Secure your cloud workloads with IBM Secure Execution for Linux on IBM z15 and LinuxONE III

被引:8
作者
Borntrager, C. [1 ]
Bradbury, J. D. [2 ]
Bundgen, R. [1 ]
Busaba, F. [2 ]
Heller, L. C. [2 ]
Mihajlovski, V [1 ]
机构
[1] IBM Res & Dev GmbH, D-71032 Boblingen, Germany
[2] IBM Syst, Poughkeepsie, NY 12601 USA
关键词
Trusted computing - Linux;
D O I
10.1147/JRD.2020.3008109
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
With the growth of IBM Z and LinuxONE in the cloud, customers are expecting their workloads and data to have the same levels of security, isolation, and privacy as running on-premise. In order to achieve these levels of trust, the IBM z15 and LinuxONE III provide the IBM Secure Execution for Linux facility, which isolates customers' data from each other, as well as from the cloud administrators. Unlike other solutions in the industry, IBM Secure Execution does not require remote attestation, thus simplifying the deployment of applications into the protected environment. Also, unlike some other solutions in the industry, the integrity of data is protected end-to-end, that is, front the boot image on disk to memory as it is paged by the hypervisor and throughout execution. The isolation and integrity are provided by hardware and trusted firmware known as the ultravisor. In this article, we describe the security model of IBM Secure Execution, the functionality of the hardware and ultravisor, as well as the required changes to the hypervisor in order to support protected virtual machines.
引用
收藏
页码:5 / 6
页数:11
相关论文
共 14 条
[1]  
[Anonymous], 2019, IBM PUBL, VSA22-7832-12
[2]  
[Anonymous], 2001, FIPS PUBLICATION, V197
[3]  
[Anonymous], 2007, NIST SPEC PUBL D
[4]  
[Anonymous], 2015, FIPS PUBLICATION, V180-4
[5]  
[Anonymous], 2010, NIST SPEC PUBL E
[6]   Millicode in an IBM zSeries processor [J].
Heller, LC ;
Farrell, MS .
IBM JOURNAL OF RESEARCH AND DEVELOPMENT, 2004, 48 (3-4) :425-434
[7]  
Hetzelt F, 2017, ACM SIGPLAN NOTICES, V52, P129, DOI [10.1145/3140607.3050763, 10.1145/3050748.3050763]
[8]  
Hunt G., SUPPORTING PROTECTED
[9]  
Jin S, 2011, INT SYMP MICROARCH, P272
[10]  
Kaplan David, 2017, White paper