Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
ENCRYPTION ARCHITECTURE
Document Type and Number:
WIPO Patent Application WO/2016/003491
Kind Code:
A4
Abstract:
For a host that executes one or more guest virtual machines (GVMs), some embodiments provide an encryption method for encrypting the data messages sent by the GVMs. The method determines whether it should encrypt a data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

Inventors:
THOTA, Kiran, Kumar (3401 Hillview Avenue, Palo Alto, CA, 94304, US)
FEROZ, Azeem (3401 Hillview Avenue, Palo Alto, CA, 94304, US)
WIESE, James, C. (3401 Hillview Avenue, Palo Alto, CA, 94304, US)
Application Number:
US2014/072886
Publication Date:
February 25, 2016
Filing Date:
December 30, 2014
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
NICIRA, INC. (3401 Hillview Avenue, Palo Alto, CA, 94304, US)
International Classes:
G06F21/60; H04L9/08
Attorney, Agent or Firm:
ADELI, Mani (Adeli LLP, 11859 Wilshire Blvd. Suite 50, Los Angeles CA, 90025, US)
Download PDF:
Claims:
AMENDED CLAIMS

received by the International Bureau on 13 January 2016 (13.01.2016)

We claim:

1. A method of encrypting messages on a computer on which multiple virtual machines (VMs) execute, the method comprising:

intercepting a data message transmitted by a particular VM along an egress datapath of the data message on the computer; and

providing the data message to a module executed by at least one processing unit of the computer;

at said module,

determining whether the data message should be encrypted by analyzing a set of attributes of the data message; and

encrypting the data message upon determining that the data message should be encrypted.

2. The method of claim 1, wherein the particular VM is a first VM and the data message is a first data message, the method further comprising:

intercepting a second data message transmitted by a second VM;

determining whether the second data message should be encrypted by analyzing a set of attributes of the second data message; and

encrypting the second data message upon determining that the data message should be encrypted.

3. The method of claim 1, wherein the particular VM is a first VM and the data message is a first data message, the method further comprising:

intercepting a second data message transmitted by a second VM;

determining whether the second data message should be encrypted by analyzing a set of attributes of the second data message; and

foregoing the encryption of the second data message upon determining that the second data message should not be encrypted.

4. The method of claim 1, wherein intercepting the data message comprises intercepting the data message along an egress datapath of the data message out from the particular VM before the data message reaches a physical network interface card.

5. The method of claim 4, wherein the egress datapath leads the data message out of the host.

74

6. The method of claim 4, wherein the egress datapath leads the data message out of the host or leads the data message to another VM executing on the host.

7. The method of claim 4,

wherein the egress data path includes a software forwarding element that executes on the host to provide forwarding operations that lead the data message to a destination of the data message;

wherein the forwarding element has a plurality of ports that are connected to sources and destinations for the data messages; and

wherein intercepting the data message along the egress datapath comprises capturing the data message at one of said ports.

8. The method of claim 1, wherein determining whether the data message should be encrypted comprises using the set of attributes of the data message to identify an encryption rule that specifies that the data message should be encrypted.

9. The method of claim 1, wherein the set of attributes of the data message comprises a set of values in a header field of the data message.

10. A host computer for executing multiple virtual machines (VMs), the host comprising: an encryption agent for receiving encryption configuration data from a set of controllers; and

a set of encryptors for encrypting data messages sent from one or more of the VMs, based on the received encryption configuration data.

11. The host of claim 10, wherein the set of encryptors includes one encryptor for all VMs executing on the host, wherein the encryptor determines whether each data message from a VM has to be encrypted, and encrypts the data message when the encryptor determines that the data message should be encrypted.

12. The host of claim 10, wherein the set of encryptors includes one encryptor for each group of related VMs that executes on the host, wherein each encryptor determines whether each data message from a VM in its group of VMs has to be encrypted, and encrypts the data message when the encryptor determines that the data message should be encrypted.

