SecureCloud™ is a key management and data encryption solution available from Trend Micro, Inc. SecureCloud™ provides a key management system which addresses a need to provide data protection for cloud environments, virtual environments, and physical machines using encryption with policy-based key management and unique server validation. For example, SecureCloud™ may be used to protect an application running on a cloud when companies use the cloud for computing and virtualization. As an example, SecureCloud™ may be used to provide cloud security for Amazon Web Services™ (AWS), Elastic Compute Cloud (Amazon EC2).
SecureCloud™ provides full disk encryption with advanced key policies to keep data private, providing protection and security for sensitive data stored with cloud service providers. SecureCloud™ protects critical data stored on cloud devices by using full-disk encryption, including protecting boot volumes for cloud environments via boot volume encryption and policy-based key management and unique server validation. The SecureCloud™ key management and data encryption may be implemented as a software application or software-as-a-service (SaaS).
As an example, the disk drives for boot volumes for cloud environments may be encrypted, as well as data and ephemeral storage devices and RAID devices. A web console may be used to for an administrator to define criteria on which instances can receive encryption/decryption keys. A SecureCloud™ runtime agent is installed on a newly supported platform.
The SecureCloud™ software/service has been based on a fully Virtual Machine (VM) model. In this implementation, root volume encryption in a fully virtualized Linux virtual machine is a way to improve computer security. A root volume encryption of a fully virtualized virtual machine software includes providing an interface to virtual machines that is identical to that of the underlying hardware.
The full virtualization includes a complete simulation of the underlying hardware and a booting process, such as: BIOS→Master Boot Record (MBR)→Grand Unified Bootloader (Grub)→Kernel. Examples of applications include supporting boot volume encryption in a Linux system under a fully virtualized Virtual Machine.
FIG. 1 illustrates a disk layout of a fully virtualized Virtual Machine (VM) implementation for SecureCloud™. Encrypted regions are illustrated as shaded areas. The Master Boot Record (MBR) is illustrated as well as the boot partition and an encrypted root partition. FIG. 1 also shows the portion of the boot partition including the original stage 2 loader, resized files system, and boot image. The boot image further includes portions for a SecureCloud™ Boot Partition, SecureCloud™ root image (storing a pre-boot agent), a scratchspace, and a SecureCloud™ stage 2 loader.
FIG. 2 illustrates a setkey flow of a fully virtualized VM in a SecureCloud™ implementation. FIG. 2 illustrates the key flow interaction between the disk layout, the BIOS, memory, a key request, a setkey, and a reboot operation.
FIG. 3 illustrates the boot flow after setkey of a fully virtualized VM, showing aspects of operation of the BIOS, MBRs, stage 2 loader, kernel, and initrd, and the portion responsible for loading a temporary file system into memory in the boot process.
FIG. 4 illustrates pre-boot image installation flow in a fully virtualized VM. The flow includes the steps of unmounting the boot partition, resizing the boot filesystem, installing the pre-boot image, backing up the original MBR, installing the SecureCloud™ MBR, backing up the SecureCloud™ MBR, initializing the scratch space, configuring a stage 2 loader, patching the initrd, and rebooting the VM.
While a fully virtualized VM is useful, it also has disadvantages associated with its need to include a complete simulation of the underlying hardware. The present invention was developed in view of the shortcomings and limitations of full virtualization for root volume encryption in a VM.