Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (N11c)
Virtualized environments rely on high-quality entropy for generating cryptographic keys and securing sensitive data. In many cases, the entropy sources within the VM or sourced from hypervisor may be of low quality, making the virtual environment vulnerable to the security threats. To address this challenge, we present a multitenant pluggable entropy solution for hypervisors.
This solution provides a secure and authenticated source of customer-brought entropy that can be easily integrated into existing hypervisors and cloud computing virtualization platform. The entropy is delivered to the hypervisor over a reliable channel and then distributed to the guest VMs. This solution provides a practical and effective way to enhance the entropy quality and overall security of virtualized environments, particularly in sovereign cloud environments. In this talk, we will present a high-level description of our solution, including the design blocks and the security measures implemented to ensure the integrity, confidentiality and availability of the entropy.