Approaches for Protecting Sensitive Data Within a Guest Operating System
First Claim
1. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
- in response to receiving data that identifies where, within an operating system, sensitive data is located, writing dummy data over physical locations on disk at which the sensitive data is stored to create a resulting operating system; and
supplying the resulting operating system for use as the guest operating system by the virtual machine.
3 Assignments
0 Petitions
Accused Products
Abstract
Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.
-
Citations
21 Claims
-
1. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
-
in response to receiving data that identifies where, within an operating system, sensitive data is located, writing dummy data over physical locations on disk at which the sensitive data is stored to create a resulting operating system; and supplying the resulting operating system for use as the guest operating system by the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors cause:
-
in response to receiving data that identifies where, within an operating system, sensitive data is located, performing a delete operation on the sensitive data to create a resulting operating system; and converting the resulting operating system into a serialized operating system; converting the serialized operating system into a deserialized operating system; and supplying the deserialized operating system for use as the guest operating system by the virtual machine. - View Dependent Claims (8, 9)
-
-
10. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
-
in response to receiving data that identifies where, within a guest operating system, sensitive data is located, updating a data structure to identify where the sensitive data is located within the operating system; in response to receiving, from a requestor, a request to access a portion of the guest operating system, determining whether the data structure indicates that the requested portion of the guest operating system contains sensitive data; and upon determining that the requested portion of the guest operating system does contain sensitive data, performing the request by supplying, to the requestor, dummy data without consulting the requested portion of the guest operating system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
-
in response to receiving data that identifies where, within a guest operating system, sensitive data is located, updating a data structure to identify where the sensitive data is located within the operating system; in response to receiving, from a requestor, a request to access a portion of the guest operating system, determining whether the data structure indicates that the requested portion of the guest operating system contains sensitive data; and upon determining that the requested portion of the guest operating system does contain sensitive data, informing the requestor that a disk fault has occurred to cause the requestor to abort the request.
-
Specification