US Patent Application 17826658. PROVISIONING A SECURITY COMPONENT FROM A CLOUD HOST TO A GUEST VIRTUAL RESOURCE UNIT simplified abstract
PROVISIONING A SECURITY COMPONENT FROM A CLOUD HOST TO A GUEST VIRTUAL RESOURCE UNIT
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Michael Bishop Ebersol of Redmond WA (US)
David Kimler Altobelli of Redmond WA (US)
Qiang Wang of Bellevue WA (US)
PROVISIONING A SECURITY COMPONENT FROM A CLOUD HOST TO A GUEST VIRTUAL RESOURCE UNIT - A simplified explanation of the abstract
- This abstract for appeared for US patent application number 17826658 Titled 'PROVISIONING A SECURITY COMPONENT FROM A CLOUD HOST TO A GUEST VIRTUAL RESOURCE UNIT'
Simplified Explanation
This abstract describes a system that allows for the configuration of a secure virtual resource unit. The system provisions a security component to the virtual resource unit, creating multiple virtual trust layers within it. These trust layers define security boundaries and have different privileges. Higher privileged trust layers have more privileges than lower privileged ones. For example, a lower privileged trust layer may contain basic virtual resource components, while a higher privileged trust layer includes a virtual security component provisioned by the system.
Original Abstract Submitted
The techniques disclosed herein enable a system to configure a confidential virtual resource unit by provisioning a security component to a tenant's virtual resource unit. The system creates multiple different virtual trust layers within the confidential virtual resource unit. This creation effectively defines security boundaries between the virtual trust layers. The virtual trust layers are associated with different privileges, such that a higher privileged virtual trust layer is provided with more privileges compared to a lower privileged virtual trust layer. In one example, a lower privileged virtual trust layer may include basic virtual resource components (e.g., drivers, applications, processes, functions, workloads executing within a guest operating system) and a higher privileged virtual trust layer is the location to which a virtual security component is provisioned by the system.