Method and apparatus to protect policy state information during the life-time of virtual machines
First Claim
Patent Images
1. A computer implemented method for protecting policy state information during the lifetime of a virtual machine, the computer implemented method comprising:
- creating a source policy;
creating a mapping policy; and
creating a binary policy, wherein the source, the mapping and the binary policies are different representations of a security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These polices are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
63 Citations
20 Claims
-
1. A computer implemented method for protecting policy state information during the lifetime of a virtual machine, the computer implemented method comprising:
-
creating a source policy;
creating a mapping policy; and
creating a binary policy, wherein the source, the mapping and the binary policies are different representations of a security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method for verifying policy state information of a virtual machine, the computer implemented method comprising:
-
receiving a mapping policy file and binary policy file of a source process;
determining if a cryptographic hash of a binary policy file of a target process matches a cryptographic hash of the binary policy file of the source process; and
in response to a determination that the cryptographic hash of the binary policy file of a target process matches the cryptographic hash of the binary policy file of the source process, declaring that security policies are compatible. - View Dependent Claims (12, 13)
-
-
14. A computer program product comprising a computer usable medium including computer usable program code for protecting policy state information during the lifetime of a virtual machine, the computer program product comprising:
-
computer usable program code for creating a source policy;
computer usable program code for creating a mapping policy; and
computer usable program code for creating a binary policy, wherein the source, the mapping and the binary policies are different representations of a security policy. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A data processing system for protecting policy state information during the lifetime of a virtual machine, said data processing system comprising:
-
a storage device for storing computer usable program code; and
a processor for executing the computer usable program code for creating a source policy;
creating a mapping policy; and
creating a binary policy, wherein the source, the mapping and the binary policies are different representations of a security policy.
-
Specification