INDIVIDUALIZED AUDIT LOG ACCESS CONTROL FOR VIRTUAL MACHINES

US 20150350214A1
Filed: 10/09/2014
Published: 12/03/2015
Est. Priority Date: 05/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computing system to control access to audit logging resources by virtual machines, the method comprising:

in an authorization system, receiving requests for audit credentials from virtual machines, and responsively providing individualized audit credentials to the virtual machines based at least on identities of the virtual machines;

in the audit system, authorizing storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data; and

in the authorization system, selectively de-authorizing one or more of the virtual machines and reporting information regarding the de-authorized one or more of the virtual machines to the one or more audit systems.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To provide enhanced operation of computing systems to control access to audit logging resources by virtual machines, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system is provided. The method includes receiving requests for audit credentials from virtual machines, and responsively providing individualized audit credentials to the virtual machines based at least on identities of the virtual machines. The method also includes, in the audit system, authorizing storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data. The method also includes, in the authorization system, selectively de-authorizing one or more of the virtual machines and reporting information regarding the de-authorized one or more of the virtual machines to the one or more audit systems.

Citations

20 Claims

1. A method of operating a computing system to control access to audit logging resources by virtual machines, the method comprising:
- in an authorization system, receiving requests for audit credentials from virtual machines, and responsively providing individualized audit credentials to the virtual machines based at least on identities of the virtual machines;
  
  in the audit system, authorizing storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data; and
  
  in the authorization system, selectively de-authorizing one or more of the virtual machines and reporting information regarding the de-authorized one or more of the virtual machines to the one or more audit systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the identities of the virtual machines each comprise a unique number generated by the associated virtual machine.
  - 3. The method of claim 1, wherein the identities of the virtual machines comprise network addresses of the virtual machines.
  - 4. The method of claim 1, wherein the identities of the virtual machines comprise access tokens provided to the virtual machines during instantiation of the virtual machines.
  - 5. The method of claim 1, wherein authorizing storage of the audit data transferred by the virtual machines comprises checking the individualized audit credentials with the authorization system and responsively receiving an authorization status transferred by the authorization system.
  - 6. The method of claim 1, wherein providing the individualized audit credentials to the virtual machines comprises identifying the individualized audit credentials for each of the virtual machines to be different among each of the virtual machines.
  - 7. The method of claim 1, wherein selectively de-authorizing the one or more of the virtual machines comprises determining when the one or more of the virtual machines has been de-instantiated, and responsively de-authorizing the individualized audit credentials of the de-authorized virtual machines.
  - 8. The method of claim 1, wherein the information regarding the de-authorized one or more of the virtual machines comprises the individualized audit credentials of the de-authorized virtual machines.
  - 9. The method of claim 1, further comprising:
    - in the one or more audit systems, storing the audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data.
  - 10. The method of claim 9, further comprising:
    - in the authorization system, receiving authorization check messages transferred by the one or more audit systems, and responsively providing authorization status messages for delivery to the one or more audit systems indicating if associated virtual machines are authorized to store the audit data.

11. A computer apparatus to operate a computing system to control access to audit logging resources by virtual machines, the apparatus comprising:
- software instructions configured, when executed by one or more computing systems, to direct the one or more computing systems to;
  
  in an authorization system, receive requests for audit credentials from virtual machines, and responsively provide individualized audit credentials to the virtual machines based at least on identities of the virtual machines;
  
  in the audit system, authorize storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data;
  
  in the authorization system, selectively de-authorize one or more of the virtual machines and report information regarding the de-authorized one or more of the virtual machines to the one or more audit systems; and
  
  at least one non-transitory computer-readable storage medium storing the software instructions.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer apparatus of claim 11, wherein the identities of the virtual machines each comprise a unique number generated by the associated virtual machine.
  - 13. The computer apparatus of claim 11, wherein the identities of the virtual machines comprise network addresses of the virtual machines.
  - 14. The computer apparatus of claim 11, wherein the identities of the virtual machines comprise access tokens provided to the virtual machines during instantiation of the virtual machines.
  - 15. The computer apparatus of claim 11, where the software instructions are configured, when executed by one or more computing systems, to direct the one or more computing systems to:
    - authorize storage of the audit data transferred by the virtual machines by at least checking the individualized audit credentials with the authorization system and responsively receiving an authorization status transferred by the authorization system.
  - 16. The computer apparatus of claim 11, where the software instructions are configured, when executed by one or more computing systems, to direct the one or more computing systems to:
    - provide the individualized audit credentials to the virtual machines by at least identifying the individualized audit credentials for each of the virtual machines to be different among each of the virtual machines.
  - 17. The computer apparatus of claim 11, where the software instructions are configured, when executed by one or more computing systems, to direct the one or more computing systems to:
    - selectively de-authorize the one or more of the virtual machines by at least determining when the one or more of the virtual machines has been de-instantiated, and responsively de-authorizing the individualized audit credentials of the de-authorized virtual machines.
  - 18. The computer apparatus of claim 11, wherein the information regarding the de-authorized one or more of the virtual machines comprises the individualized audit credentials of the de-authorized virtual machines.
  - 19. The computer apparatus of claim 11, with further software instructions configured, when executed by one or more computing systems, to direct the one or more computing systems to:
    - in the one or more audit systems, store the audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data.
  - 20. The computer apparatus of claim 19, with further software instructions configured, when executed by one or more computing systems, to direct the one or more computing systems to:
    - in the authorization system, receive authorization check messages transferred by the one or more audit systems, and responsively provide authorization status messages for delivery to the one or more audit systems indicating if associated virtual machines are authorized to store the audit data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CyberArk Software Ltd.
Original Assignee
Conjur, Inc. (CyberArk Software Ltd.)
Inventors
Gilpin, Kevin, Lawler, Elizabeth

Granted Patent

US 9,985,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1425   Traffic logging, e.g. anoma...

INDIVIDUALIZED AUDIT LOG ACCESS CONTROL FOR VIRTUAL MACHINES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INDIVIDUALIZED AUDIT LOG ACCESS CONTROL FOR VIRTUAL MACHINES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links