Method and apparatus to protect policy state information during the life-time of virtual machines
First Claim
Patent Images
1. A computer implemented method for protecting policy state information during the lifetime of a virtual machine, the computer implemented method comprising:
- creating by a processing unit of a data processing system a source policy in combination with a first extension;
creating by the processing unit a mapping policy, wherein the mapping policy maps between the source policy and a binary policy; and
contains a second extension and a hash of the source policy and the first extension;
creating by the processing unit the binary policy, wherein the binary policy contains a hash of the mapping policy and the second extension; and
wherein the source policy, the mapping policy, and the binary policy form a chain of different representations of a security policy, wherein the first extension and the second extension are user defined and are used to customize the security policy to a particular environment; and
determining compatibility of the security policy with another security policy using the binary policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These policies are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
-
Citations
20 Claims
-
1. A computer implemented method for protecting policy state information during the lifetime of a virtual machine, the computer implemented method comprising:
-
creating by a processing unit of a data processing system a source policy in combination with a first extension; creating by the processing unit a mapping policy, wherein the mapping policy maps between the source policy and a binary policy; and
contains a second extension and a hash of the source policy and the first extension;creating by the processing unit the binary policy, wherein the binary policy contains a hash of the mapping policy and the second extension; and
wherein the source policy, the mapping policy, and the binary policy form a chain of different representations of a security policy, wherein the first extension and the second extension are user defined and are used to customize the security policy to a particular environment; anddetermining compatibility of the security policy with another security policy using the binary policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer usable medium having computer usable program code stored thereon for protecting policy state information during the lifetime of a virtual machine, the computer usable program code comprising:
-
computer usable program code for creating a source policy in combination with a first extension; computer usable program code for creating a mapping policy, wherein the mapping policy maps between the source policy and a binary policy; and
contains a second extension and a hash of the source policy and the first extension; andcomputer usable program code for creating the binary policy, wherein the binary policy contains a hash of the mapping policy and the second extension; and
wherein the source policy, the mapping policy; and
the binary policy form a chain of different representations of a security policy, wherein the first extension and the second extension are user defined and are used to customize the security policy to a particular environment; anddetermining compatibility of the security policy with another security policy using the binary policy. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A data processing system for protecting policy state information during the lifetime of a virtual machine, said data processing system comprising:
-
a storage device for storing computer usable program code; and a processor for executing the computer usable program code for creating a source policy in combination with a first extension;
creating a mapping policy, wherein the mapping policy maps between the source policy and a binary policy; and
contains a second extension and a hash of the source policy and the first extension;
creating the binary policy, wherein the binary policy contains a hash of the mapping policy and the second extension; and
wherein the source policy, the mapping policy, and the binary policy form a chain of different representations of a security policy, wherein the first extension and the second extension are user defined and are used to customize the security policy to a particular environment; and
determining compatibility of the security policy with another security policy using the binary policy. - View Dependent Claims (18, 19, 20)
-
Specification