METHOD AND SYSTEM FOR SECURING VIRTUAL MACHINES BY RESTRICTING ACCESS IN CONNECTION WITH A VULNERABILITY AUDIT
First Claim
Patent Images
1. A method for securing a virtual machine on a host system, the method comprising:
- intercepting an initiation signal from the host system generated upon startup of the virtual machine, a network connection on the host system being accessible by the virtual machine to communicate over a network;
restricting the network connection to the virtual machine in response to the initiation signal;
querying the virtual machine for preexisting vulnerabilities;
receiving the preexisting vulnerabilities from the virtual machine; and
controlling access by the virtual machine to the network connection on the host system based upon a comparison of a security policy to the received preexisting vulnerabilities, the security policy including vulnerability definitions associated with the virtual machine.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for securing a virtual machine is disclosed. An initiation signal from the host system that is generated upon startup of the virtual machine is intercepted, and a network connection on the host system accessible by the virtual machine is restricted in response. Then, the virtual machine is queried for preexisting vulnerabilities, and such data is received. Access by the virtual machine to the network connection is controlled based upon a comparison of a security policy, which is associated with the virtual machine, to the received preexisting vulnerabilities.
-
Citations
23 Claims
-
1. A method for securing a virtual machine on a host system, the method comprising:
-
intercepting an initiation signal from the host system generated upon startup of the virtual machine, a network connection on the host system being accessible by the virtual machine to communicate over a network; restricting the network connection to the virtual machine in response to the initiation signal; querying the virtual machine for preexisting vulnerabilities; receiving the preexisting vulnerabilities from the virtual machine; and controlling access by the virtual machine to the network connection on the host system based upon a comparison of a security policy to the received preexisting vulnerabilities, the security policy including vulnerability definitions associated with the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A virtual machine vulnerability assessment system comprising:
-
a monitor module in communication with a host system for a virtual machine, the host system being in communication with the virtual machine, and a startup signal being receivable by the monitor module at the instantiation of the virtual machine; a scanning engine activatable by the monitor module, the scanning engine being in communication with the virtual machine to detect vulnerabilities of the virtual machine; a security policy associated with the scanning engine and including a plurality of vulnerability definitions; and a policy execution module in communication with the scanning engine, access to the network interface from the virtual machine being controlled based upon a correlation of the detected vulnerabilities to the vulnerability definitions. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer readable medium having computer-executable instructions for performing a method for securing a virtual machine on a host system, the method comprising:
-
intercepting an initiation signal from the host system generated upon startup of the virtual machine, a network connection on the host system being accessible by the virtual machine; restricting the network connection to the virtual machine in response to the initiation signal; querying the virtual machine for preexisting vulnerabilities; receiving the preexisting vulnerabilities from the virtual machine; controlling access by the virtual machine to the network connection on the host system based upon a comparison of a security policy to the received preexisting vulnerabilities, the security policy including vulnerability definitions associated with the virtual machine.
-
Specification