13. The host of claim 10, wherein the set of encryptors includes one encryptor for each VM executing on the host, wherein each encryptor determines whether each data message from the encryptor' s corresponding VM has to be encrypted, and encrypts the data message when the encryptor determines that the data message should be encrypted.

75

14. The host of claim 10, wherein the set of encryptors includes first and second encryptors respectively for first and second VMs executing on the host, wherein the first encryptor determines that data messages from the first VM have to be encrypted, while the second encryptor determines that data messages from the second VM do not have to be encrypted.

15. The host of claim 14, wherein the first encryptor determines that the first- VM data messages should be encrypted and the second encryptor determines that the second- VM data messages should not be encrypted by comparing sets of attributes of the first- VM messages and the second- VM messages with the corresponding attributes of the encryption rules in order to find a matching encryption rule.

16. The host of claim 10, wherein the encryption configuration data comprises identity information of at least one key manager to contact in order to retrieve encryption keys.

17. The host of claim 16, wherein the encryption configuration data further comprises encryption key identifiers of the encryption keys that need to be retrieved.

18. The host of claim 10, wherein the encryption configuration data comprises encryption key identifiers of the encryption keys that need to be retrieved.

19. The host of claim 10, wherein the encryption configuration data comprises encryption policies that the encryption agent needs to resolve in order to generate encryption rules for the set of encryptors to enforce.

20. The host of claim 19, wherein the generated encryption rules are a first set of encryption rules, wherein the encryption configuration data further comprises a second set of encryption rules for the set of encryptors to enforce.

21. The host of claim 10, wherein the encryption configuration data comprises encryption rules that the set of encryptors needs to enforce.

22. The host of claim 10, wherein the set of encryptors are further for decrypting encrypted data messages received from one or more VMs.

23. A non-transitory machine readable medium storing a program for encrypting messages on a computer on which multiple virtual machines (VMs) execute, the program comprising sets of instructions for:

intercepting a data message transmitted by a particular VM along an egress datapath of the data message on the computer before the data message reaches a physical network interface card of the computer; and

76 providing the data message to a module executing on the processing units of the computer;

at the module,

determining whether the data message should be encrypted by analyzing a set of attributes of the data message; and

encrypting the data message upon determining that the data message should be encrypted.

24. A non-transitory machine readable medium that stores a program for encrypting data messages on a host computer in a datacenter that implements multiple logical networks on a shared network infrastructure, the program comprising sets of instructions for:

receiving data messages for different logical networks; and

encrypting the data messages for the different logical networks differently.

25. The non-transitory machine readable medium of claim 24, wherein the set of instructions for differently encrypting data messages comprises sets of instructions for:

for each particular logical network, using an identifier for the logical network to identify an encryption parameter for an encryption process; and

using the identified encryption parameter to encrypt the data messages for the particular network.

26. The non-transitory machine readable medium of claim 25, wherein the encryption parameter is an encryption key, wherein different encryption keys are used to encrypt the data messages for different logical networks.

27. The non-transitory machine readable medium of claim 26, wherein the encryption parameter further specifies a portion of the data messages to encrypt.

28. The non-transitory machine readable medium of claim 25, wherein the encryption parameter further specifies the encryption process to use to encrypt the data messages for the logical network identified by the logical network identifier, wherein different encryption processes are used to encrypt the data messages for different logical networks.

29. The non-transitory machine readable medium of claim 24, wherein the set of instructions for differently encrypting data messages comprises sets of instructions for:

for each particular logical network, using an identifier for the logical network to identify an encryption process and an encryption parameter for the encryption process; and

77 using the identified encryption process and parameter to encrypt the data messages for the particular logical network.

30. The non-transitory machine readable medium of claim 24, wherein a logical network comprises a logical switch, and the logical switch has a logical switch identifier, wherein the set of instructions for differently encrypting data messages comprises a set of instructions for using the logical switch identifier to identify an encryption parameter for encrypting the data messages for the logical switch.

