This technology is a container architecture algorithm paired with Arm virtualization hardware that protects application data confidentiality and integrity on untrusted operating systems.
Conventional container architectures allow direct information flow from containers to operating systems that can be susceptible to malicious attacks, leading to high security risks. Approaches developed to enhance security of application memory include hardware solutions and add-ons to hardware-based mechanisms, but these methods suffer from strict requirements in the writing of the applications and large memory requirements, respectively. While hypervisors also offer protection via the encryption of application memory, these require enormous trusted computing bases.
This technology utilizes a container security monitor that eliminates the direct channel of information between the containers and the operating system by creating distinct physical address spaces for each container and the operating system. Paired with Arm virtualization hardware, this algorithm has been shown to prevent attacks more effectively as compared to conventional methods, while incurring only modest overheads.
IR CU21312
Licensing Contact: Greg Maskel