INTELLIGENT SECURITY CONTROL SYSTEM FOR VIRTUALIZED ECOSYSTEMS
First Claim
1. A method for securing resources of a virtualized ecosystem, comprising defining and analyzing object handling control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.
6 Assignments
0 Petitions
Accused Products
Abstract
Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.
270 Citations
82 Claims
- 1. A method for securing resources of a virtualized ecosystem, comprising defining and analyzing object handling control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.
- 25. A system, comprising a virtual infrastructure and a security control system communicatively coupled to the virtual infrastructure, the security control system configured for securing resources of the virtual infrastructure by defining and analyzing object handling control information for one or more logical resources in the virtual infrastructure and deriving therefrom object properties for each of the logical resources involved in the execution of one or more virtual machines in any given context within the virtual infrastructure.
-
47. A method of protecting a virtual machine, comprising on bringing an un-protected virtual machine under control of a security control system, establishing a lock on the virtual machine and its associated virtual disk files;
- determining a required level of protection for the virtual machine and encryption tuning parameters;
selecting a cipher algorithm and generating encryption keys according to the encryption tuning parameters;
applying re-formatting changes, if needed;
encrypting sectors of data based on the determined level of protection;
encrypting a symmetric encryption key with an asymmetric public key; and
adding metadata along with the encrypted symmetric key into the virtual machine.
- determining a required level of protection for the virtual machine and encryption tuning parameters;
-
48. A method of un-protecting a protected virtual machine, comprising retrieving metadata from a protected virtual machine disk file;
- retrieving identity and/or location information of an associated asymmetric private key;
decrypting a symmetric encryption key using the asymmetric private key; and
decrypting the protected virtual machine disk file with the symmetric encryption key.
- retrieving identity and/or location information of an associated asymmetric private key;
- 49. A method, comprising, in response to an attempt to manipulate virtual objects that are in a virtualized ecosystem, evaluating and enforcing controls for the manipulation being attempted according to a context within which the attempted manipulation is being performed and the properties of the virtual objects, the controls being embedded within the virtual objects.
Specification