31. The non-transitory machine readable medium of claim 24,

wherein a logical network comprises a logical router, and the logical router has a logical router identifier,

wherein the set of instructions for differently encrypting data messages comprises a set of instructions for using the logical router identifier to identify an encryption parameter for encrypting the data messages for the logical router.

32. The non-transitory machine readable medium of claim 24, wherein each data message comprises a payload and a header value, said header value comprising a logical network identifier, wherein the set of instructions for encrypting the data messages comprises sets of instructions for:

for a data message of a logical network, generating an integrity check value (ICV) based at least partially on the logical identifier of the logical network;

encrypting the ICV along with the payload, said ICV for authenticating the data message after the data message is decrypted.

33. The non-transitory machine readable medium of claim 32, wherein the ICV is also generated from the payload.

34. The non-transitory machine readable medium of claim 24, wherein the set of instructions for differently encrypting data messages comprises sets of instructions for:

for each particular logical network,

using an identifier for the logical network to identify one encryption rule from a plurality of stored encryption rules;

retrieving an encryption parameter for an encryption process from the identified encryption rule; and

using the identified encryption parameter to encrypt the data messages for the particular logical network.

78

35. For a computer that executes at least one virtual machines (VM), an encryption method comprising:

from the VM, receiving different data messages that are part of first and second data flows from the VM; and

encrypting the data messages in the first flow differently than the data messages in the second flow.

36. The method of claim 35, wherein differently encrypting the data messages in the first and second flows comprises encrypting the data messages in the first flow, while not encrypting the data messages in the second flow.

37. The method of claim 35, wherein differently encrypting the data messages in the first and second flows comprises encrypting the data messages in the first flow by using a first encryption process, while encrypting the data messages in the second flow by using a second encryption process.

38. The method of claim 35, wherein differently encrypting the data messages in the first and second flows comprises encrypting the data messages in the first flow by using a first encryption key, while encrypting the data messages in the second flow by using a second encryption key.

39. The method of claim 35, wherein differently encrypting the data messages in the first and second flows comprises encrypting a first portion of each data message in the first flow, while encrypting a second portion of each data message in the second flow, wherein the first and second portions are different portions of their respective data messages.

40. The method of claim 35, where the first and second flows have different destinations.

41. The method of claim 35, where the first and second flows have the same destination.

42. The method of claim 41, where the same destination is another VM on another computer

43. The method of claim 35 further comprising:

detecting start of a particular flow;

defining encryption rules for specifying how the data messages of the particular flow have to be encrypted;

providing the encryption rules to a set of encryptors that (i) intercepts data messages of the particular flow and other flows, (ii) determines whether to encrypt the data messages based on the encryption rules, (iii) encrypts the data messages upon determining to encrypt the data messages, and (iv) foregoes encrypting the data messages upon determining that no encryption is needed.

44. The method of claim 35 further comprising inserting in each encrypted data message an encryption identifier, said encryption identifier for allowing a destination of the data message to decrypt the encrypted data message.

45. The method of claim 44, wherein the encryption identifier is a key identifier that identifies an encryption key that was used to encrypt the data message.

46. The method of claim 44, wherein the encryption identifier is a key identifier that identifies decryption key that is needed to decrypt the data message.

47. The method of claim 44, wherein the encryption identifier is an encryption identifier that identifies an encryption process that was used to encrypt the data message.

48. The method of claim 44, wherein the encryption identifier is a decryption identifier that identifies decryption process that is needed to decrypt the data message.

49. The method of claim 44, wherein the encryption identifier is inserted in a header field of the data message.

50. A non-transitory machine readable medium storing a program for encrypting messages from a virtual machine (VM) that executes on a computer, the program comprising sets of instructions for:

from the VM, receiving different data messages that are part of first and second data flows from the VM; and

encrypting the data messages in the first flow differently than the data messages in the second flow.

