Detection of Unauthorized Use of Virtual Resources
First Claim
1. A method comprising:
- identifying a migration of a virtual machine;
accessing at least one configuration characteristic of the virtual machine based on the migration of the virtual machine;
comparing the at least one configuration characteristic of the virtual machine to an expected value for the at least one configuration characteristic; and
generating data indicative of an error when the at least one configuration characteristic of the virtual machine differs from the expected value for the at least one configuration characteristic.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, an original physical profile file and a configuration baseline are stored for a virtual machine. The physical profile file includes physical characteristics of a physical device running the virtual machine. The configuration baseline includes configuration settings or attributes of the instance of the virtual machine. A network device detects current value for at least one physical characteristic and compares the current value to the original physical profile file. When the current values deviate enough from the original physical profile file to exceed a threshold amount of deviation that is permissible, the network device determines that the virtual machine has been moved to another physical device. In response, the network device monitors current configuration settings or attributes with respect to the configuration baseline in order to detect an unauthorized usage of the virtual machine.
54 Citations
20 Claims
-
1. A method comprising:
-
identifying a migration of a virtual machine; accessing at least one configuration characteristic of the virtual machine based on the migration of the virtual machine; comparing the at least one configuration characteristic of the virtual machine to an expected value for the at least one configuration characteristic; and generating data indicative of an error when the at least one configuration characteristic of the virtual machine differs from the expected value for the at least one configuration characteristic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a storage device configured to store a physical fingerprint of a network device associated with a virtual machine and a configuration profile associated with operation of the virtual machine; and a controller configured to monitor at least one physical characteristic as received from the virtual machine and identify a migration of the virtual machine when the at least one physical characteristic deviates from the physical fingerprint, wherein the controller is further configured to monitor at least one configuration characteristic of the virtual machine and identify unauthorized usage of the virtual machine when the at least one configuration characteristic deviates from the configuration profile. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium containing instructions that when executed are configured to:
-
access a reference physical profile file for a virtual machine, wherein the physical profile file includes physical characteristics of a physical device running the virtual machine; detect a current value for at least one physical characteristic; compare the current value to the reference physical profile file; and in response to a difference between the current value and the original physical profile file, compare at least one configuration characteristic of the virtual machine to a baseline configuration. - View Dependent Claims (18, 19, 20)
-
Specification