Detection of Unauthorized Use of Virtual Resources

US 20140201732A1
Filed: 01/14/2013
Published: 07/17/2014
Est. Priority Date: 01/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a migration of a virtual machine;

accessing at least one configuration characteristic of the virtual machine based on the migration of the virtual machine;

comparing the at least one configuration characteristic of the virtual machine to an expected value for the at least one configuration characteristic; and

generating data indicative of an error when the at least one configuration characteristic of the virtual machine differs from the expected value for the at least one configuration characteristic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, an original physical profile file and a configuration baseline are stored for a virtual machine. The physical profile file includes physical characteristics of a physical device running the virtual machine. The configuration baseline includes configuration settings or attributes of the instance of the virtual machine. A network device detects current value for at least one physical characteristic and compares the current value to the original physical profile file. When the current values deviate enough from the original physical profile file to exceed a threshold amount of deviation that is permissible, the network device determines that the virtual machine has been moved to another physical device. In response, the network device monitors current configuration settings or attributes with respect to the configuration baseline in order to detect an unauthorized usage of the virtual machine.

54 Citations

View as Search Results

20 Claims

1. A method comprising:
- identifying a migration of a virtual machine;
  
  accessing at least one configuration characteristic of the virtual machine based on the migration of the virtual machine;
  
  comparing the at least one configuration characteristic of the virtual machine to an expected value for the at least one configuration characteristic; and
  
  generating data indicative of an error when the at least one configuration characteristic of the virtual machine differs from the expected value for the at least one configuration characteristic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - storing a physical profile for the virtual machine, wherein the physical profile includes a stored value for at least one physical characteristic of a network device associated with the virtual machine;
      
      accessing a current value of the at least one physical characteristic; and
      
      comparing the current value of the at least one physical characteristic to the stored value of the at least one physical characteristic to identify the migration of the virtual machine based on a difference between the current value of the at least one physical characteristic and the stored value of the at least one physical characteristic.
  - 3. The method of claim 2, wherein the at least one physical characteristic includes interface information, address information, identity information, processor performance information, or virtual machine identification information.
  - 4. The method of claim 2, wherein the current value is a first value, the method further comprising:
    - accessing a second value of the at least one physical characteristic;
      
      comparing the current value of the at least one physical characteristic to the stored value of the at least one physical characteristic; and
      
      identifying a return of the virtual machine when the current value of the at least one physical characteristic matches the stored value of the at least one physical characteristic.
  - 5. The method of claim 1, wherein the data indicative of an error is a warning message for an endpoint associated with the virtual machine.
  - 6. The method of claim 1, wherein the data indicative of an error instructs the virtual machine to be disabled.
  - 7. The method of claim 1, wherein the data indicative of an error indicates an invalid state to the virtual machine.
  - 8. The method of claim 1, further comprising:
    - updating the expected value for the at least one configuration characteristic before the migration of the virtual machine is identified.
  - 9. The method of claim 1, wherein the at least one physical characteristic includes a processor model number.
  - 10. The method of claim 1, wherein the at least one configuration characteristic of the virtual machine includes interface parameters, address parameters, processor parameters, memory parameters, geographic parameters, virtual machine parameters, and user parameters.

11. An apparatus comprising:
- a storage device configured to store a physical fingerprint of a network device associated with a virtual machine and a configuration profile associated with operation of the virtual machine; and
  
  a controller configured to monitor at least one physical characteristic as received from the virtual machine and identify a migration of the virtual machine when the at least one physical characteristic deviates from the physical fingerprint, wherein the controller is further configured to monitor at least one configuration characteristic of the virtual machine and identify unauthorized usage of the virtual machine when the at least one configuration characteristic deviates from the configuration profile.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The apparatus of claim 11, wherein the at least one configuration characteristic includes a time zone.
  - 13. The apparatus of claim 11, wherein the at least one physical characteristic includes interface information, address information, identity information, processor performance information, or virtual machine identification information.
  - 14. The apparatus of claim 11, wherein the at least one configuration characteristic includes a plurality of configuration characteristics and the controller determines when a predetermined number of the configuration characteristics deviate from the configuration profile.
  - 15. The apparatus of claim 11, wherein the storage device is configured to store a weight for each of a plurality of configuration characteristics including the at least one configuration characteristic.
  - 16. The apparatus of claim 11, wherein the controller is configured to generate a warning message based on unauthorized usage of the virtual machine.

17. A non-transitory computer readable medium containing instructions that when executed are configured to:
- access a reference physical profile file for a virtual machine, wherein the physical profile file includes physical characteristics of a physical device running the virtual machine;
  
  detect a current value for at least one physical characteristic;
  
  compare the current value to the reference physical profile file; and
  
  in response to a difference between the current value and the original physical profile file, compare at least one configuration characteristic of the virtual machine to a baseline configuration.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer readable medium of claim 17, wherein the instructions are configured to:
    - in response to a difference between the at least one configuration characteristic of the virtual machine and the baseline configuration, generating an invalidation command.
  - 19. The non-transitory computer readable medium of claim 18, wherein the invalidation command is configured to disable the virtual machine.
  - 20. The non-transitory computer readable medium of claim 18, wherein the difference between the at least one configuration characteristic of the virtual machine includes a time zone difference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Haag, Jeffrey David, Booth, Earl Hardin III, Holland, James Ronald Jr.

Granted Patent

US 10,180,851 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 21/10   Protecting distributed prog...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

Detection of Unauthorized Use of Virtual Resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of Unauthorized Use of Virtual Resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links