Provisioning a security component from a cloud host to a guest virtual resource unit

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Jin LIN · Seattle, US
• Michael Bishop Ebersol · Redmond, US
• David Kimler Altobelli · Houston, US
• Jingbo Wu · Sammamish, US
• Qiang Wang · Beijing, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/53
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The techniques disclosed herein enable a system to configure a confidential virtual resource unit by provisioning a security component to a tenant's virtual resource unit. The system creates multiple different virtual trust layers within the confidential virtual resource unit. This creation effectively defines security boundaries between the virtual trust layers. The virtual trust layers are associated with different privileges, such that a higher privileged virtual trust layer is provided with more privileges compared to a lower privileged virtual trust layer. In one example, a lower privileged virtual trust layer may include basic virtual resource components (e.g., drivers, applications, processes, functions, workloads executing within a guest operating system) and a higher privileged virtual trust layer is the location to which a virtual security component is provisioned by the system.