51. The non-transitory machine readable medium of claim 50, wherein the set of instructions for differently encrypting the data messages in the first and second flows comprises a set of instructions for encrypting the data messages in the first flow, while not encrypting the data messages in the second flow.

52. The non-transitory machine readable medium of claim 50, wherein the set of instructions for differently encrypting the data messages in the first and second flows comprises a set of instructions for encrypting the data messages in the first flow by using a first encryption process, while encrypting the data messages in the second flow by using a second encryption process.

53. The non-transitory machine readable medium of claim 50, wherein the set of instructions for differently encrypting the data messages in the first and second flows comprises a set of instructions for encrypting the data messages in the first flow by using a first encryption key, while encrypting the data messages in the second flow by using a second encryption key.

54. The non-transitory machine readable medium of claim 50, wherein the set of instructions for differently encrypting the data messages in the first and second flows comprises a set of instructions for encrypting a first portion of each data message in the first flow, while encrypting a second portion of each data message in the second flow, wherein the first and second portions are different portions of their respective data messages.

55. The non-transitory machine readable medium of claim 50, wherein the set of instructions for differently encrypting data messages comprises sets of instructions for:

for each flow,

using a set of message attribute values to identify one encryption rule from a plurality of stored encryption rules, said identified encryption rule being an encryption rule that is defined for the flow;

retrieving an encryption parameter for an encryption process from the identified encryption rule; and

using the identified encryption parameter to encrypt the data messages of the flow.

56. For a host computer on which a set of virtual machines (VMs) execute, an encryption method comprising:

detecting malware on a first VM; and

encrypting data messages transmitted by at least a second VM after the malware is detected.

57. The method of claim 56, wherein before the malware was detected, the data messages from the second VM was not encrypted.

58. The method of claim 56, wherein the second VM is the first VM.

59. The method of claim 56, wherein encrypting data messages comprises encrypting data messages on a plurality of VMs that execute on the host, said plurality of VMs including the second VM.

60. The method of claim 59, wherein the plurality of VMs include VMs that are not detected with malware.

61. The method of claim 60, wherein the plurality of VMs further includes the first VM with the detected malware.

62. The method of claim 56, wherein detecting malware comprises detecting that the first VM has been tagged as a malware- infected VM.

63. The method of claim 62 further comprising:

examining a set of encryption policies to determine whether a set of encryption rules needs to be specified because the first VM has been detected with malware; and

based on the examination of the encryption policy set, specifying at least one encryption rule that specifies that data messages transmitted by the second VM should be encrypted.

64. The method of claim 63, wherein specifying the encryption rule comprises specifying a plurality of encryption rules that each specify the encryption of data messages for a different VM that executes on the host.

65. The method of claim 63, wherein the specified encryption rule specifies the encryption of data messages from a plurality of VMs that executes on the host.

66. The method of claim 65, wherein the plurality of VMs include VMs that are not infected with malware.

67. The method of claim 65, wherein the plurality of VMs include the first VM with the detected malware.

68. The method of claim 63, wherein the encryption policies are stored on the host computer.

69. The method of claim 62, wherein detecting malware further comprises installing an agent on the VMs to provide VM introspection data about the VM's operation, wherein the malware is detected by analyzing the introspection data.

70. The method of claim 69, wherein the VMs are guest VMs (GVMs), wherein the malware data is collected from the VM agents by a service VM (SVM) executing on the host, wherein the SVM analyzes the introspection data to determine whether a GVM has been infected with malware, and assigns a malware-infected tag to a particular GVM when the SVM determines that the particular GVM has been infected with malware.

71. The method of claim 56 further comprising:

inserting an encryption identifier in at least one encrypted data message, said encryption identifier for allowing destinations of the data message to decrypt the encrypted data message.

72. The method of claim 71, wherein the encryption identifier is a key identifier that identifies an encryption key that was used to encrypt the data message.

