UNDEFEATABLE TRANSFORMATION FOR VIRTUAL MACHINE I/O OPERATIONS

US 20120054747A1
Filed: 11/04/2011
Published: 03/01/2012
Est. Priority Date: 04/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method for controlling input/output (I/O) operations of a virtual machine (VM), the method comprising:

receiving a request, at an I/O control component, for an I/O operation between the VM and a device, the I/O control component being integrated with virtualization software that implements the VM;

performing a transformation of I/O data passing between the VM and the device, the transformation changing contents of the I/O data and being adjunct to necessary completion of the request, as issued, for the I/O operation;

the transformation of the I/O data thereby being undefeatable by any user action via the VM.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

I/O operations between a virtual machine (VM) and a device external to the VM are monitored by a virtual machine monitor (VMM). Data passing between the VM and the external device is transformed by the VMM, in some cases only when a predetermined filtering or triggering condition is met. Because the VMM, and thus the transformation operation, is transparent to the VM, the transformation cannot be prevented or undone or even affected by any action by a user of the VM. Examples of the non-defeatable transformation of I/O data include generating display overlays such as banners, masking out portions of a display, encryption, compression and network shaping such as bandwidth limiting.

Citations

27 Claims

1. A method for controlling input/output (I/O) operations of a virtual machine (VM), the method comprising:
- receiving a request, at an I/O control component, for an I/O operation between the VM and a device, the I/O control component being integrated with virtualization software that implements the VM;
  
  performing a transformation of I/O data passing between the VM and the device, the transformation changing contents of the I/O data and being adjunct to necessary completion of the request, as issued, for the I/O operation;
  
  the transformation of the I/O data thereby being undefeatable by any user action via the VM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising determining whether a predetermined filtering condition is met, wherein the performing of the transformation of the I/O data occurs only when the predetermined filtering condition is met.
  - 3. The method of claim 2, wherein the filtering condition is that the I/O data includes at least one restricted term.
  - 4. The method of claim 2, wherein the filtering condition is that the I/O data is from a restricted source.
  - 5. The method of claim 2, wherein:
    - the I/O data includes image data;
      
      the filtering condition is a presence of a representation of a target image within the image data; and
      
      the transformation is a substitution of a representation of a replacement image in place of the representation of the target image.
  - 6. The method of claim 5, wherein:
    - the I/O data is a non-character image format;
      
      the target image is a representation of a restricted character string; and
      
      the determining of whether the predetermined filtering condition is met comprises applying character recognition to the I/O data to detect the presence of the restricted character string.
  - 7. The method of claim 2, wherein the filtering condition is the presence in the I/O data of a copy protection indication.
  - 8. The method of claim 2, wherein:
    - the VM supports a plurality of I/O modes;
      
      the determining of whether the predetermined filtering condition comprises analyzing I/O data corresponding to a first one of the plurality of I/O modes; and
      
      the transformation is applied to I/O data in a second one of the I/O modes when the I/O data corresponding to the first I/O mode satisfies a transformation-triggering criterion.
  - 9. The method of claim 1, wherein the transformation comprises insertion into the I/O data a source indication associated with the VM.
  - 10. The method of claim 1, wherein the transformation of the I/O data comprises cryptographic transformation of the I/O data.
  - 11. The method of claim 1, wherein:
    - the device is a display;
      
      the I/O data is VM display data output from the VM and directed to a virtual display; and
      
      the transformation is a replacement of at least a portion of the VM display data with non-defeatable display data stored external to the VM.
  - 12. The method of claim 11, further comprising displaying the VM display data with the non-defeatable display data overlaid.
  - 13. The method of claim 11, wherein the transformation comprises changing all occurrences in the VM display data of a display color to a replacement color.
  - 14. The method of claim 1, wherein the device is a network connection device.
  - 15. The method of claim 14, wherein:
    - the requested I/O operation is a transfer of the I/O data from the VM to a first destination address via the network connection device; and
      
      the transformation is a redirection of the I/O data to a second destination address different from the first destination address.
  - 16. The method of claim 14, wherein:
    - the requested I/O operation is a transfer of data between the VM and the network connection device; and
      
      the performing of the transformation comprises changing at least a portion of the data during the transfer between the VM and the network connection device.
  - 17. The method of claim 16, wherein the changing of at least the portion of the data comprises encrypting data written by the VM to the network connection device, or decrypting data read by the VM from the network connection device.
  - 18. The method of claim 16, wherein the transformation of the I/O data comprises compressing data written by the VM to the network connection or decompressing data read by the VM from the network connection device.
  - 19. The method of claim 1, wherein:
    - the device is a data storage device;
      
      the requested I/O operation is a transfer of data between the VM and the data storage device; and
      
      the transformation comprises changing at least a portion of the data during the transfer between the VM and the storage device.
  - 20. The method of claim 19, wherein the transformation comprises encrypting data written by the VM to the data storage device and decrypting data read by the VM from the data storage device.
  - 21. The method of claim 19, wherein the transformation of the I/O data comprises compressing data written by the VM to the data storage device and decompressing data read by the VM from the data storage device.

22. A method for controlling input/output (I/O) operations of a virtual machine (VM), the method comprising:
- receiving a request, at an I/O control component, for an I/O operation between the VM and a device, the I/O control component being integrated with virtualization software that implements the VM; and
  
  performing a transformation of I/O data passing between the VM and the device, the transformation changing a timing of the I/O operation and being adjunct to necessary completion of the request, as issued, for the I/O operation, the transformation of the I/O data thereby being undefeatable by any user action via the VM.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein the device is a network connection device and the transformation is a bandwidth limiting of the I/O data being transferred between the VM and the network connection device.
  - 24. The method of claim 22, wherein the device is a network connection device and the I/O operation is a transfer of I/O data between the VM and the network connection device, and the transformation is a time delay of the transfer.

25. A non-transitory machine readable medium for controlling input/output (I/O) operations of a virtual machine (VM), the machine readable medium embodying instructions causing a computer system to implement a method, the method comprising:
- receiving a request, at an I/O control component, for an I/O operation between the VM and a device, the I/O control component being integrated with virtualization software that implements the VM; and
  
  performing a transformation of I/O data passing between the VM and the device, the transformation changing a timing of the I/O operation and being adjunct to necessary completion of the request, as issued, for the I/O operation, the transformation of the I/O data thereby being undefeatable by any user action via the VM.
- View Dependent Claims (26, 27)
- - 26. The machine readable medium of claim 25, wherein the device is a network connection device and the transformation is a bandwidth limiting of the I/O data being transferred between the VM and the network connection device.
  - 27. The machine readable medium of claim 25, wherein the device is a network connection device and the I/O operation is a transfer of I/O data between the VM and the network connection device, and the transformation is a time delay of the transfer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VMware, Inc. (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
WALDSPURGER, Carl A., BUGNION, Edouard

Granted Patent

US 8,495,631 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/545   where tasks reside in diffe...

UNDEFEATABLE TRANSFORMATION FOR VIRTUAL MACHINE I/O OPERATIONS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

UNDEFEATABLE TRANSFORMATION FOR VIRTUAL MACHINE I/O OPERATIONS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links