System and Methods for Enforcing Software License Compliance with Virtual Machines
First Claim
1. A method of securely controlling execution of a computer program within a virtual machine, the virtual machine providing an execution environment for a guest operating system, the virtual machine being configured for execution by way of system level virtualization software executing on a current host platform, the current host platform comprising at least one central processing unit having access to mass storage device, said method comprising:
- executing a policy enforcer outside of the virtual machine, the policy enforcer accessing policies stored by the mass storage device, the policies identifying one or more hardware platforms for which the virtual machine is authorized to execute, the policy enforcer determining whether the current host platform matches one of the hardware platforms identified by the policies;
prohibiting the virtual machine from executing on the current host platform when the policies do not indicate that the virtual machine is permitted to execute on the current host platform; and
permitting the virtual machine to execute on the current host platform when the policies indicate that the virtual machine is permitted to execute on the current host platform.
2 Assignments
0 Petitions
Accused Products
Abstract
A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.
162 Citations
21 Claims
-
1. A method of securely controlling execution of a computer program within a virtual machine, the virtual machine providing an execution environment for a guest operating system, the virtual machine being configured for execution by way of system level virtualization software executing on a current host platform, the current host platform comprising at least one central processing unit having access to mass storage device, said method comprising:
-
executing a policy enforcer outside of the virtual machine, the policy enforcer accessing policies stored by the mass storage device, the policies identifying one or more hardware platforms for which the virtual machine is authorized to execute, the policy enforcer determining whether the current host platform matches one of the hardware platforms identified by the policies; prohibiting the virtual machine from executing on the current host platform when the policies do not indicate that the virtual machine is permitted to execute on the current host platform; and permitting the virtual machine to execute on the current host platform when the policies indicate that the virtual machine is permitted to execute on the current host platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A machine readable medium embodying instructions for causing a computer system to securely control execution of a computer program within a virtual machine, the virtual machine providing an execution environment for a guest operating system, the virtual machine being configured for execution by way of system level virtualization software on a current host platform, the current host platform comprising at least one central processing unit having access to mass storage device, the instructions including:
-
instructions causing the virtualization software to identify a policy associated with the virtual machine, the policy including properties indicating whether one or more of a plurality of virtual input/output devices are to be disabled for the virtual machine; instructions disabling each virtual input/output device of the virtual machine that corresponds to input/output devices identified in the policy. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of securely controlling the execution of a software program within a virtual machine as executed on a host computer system, said method comprising the steps of:
-
securely restricting execution of a virtual machine to an authoritatively identified host computer system; and securely restricting execution of a software program within said virtual machine to an authoritatively identified instance of said virtual machine, said software program being executable on a virtual host computer system encapsulated within said virtual machine; wherein; said securely restricting execution of the virtual machine selectively provides for the termination of execution of said virtual machine on non-authoritatively identified host computer systems, and said securely restricting execution of the software program selectively provides for the termination of execution of said software program within non-authoritatively identified virtual machines. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification