吐量，低延迟接口，例如外围组件互连Express（PCIe）接口。 卸载设备可用于从物理计算设备卸载虚拟化和处理虚拟组件，从而增加虚拟机实例可用的计算资源。

公开(公告)号：US09367339B2

公开(公告)日：2016-06-14

申请号：US13932828

申请日：2013-07-01

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/14 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F21/57

CPC classification number: G06F9/455 ,  G06F9/45558 ,  G06F9/5077 ,  G06F12/14 ,  G06F12/145 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2212/1052 ,  H04L9/0643 ,  H04L9/08 ,  H04L9/32 ,  H04L9/321 ,  H04L63/04

Abstract: Approaches to enable the configuration of computing resources for executing virtual machines on behalf of users to be cryptographically attested to or verified. When a user requests a virtual machine to be provisioned, an operator of the virtualized computing environment can initiate a two phase launch of the virtual machine. In the first phase, the operator provisions the virtual machine on a host computing device and obtains cryptographic measurements of the software and/or hardware resources on the host computing device. The operator may then provide those cryptographic measurements to the user that requested the virtual machine. If the user approves the cryptographic measurements, the operator may proceed with the second phase and actually launch the virtual machine on the host. In some cases, operator may compare the cryptographic measurements to a list of approved measurements to determine whether the host computing device is acceptable for hosting the virtual machine.

Abstract translation: 允许代表用户配置用于执行虚拟机的计算资源的方法被加密地验证或验证。 当用户请求虚拟机被配置时，虚拟化计算环境的操作者可以启动虚拟机的两阶段启动。 在第一阶段中，操作者将主机计算设备上的虚拟机提供给主机计算设备上的软件和/或硬件资源的加密测量。 然后，操作者可以向请求虚拟机的用户提供那些加密测量。 如果用户批准加密测量，则操作员可以继续进行第二阶段，并且在主机上实际启动虚拟机。 在某些情况下，操作员可以将加密测量值与已批准测量列表进行比较，以确定主机计算设备是否可接受托管虚拟机。

公开(公告)号：US09106257B1

公开(公告)日：2015-08-11

申请号：US13927913

申请日：2013-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Martin Thomas Pohlack ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F11/10 ,  H03M13/00 ,  H03M13/09

CPC classification number: H03M13/09 ,  H03M13/353 ,  H04L1/0061

Abstract: Methods and apparatus for checksumming network packets encapsulated according to an encapsulation protocol are described in which a single checksum is performed at the encapsulation layer, with checksum generation performed at the source encapsulation layer and checksum validation performed at the destination encapsulation layer. The packet source and packet destination may be informed by the encapsulation layer that a checksum operation is not necessary for the network packets. By performing checksumming at the encapsulation layer, the method may reduce overhead as checksum computation is initiated once rather than twice as in conventional encapsulation techniques. In addition, checksum algorithms may be used that provide stronger error detection or correction than is provided by standard network protocol checksumming, different checksum algorithms may be selected for different paths according to one or more criteria, and checksum operations may be offloaded to hardware.

Abstract translation: 描述了根据封装协议封装的网络分组的校验和的方法和装置，其中在封装层执行单个校验和，在源封装层执行校验和生成，并在目的封装层执行校验和验证。 分组源和分组目的地可以由封装层通知网络分组不需要校验和操作。 通过在封装层执行校验和，该方法可以减少开销，因为校验和计算开始一次，而不是传统封装技术中的两次。 此外，可以使用校验和算法，其提供比由标准网络协议校验和提供的更强的错误检测或校正，可以根据一个或多个标准针对不同的路径选择不同的校验和算法，并且校验和操作可以被卸载到硬件。

公开(公告)号：US20140208111A1

公开(公告)日：2014-07-24

申请号：US13746702

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F3/0647 ,  G06F9/45558 ,  G06F9/4856 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45587 ,  H04L9/0844 ,  H04L63/0869

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order to enable secure migration of virtual machine instances between multiple host computing devices. The migration is performed by receiving a request to migrate a virtual machine where the request includes public keys for the source host computing and the destination host computing. The source and destination hosts use the public keys to establish an encrypted session and then use the encrypted session to migrate the virtual machine.

Abstract translation: 描述了形式化的一组接口（例如，应用编程接口（API）），其使用诸如不对称（或对称）密码学的安全方案，以便实现虚拟机实例在多个主机计算设备之间的安全迁移。 通过接收迁移虚拟机的请求来执行迁移，其中请求包含源主机计算和目标主机计算的公钥。 源和目标主机使用公钥建立加密会话，然后使用加密会话来迁移虚拟机。

公开(公告)号：US20230176891A1

公开(公告)日：2023-06-08

申请号：US18053287

申请日：2022-11-07

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F21/53

Abstract: At a virtualization host, an isolated run-time environment is established within a compute instance. The configuration of the isolated run-time environment is analyzed by a security manager of the hypervisor of the host. After the analysis, computations are performed at the isolated run-time environment.

公开(公告)号：US11050844B2

公开(公告)日：2021-06-29

申请号：US16518455

申请日：2019-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Matthew Shawn Wilson

IPC: G06F9/50 ,  G06F9/455 ,  H04L29/08 ,  G06F21/57

Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The provider can provide the customer with expected information that the customer can verify through a request to an application programming interface (API) of the card, and after the customer verifies the information the customer can take logical ownership of the card and lock out the provider. The card can then function as a trusted but limited environment that is programmable by the customer. The customer can subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected.

公开(公告)号：US10911405B1

公开(公告)日：2021-02-02

申请号：US15824896

申请日：2017-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Jason Alexander Harland ,  Anthony Nicholas Liguori ,  Darin Lee Frink ,  Nafea Bshara ,  Ziv Harel ,  Matthew Shawn Wilson ,  Yotam Admon

IPC: H04L29/00 ,  G06F17/00 ,  H04L29/06 ,  H04L12/813

Abstract: Disclosed herein are techniques for maintaining a secure environment on a server. In one embodiment, the server includes a baseboard management controller (BMC), a first Ethernet port coupled with an adapter device network comprising a plurality of adapter devices, and a master adapter device including a second Ethernet port and a network switch, the network switch being controllable to be selectively coupled with at least one of the BMC, the first Ethernet port, or the second Ethernet port. The master adapter device may receive a network packet from at least one of: the first Ethernet port, the second Ethernet port, or the BMC, and determine, based on a forwarding policy, whether to forward the network packet. Based on a determination to forward the network packet, the master adapter device may determine a destination, and control the network switch to transmit the network packet to the destination.

公开(公告)号：US10740466B1

公开(公告)日：2020-08-11

申请号：US15280897

申请日：2016-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Nafea Bshara ,  Matthew Shawn Wilson ,  Eric Jason Brandwine ,  Anthony Nicholas Liguori ,  Yaniv Shapira ,  Mark Bradley Davis ,  Adi Habusha

IPC: G06F15/177 ,  G06F21/57 ,  G06F9/4401 ,  G06F21/72 ,  H04L9/06

Abstract: Interfaces of a compute node on a printed circuit board can be secured by obfuscating the information communicated over the interfaces. Data to be communicated between the compute node and a device on the printed circuit board using an interface can be encrypted, and an address corresponding to the data to be communicated can be scrambled. In addition, the compute node can be the root of trust which can provide secure boot of different components using an on-chip mechanism, and without relying on external devices.

公开(公告)号：US10719463B1

公开(公告)日：2020-07-21

申请号：US16386157

申请日：2019-04-16

Applicant: Amazon Technologies, Inc.

Inventor： Nafea Bshara ,  Mark Bradley Davis ,  Matthew Shawn Wilson ,  Uwe Dannowski ,  Yaniv Shapira ,  Adi Habusha ,  Anthony Nicholas Liguori

IPC: G06F13/30 ,  G06F3/06 ,  G06F12/0891 ,  G06F13/40 ,  G06F13/28

Abstract: Disclosed herein are techniques for migrating data from a source memory range to a destination memory while data is being written into the source memory range. An apparatus includes a control logic configured to receive a request for data migration and initiate the data migration using a direct memory access (DMA) controller, while the source memory range continues to accept write operations. The apparatus also includes a tracking logic coupled to the control logic and configured to track write operations performed to the source memory range while data is being copied from the source memory range to the destination memory. The control logic is further configured to initiate copying data associated with the tracked write operations to the destination memory.

公开(公告)号：US10691803B2

公开(公告)日：2020-06-23

申请号：US15377991

申请日：2016-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Jason Alexander Harland ,  Matthew Shawn Wilson ,  Nafea Bshara ,  Ziv Harel ,  Darin Lee Frink

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/44

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.