METHODS, HARDWARE PRODUCTS, AND COMPUTER PROGRAM PRODUCTS FOR IMPLEMENTING INTROSPECTION DATA COMPARISON UTILIZING HYPERVISOR GUEST INTROSPECTION DATA
First Claim
1. A method for implementing introspection data comparison utilizing hypervisor guest introspection data, the method comprising:
- using a hypervisor shim on a hypervisor to construct one or more workload management components that are independent from a participating pool member of a pool comprising a guest having a guest memory and a guest operating system;
the hypervisor collecting a first set of data;
the guest sending a second set of data comprising guest memory data from the guest memory;
comparing the first set of data with the second set of data to detect at least one of a potential security intrusion or an anomalous deviation between the first set of data and the second set of data; and
a policy manager taking action based upon a result of the comparison of the first and second sets of data.
1 Assignment
0 Petitions
Accused Products
Abstract
Introspection data comparison is implemented utilizing hypervisor guest introspection data. A hypervisor shim on a hypervisor is used to construct one or more workload management components that are independent from a participating pool member of a pool comprising a guest having a guest memory and a guest operating system. The hypervisor collects a first set of data. The guest sends a second set of data comprising guest memory data from the guest memory. The first set of data is compared with the second set of data to detect at least one of a potential security intrusion or an anomalous deviation between the first set of data and the second set of data. A policy manager takes action based upon a result of the comparison of the first and second sets of data.
50 Citations
18 Claims
-
1. A method for implementing introspection data comparison utilizing hypervisor guest introspection data, the method comprising:
-
using a hypervisor shim on a hypervisor to construct one or more workload management components that are independent from a participating pool member of a pool comprising a guest having a guest memory and a guest operating system; the hypervisor collecting a first set of data; the guest sending a second set of data comprising guest memory data from the guest memory; comparing the first set of data with the second set of data to detect at least one of a potential security intrusion or an anomalous deviation between the first set of data and the second set of data; and a policy manager taking action based upon a result of the comparison of the first and second sets of data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product for implementing introspection data comparison utilizing hypervisor guest introspection data, the computer program product including a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for facilitating a method including:
-
using a hypervisor shim on a hypervisor to construct one or more workload management components that are independent from a participating pool member of a pool comprising a guest having a guest memory and a guest operating system; the hypervisor collecting a first set of data; the guest sending a second set of data comprising guest memory data from the guest memory; comparing the first set of data with the second set of data to detect at least one of a potential security intrusion or an anomalous deviation between the first set of data and the second set of data; and a policy manager taking action based upon a result of the comparison of the first and second sets of data. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A hardware product for implementing introspection data comparison utilizing hypervisor guest introspection data, the hardware product including a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for facilitating a method including:
-
using a hypervisor shim on a hypervisor to construct one or more workload management components that are independent from a participating pool member of a pool comprising a guest having a guest memory and a guest operating system; the hypervisor collecting a first set of data; the guest sending a second set of data comprising guest memory data from the guest memory; comparing the first set of data with the second set of data to detect at least one of a potential security intrusion or an anomalous deviation between the first set of data and the second set of data; and a policy manager taking action based upon a result of the comparison of the first and second sets of data. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification