METHODOLOGY FOR SECURE APPLICATION PARTITIONING ENABLEMENT

US 20090118839A1
Filed: 11/06/2007
Published: 05/07/2009
Est. Priority Date: 11/06/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for configuring a short lived secure partition in a data processing system, the computer implemented method comprising:

receiving a command to create a short lived secure partition for a secure application;

creating the short lived secure partition in the data processing system, the short lived secure partition being inaccessible by superusers or other applications;

allocating system resources comprising physical resources and virtual allocations of the physical resources to the short lived secure partition; and

loading hardware and software components needed to run the secure application in the short lived secure partition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented methods data processing system, and computer program product for configuring a partition with needed system resources to enable an application to run and process in a secure environment. Upon receiving a command to create a short lived secure partition for a secure application, a short lived secure partition is created in the data processing system. This short lived secure partition is inaccessible by superusers or other applications. System resources comprising physical resources and virtual allocations of the physical resources are allocated to the short lived secure partition. Hardware and software components needed to run the secure application are loaded into the short lived secure partition.

Citations

20 Claims

1. A computer implemented method for configuring a short lived secure partition in a data processing system, the computer implemented method comprising:
- receiving a command to create a short lived secure partition for a secure application;
  
  creating the short lived secure partition in the data processing system, the short lived secure partition being inaccessible by superusers or other applications;
  
  allocating system resources comprising physical resources and virtual allocations of the physical resources to the short lived secure partition; and
  
  loading hardware and software components needed to run the secure application in the short lived secure partition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer implemented method of claim 1, further comprising:
    - responsive to the short lived secure application completing its processing, freeing up space allocated to the short lived secure partition and system resources.
  - 3. The computer implemented method of claim 2, wherein the receiving, creating, allocating, loading, and freeing steps are performed by a hardware management console.
  - 4. The computer implemented method of claim 3, wherein freeing up space allocated to the short lived secure partition includes removing the short lived secure partition from a partition configuration on the hardware management console.
  - 5. The computer implemented method of claim 4, wherein the hardware management console frees up the space allocated to the short lived secure partition and system resources in response to receiving a system call from the partition management firmware.
  - 6. The computer implemented method of claim 1, wherein creating the short lived secure partition further comprises:
    - responsive to determining that predefined partition configurations for the secure application exist, creating the short lived secure partition and allocating system resources specified in the predefined partition configuration;
      
      responsive to determining that predefined partition configurations for the secure application do not exist, creating the short lived secure partition and allocating system resources available to the short lived secure partition.
  - 7. The computer implemented method of claim 1, wherein the system resources include at least one of an Internet Protocol address, memory, central processing unit, or network adapter.
  - 8. The computer implemented method of claim 1, wherein the command to create a short lived secure partition for a secure application is received from partition management firmware.
  - 9. The computer implemented method of claim 8, wherein the partition management firmware sends the command when a new application is installed on a partition in the data processing system or when an application already installed on a partition sends a request for a short lived secure partition to the partition management firmware.
  - 10. The computer implemented method of claim 8, wherein the command comprises instructions to setup one of a dynamic partition, a virtual partition, or a logical partition.
  - 11. The computer implemented method of claim 1, wherein allocating system resources to the short lived secure partition includes providing portions of an operating system, encapsulating the operating system, or cloning the operating system and restricting a number of operating system access commands to run in the short lived secure partition.
  - 12. The computer implemented method of claim 11, wherein the short lived secure partition is cloned as a copy of an unsecured existing partition, and wherein hardware identifiers or software identifiers obtained from the unsecured existing partition are masked in the cloned short lived secure partition to respond only to secure requests.
  - 13. The computer implemented method of claim 1, further comprising:
    - creating additional short lived secure partitions to form a pool of short lived secure partitions;
      
      using a short lived secure partition in the pool of short lived secure partitions to process one or more transactions; and
      
      responsive to the short lived secure partition processing the transaction, flushing the short lived secure partition before returning the short lived secure partition to the pool.
  - 14. The computer implemented method of claim 13, further comprising:
    - determining a number of short lived secure partitions existing in the pool;
      
      responsive to the number of short lived secure partitions reaching a minimum threshold, creating more short lived secure partitions in the pool; and
      
      responsive to the number of short lived secure partitions reaching a deletion threshold, deleting the pool and using one of the unsecured existing partition or a dynamically created secure partition to process the one or more transactions.

15. A data processing system for configuring a short lived secure partition in a data processing system, the data processing system comprising:
- a bus;
  
  a storage device connected to the bus, wherein the storage device contains computer usable code;
  
  at least one managed device connected to the bus;
  
  a communications unit connected to the bus; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code to receive a command to create a short lived secure partition for a secure application;
  
  create the short lived secure partition in the data processing system, the short lived secure partition being inaccessible by superusers or other applications;
  
  allocate system resources comprising physical resources and virtual allocations of the physical resources to the short lived secure partition; and
  
  load hardware and software components needed to run the secure application in the short lived secure partition.

16. A computer program product for configuring a short lived secure partition in a data processing system, the computer program product comprising:
- a computer usable medium having computer usable program code tangibly embodied thereon, the computer usable program code comprising;
  
  computer usable program code for receiving a command to create a short lived secure partition for a secure application, the short lived secure partition being inaccessible by superusers or other applications;
  
  computer usable program code for creating the short lived secure partition in the data processing system;
  
  computer usable program code for allocating system resources comprising physical resources and virtual allocations of the physical resources to the short lived secure partition; and
  
  computer usable program code for loading hardware and software components needed to run the secure application in the short lived secure partition.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, further comprising.computer usable program code for freeing up space allocated to the short lived secure partition and system resources in response to the short lived secure application completing its processing.
  - 18. The computer program product of claim 16, wherein the computer usable program code for allocating system resources to the short lived secure partition includes computer usable program code for providing portions of an operating system, computer usable program code for encapsulating the operating system, or computer usable program code for cloning the operating system and restricting a number of operating system access commands to run in the short lived secure partition, wherein the short lived secured partition is cloned as a copy of an existing partition, and wherein hardware identifiers or software identifiers obtained from the existing partition are masked in the cloned short lived secured partition to respond only to secure requests.
  - 19. The computer program product of claim 16, further comprising:
    - computer usable program code for creating additional short lived secure partitions to form a pool of short lived secure partitions;
      
      computer usable program code for using a short lived secure partition in the pool of short lived secure partitions to process one or more transactions; and
      
      computer usable program code for flushing the short lived secure partition before returning the short lived secure partition to the pool in response to the short lived secure partition processing the transaction.
  - 20. The computer program product of claim 19, further comprising:
    - computer usable program code for determining a number of short lived secure partitions existing in the pool;
      
      computer usable program code for creating more short lived secure partitions in the pool in response to the number of short lived secure partitions reaching a minimum threshold; and
      
      computer usable program code for deleting the pool and using one of the unsecured existing partition or a dynamically created secure partition to process the one or more transactions in response to the number of short lived secure partitions reaching a deletion threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Weber, Lynne Marie, Zimmer, Linda Ann, Dunshea, Andrew, Accapadi, Jos Manuel

Granted Patent

US 8,424,078 B2
Time in Patent Office

Days
Field of Search
US Class Current

700/28
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/80   in storage media based on m...

G06F 9/5061   Partitioning or combining o...

METHODOLOGY FOR SECURE APPLICATION PARTITIONING ENABLEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODOLOGY FOR SECURE APPLICATION PARTITIONING ENABLEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links