Approaches for Protecting Sensitive Data Within a Guest Operating System

US 20130191924A1
Filed: 01/25/2012
Published: 07/25/2013
Est. Priority Date: 01/25/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:

in response to receiving data that identifies where, within an operating system, sensitive data is located, writing dummy data over physical locations on disk at which the sensitive data is stored to create a resulting operating system; and

supplying the resulting operating system for use as the guest operating system by the virtual machine.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.

Citations

21 Claims

1. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
- in response to receiving data that identifies where, within an operating system, sensitive data is located, writing dummy data over physical locations on disk at which the sensitive data is stored to create a resulting operating system; and
  
  supplying the resulting operating system for use as the guest operating system by the virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-readable storage medium of claim 1, wherein the dummy data is data that has no meaningful interpretation.
  - 3. The computer-readable storage medium of claim 1, wherein writing dummy data comprises:
    - writing the dummy data over either a file, one or more blocks, or a portion of a block which is less than the entire block.
  - 4. The computer-readable storage medium of claim 1, wherein execution of the instructions further cause:
    - identifying where, within the operating system, the sensitive data is located based, at least in part, upon portions of the operating system that a newly added user cannot access.
  - 5. The computer-readable storage medium of claim 1, wherein the virtual machine is instantiated with a template and a copy-on-write process, and wherein the template comprises instructions for instantiating the guest operating system.
  - 6. The computer-readable storage medium of claim 5, wherein the template specifies the contents of a registry of the guest operating system.

7. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors cause:
- in response to receiving data that identifies where, within an operating system, sensitive data is located, performing a delete operation on the sensitive data to create a resulting operating system; and
  
  converting the resulting operating system into a serialized operating system;
  
  converting the serialized operating system into a deserialized operating system; and
  
  supplying the deserialized operating system for use as the guest operating system by the virtual machine.
- View Dependent Claims (8, 9)
- - 8. The computer-readable storage medium of claim 7, wherein execution of the instructions further cause:
    - identifying where, within the operating system, the sensitive data is located based, at least in part, upon portions of the operating system of which a newly added user cannot access.
  - 9. The computer-readable storage medium of claim 7, wherein the sensitive data is still physically stored on disk in the resulting operating system after the performance of the delete operation, and wherein the serialized operating system ceases to comprise the sensitive data.

10. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
- in response to receiving data that identifies where, within a guest operating system, sensitive data is located, updating a data structure to identify where the sensitive data is located within the operating system;
  
  in response to receiving, from a requestor, a request to access a portion of the guest operating system, determining whether the data structure indicates that the requested portion of the guest operating system contains sensitive data; and
  
  upon determining that the requested portion of the guest operating system does contain sensitive data, performing the request by supplying, to the requestor, dummy data without consulting the requested portion of the guest operating system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The computer-readable storage medium of claim 10, wherein the data structure is a first data structure, and execution of the instructions further cause:
    - upon receiving a request to write data to a particular portion of the guest operating system that currently stores sensitive data, updating a second data structure to identify that the particular portion stores updated data instead of the sensitive data.
  - 12. The computer-readable storage medium of claim 11, wherein execution of the instructions further cause:
    - in response to receiving, from a second requestor, a second request to access the particular portion of the guest operating system, determining whether the second data structure identifies any updated data associated with the particular portion; and
      
      upon the second data structure identifying updated data associated with the particular portion, performing the second request by supplying, to the second requestor, the updated data without consulting the particular portion of the guest operating system.
  - 13. The computer-readable storage medium of claim 11, wherein the first data structure and the second data structure are the same data structure.
  - 14. The computer-readable storage medium of claim 10, wherein the first data structure further identifies one or more files of the guest operating system which are not required by the virtual machine.
  - 15. The computer-readable storage medium of claim 10, wherein execution of the instructions further cause:
    - identifying where, within the operating system, the sensitive data is located based, at least in part, upon portions of the operating system that a newly added user cannot access.
  - 16. The computer-readable storage medium of claim 10, wherein the dummy data supplied to the requestor corresponds to a file, one or more blocks, or a portion of a block which is less than the entire block.
  - 17. The computer-readable storage medium of claim 10, wherein the dummy data is data that has no meaningful interpretation.
  - 18. The computer-readable storage medium of claim 10, wherein the dummy data comprises a record that identifies attributes of one or more of the requestor, the request, and the portion of the guest operating system.
  - 19. The computer-readable storage medium of claim 18, wherein the record is stored within persistent storage or memory for the virtual machine, and wherein the record was not generated within the virtual machine.
  - 20. The computer-readable storage medium of claim 10, wherein execution of the instructions by the one or more processors further causes:
    - upon determining that the requested portion of the guest operating system does contain sensitive data, notifying a user that an attempt was made to access the sensitive data.

21. A computer-readable storage medium storing instructions for supplying a guest operating system to a virtual machine, which when executed by one or more processors, cause:
- in response to receiving data that identifies where, within a guest operating system, sensitive data is located, updating a data structure to identify where the sensitive data is located within the operating system;
  
  in response to receiving, from a requestor, a request to access a portion of the guest operating system, determining whether the data structure indicates that the requested portion of the guest operating system contains sensitive data; and
  
  upon determining that the requested portion of the guest operating system does contain sensitive data, informing the requestor that a disk fault has occurred to cause the requestor to abort the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cilag Gmbh International (Johnson & Johnson)
Original Assignee
Bromium Inc (HP Inc.)
Inventors
Pratt, Ian, Kapoor, Vikram, Banga, Gaurav, Tedesco, Gianni, Pole, Anushree, Southgate, Andrew

Granted Patent

US 9,239,909 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/74   operating in dual or compar...

G06F 2221/2143   Clearing memory, e.g. to pr...

Approaches for Protecting Sensitive Data Within a Guest Operating System

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Approaches for Protecting Sensitive Data Within a Guest Operating System

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links