SECURITY VIRTUAL MACHINE FOR ADVANCED AUDITING
First Claim
1. A computer-implemented method for receiving auditing information, the method comprising:
- receiving an indication to start collecting auditing information from one or more protected virtual machines from outside of the protected virtual machines;
identifying an auditing information source, wherein the source indicates a protected virtual machine;
receiving auditing information from the identified source; and
storing the received auditing information in a location outside of the protected virtual machine along with identifying information of the source,wherein the preceding steps are performed by at least one processor.
2 Assignments
0 Petitions
Accused Products
Abstract
A security system collects an audit trail on a computer outside of a boundary created by one or more virtual machines. The security system uses a privileged virtual machine to collect audit logs for each protected virtual machine. As the protected virtual machines run, they send auditing information to the privileged virtual machine. The privileged virtual machine can collect auditing information from protected virtual machines much more quickly than a network server, as well as collecting auditing events from multiple protected virtual machines. Because the auditing destination is located on the same computer as the virtual machine monitored by the audit trail, no network dependency is present. Thus, the security system allows for monitoring the activity of administrators and other users while preventing tampering with the audit trail of each user'"'"'s actions.
-
Citations
20 Claims
-
1. A computer-implemented method for receiving auditing information, the method comprising:
-
receiving an indication to start collecting auditing information from one or more protected virtual machines from outside of the protected virtual machines; identifying an auditing information source, wherein the source indicates a protected virtual machine; receiving auditing information from the identified source; and storing the received auditing information in a location outside of the protected virtual machine along with identifying information of the source, wherein the preceding steps are performed by at least one processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for securely collecting auditing information, the system comprising:
-
a processor and memory configured to execute software instructions; a host component configured to provide a root partition that hosts one or more virtual child partitions that each includes a protected virtual machine; a virtualization component configured to abstract differences between physical hardware associated with the computer system and virtual hardware provided to each virtual machine; an audit component configured to receive auditing information from each of the protected virtual machines; and a communication component configured to provide a channel through which the audit component receives auditing information from the protected virtual machines. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable storage medium comprising instructions for controlling a computer system to configure a privileged virtual machine, wherein the instructions, when executed, cause a processor to perform actions comprising:
-
receiving configuration information defining the privileged virtual machine; selecting one or more protected virtual machines for which the privileged virtual machine will be authorized to collect auditing information; setting a communication method that will be used by the protected virtual machines to send auditing information to the privileged virtual machine; setting a log destination to store the auditing information that the privileged virtual machine collects; and authorizing the privileged virtual machine to collect audit information from the selected protected virtual machines. - View Dependent Claims (20)
-
Specification