73. The method of claim 71, wherein the encryption identifier is a key identifier that identifies decryption key that is needed to decrypt the data message.

82

74. The method of claim 71, wherein the encryption identifier is an encryption identifier that identifies an encryption process that was used to encrypt the data message.

75. The method of claim 71, wherein the encryption identifier is a decryption identifier that identifies decryption process that is needed to decrypt the data message.

76. The method of claim 71, wherein the encryption identifier is inserted in a header field of the data message.

77. A non-transitory machine readable medium storing a program for encrypting messages from a virtual machine (VM) that executes on a host computer, the program comprising sets of instructions for:

detecting malware on a first VM; and

encrypting data messages transmitted by at least a second VM after the malware is detected.

78. A method of providing encryption services on a computer that executes a plurality of virtual machines (VMs), the method comprising:

detecting an event on a particular VM;

generating an encryption rule for encrypting data messages that are sent from the particular VM; and

using the encryption rule to encrypt messages sent by the particular VM.

79. The method of claim 78, wherein generating the encryption rule comprises examining a plurality of encryption policies to determine whether an encryption rule needs to be specified for the detected event, wherein generating the encryption rule comprises generating the encryption rule based on the examination of the encryption policies.

80. The method of claim 78, wherein the event is a flow-based event.

81. The method of claim 78, wherein detecting the event comprises detecting an initiation of a flow between the particular VM and another VM.

82. The method of claim 78, wherein detecting the event comprises detecting existence of malware on the particular VM.

83. The method of claim 78, wherein detecting the event comprises detecting existence of malware on another VM.

84. The method of claim 78, wherein generating the encryption rule comprises forwarding the detected event to a set of controllers, said controller set determining whether an encryption rule needs to be specified for the detected event based on a set of encryption policies that are

83 stored by the controller set, wherein generating the encryption rule comprises receiving the generated encryption rule from the controller set.

85. The method of claim 78, wherein generating the encryption rule comprises forwarding the detected event to a set of controllers, said controller set determining whether an encryption policy has to be provided to the computer to generate, at the computer, an encryption rule for the detected event.

86. The method of claim 78, wherein using the encryption rule comprises providing the encryption rule to an encryptor that intercepts data messages sent from the particular VM and encrypts the intercepted data messages based on the encryption rule.

87. The method of claim 86, wherein the encryption rule specifies an encryption key identifier that identifies an encryption key to use to encrypt the data messages, wherein the encryption key is also supplied to the encryptor, wherein before supplying the encryption key, the encryption key is retrieved from a key manager.

88. A non-transitory machine readable medium storing a program for providing encryption services on a computer that executes a plurality of virtual machines (VMs), the program comprising sets of instructions for:

detecting an event on a particular VM;

examining a plurality of encryption policies to determine whether an encryption rule needs to be specified for the detected event; and

specifying the encryption rule based on the examination of the encryption policies, said encryption rule for encrypting messages sent by the particular VM.

89. The non-transitory machine readable medium of claim 88, wherein the program further comprises a set of instructions for using the encryption rule to encrypt messages sent by the particular VM.

90. The non-transitory machine readable medium of claim 88, wherein the event is a flow- based event.

91. The non-transitory machine readable medium of claim 88, wherein the set of instruction for detecting the event comprises a set of instructions for detecting an initiation of a flow between the particular VM and another machine.

92. The non-transitory machine readable medium of claim 88, wherein the set of instruction for detecting the event comprises a set of instructions for detecting existence of malware on the particular VM.

84

93. The non-transitory machine readable medium of claim 88, wherein the set of instruction for detecting the event comprises a set of instructions for detecting for existence of malware on another VM.

94. The non-transitory machine readable medium of claim 88, wherein the set of instruction for examining the set of encryption policies comprises a set of instructions for forwarding the detected event to a set of controllers, said controller set examining the set of encryption policies to determine whether an encryption rule needs to be specified for the detected event.

95. The non-transitory machine readable medium of claim 88, wherein the set of instruction for examining the set of encryption policies comprises a set of instructions for forwarding the detected event to a set of controllers, said controller set determining whether an encryption policy has to be provided to the computer to generate, at the computer, an encryption rule for the detected event.

96. A method of providing encryption services in a system with a plurality of computing machines, the method comprising:

defining a plurality of encryption groups, each group having a set of computing-machine members;

defining a set of encryption policies for each group;

based on a dynamically detected event that relates to a particular machine, dynamically adding the particular machine as a member to at least one particular group; and

applying the set of encryption policies for the particular group to the particular machine.

97. The method of claim 96, wherein applying the set of encryption policies comprises transmitting the set of encryption policies from a first device to a second device, so that the set of encryption policies will be enforced for the particular machine.

98. The method of claim 97, wherein the particular machine is a virtual machine, and the second device is a host computer on which the virtual machine executes.

99. The method of claim 98, wherein the first device is a computer that was used to define the set of encryption policies and that stores the set of encryption policies.

100. The method of claim 98, wherein the first device is a computer on which the set of policies is stored.

101. The method of claim 97,

wherein the first device is a computer on which the set of policies is stored;

wherein the second device is the particular machine.

85

102. The method of claim 96, wherein applying the set of encryption policies comprises transmitting, from a first device to a second device, an update to the membership of the particular group, so that the set of encryption policies will be enforced for the particular machine.

103. The method of claim 102, wherein the particular machine is a virtual machine, and the second device is a host computer on which the virtual machine executes.

104. The method of claim 103, wherein the first device is a computer that was used to define the set of encryption policies and that stores the set of encryption policies.

105. The method of claim 103, wherein the first device is a computer on which the set of policies is stored.

106. The method of claim 102,

wherein the first device is a computer on which the set of policies is stored;

wherein the second device is the particular machine.

107. The method of claim 96, wherein applying the set of encryption policies comprises transmitting, from a first device to a second device, at least one encryption rule related to the set of encryption policies, said encryption rule for applying to data messages of the particular machine.

108. The method of claim 107, wherein the particular machine is a virtual machine, and the second device is a host computer on which the virtual machine executes.

109. The method of claim 108, wherein the first device is a computer that was used to define the set of encryption policies and that stores the set of encryption policies.

110. The method of claim 108, wherein the first device is a computer on which the set of policies is stored.

111. The method of claim 107,

wherein the first device is a computer on which the set of policies is stored;

wherein the second device is the particular machine.

112. A non-transitory machine readable medium storing a program for providing encryption services in a system with a plurality of computing machines, the program comprising sets of instructions for:

defining a plurality of encryption groups, each group having a set of computing-machine members;

defining a set of encryption policies for each group;

86 based on a dynamically detected event that relates to a particular machine, dynamically adding a particular machine as a member to at least one particular group; and

applying the set of encryption policies for the particular group to the particular machine.

113. The non-transitory machine readable medium of claim 112, wherein the program further comprises sets of instructions for:

based on another dynamically detected event that relates to the particular machine, dynamically removing the particular machine as the member of the group; and

removing the applicability of the set of encryption policies to the particular machine.

114. The non-transitory machine readable medium of claim 113, wherein the program further comprises a set of instructions for discarding an encryption rule that was defined to enforce the set of encryption policies to the particular machine.

115. The non-transitory machine readable medium of claim 112, wherein when an encryption group is initially defined, the encryption group has no computing machine as a member.

116. The non-transitory machine readable medium of claim 112, wherein the set of encryption policies includes one or more encryption policies based on which one or more encryption rules have to be defined for a computing machine that is a member of an encryption group.

117. An encryption system comprising:

a plurality of computing devices;

a set of computers for providing to the computing devices encryption configuration data that specifies how data messages from the computing devices has to be encrypted; and

a set of key managers for the computing devices to access to retrieve encryption keys.

87