Systems and methods for data encryption using plugins within virtual systems and subsystems
First Claim
1. A method executed by a computer system, the method comprising:
- executing, by a host operating system running on the computer system, an encryption program, a virtual machine monitor, an encryption plug-in, and a file system, wherein the encryption plug-in is configured to interface with the encryption program;
interfacing, via an encryption-application program interface, the virtual machine monitor with the encryption plug-in, wherein the encryption plug-in enables the virtual machine monitor to interface with the encryption program;
executing, by the computer system, a virtual machine, the virtual machine including a virtual hard drive, wherein the virtual machine monitor is configured to store the virtual hard drive within a file in the file system;
providing sector-level encryption by encrypting, by the virtual machine monitor using the encryption program, the file including the virtual hard drive; and
storing, by the host operating system, the file in the file system.
2 Assignments
0 Petitions
Accused Products
Abstract
Several embodiments of the present invention provide a means for improving data access security in computer systems to support high-security applications, and certain of these embodiments are specifically directed to providing sector-level encryption of a virtual hard disk in a virtual machine environment. More specifically, certain embodiments are directed to providing sector-level encryption by using plug-ins in a virtual machine environment, thereby providing improved data access security in a computer system that supports high-security applications. Certain embodiments also use encryption plug-ins associated with standard encryption software for exchanging data between a virtual machine (VM) and its associated virtual hard drive(s) (VHDs). Moreover, several embodiments of the present invention are directed to the use of plug-in encryption services that interface with, and provide services for, a VM via a VM Encryption API (or its equivalent).
77 Citations
22 Claims
-
1. A method executed by a computer system, the method comprising:
-
executing, by a host operating system running on the computer system, an encryption program, a virtual machine monitor, an encryption plug-in, and a file system, wherein the encryption plug-in is configured to interface with the encryption program; interfacing, via an encryption-application program interface, the virtual machine monitor with the encryption plug-in, wherein the encryption plug-in enables the virtual machine monitor to interface with the encryption program; executing, by the computer system, a virtual machine, the virtual machine including a virtual hard drive, wherein the virtual machine monitor is configured to store the virtual hard drive within a file in the file system; providing sector-level encryption by encrypting, by the virtual machine monitor using the encryption program, the file including the virtual hard drive; and storing, by the host operating system, the file in the file system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system, comprising:
-
a processor; a hard drive; a computer readable storage medium operatively coupled to the processor and the hard drive, the computer readable storage medium including instructions that upon execution by the processor cause the computer system to; execute a host operating system, wherein the host operating system is configured to execute a virtual machine monitor, a plurality of encryption programs, a plurality of encryption plug-ins, and a host file system, wherein the virtual machine monitor includes an encryption-application program interface, wherein the encryption plug-ins are configured to interface the virtual machine monitor with the plurality of encryption programs via the encryption-application program interface; execute the virtual machine monitor, the virtual machine monitor configured to execute a virtual machine including a virtual hard drive, the virtual machine configured to execute a guest operating system, the guest operating system including a guest file system that includes metadata; wherein the virtual machine monitor is configured to interface with a first encryption plug-in selected from the plurality of encryption plug-ins; wherein the virtual machine monitor is configured to encrypt, using the first encryption program, a file including the virtual hard drive thereby encrypting the guest file system and the guest file system metadata; wherein the host operating system is configured to store, on the hard drive, the file in the host file system; wherein the virtual machine monitor is configured to determine that the first encryption program was used to encrypt the file; and wherein the virtual machine monitor is configured to decrypt using the first encryption program, the file. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer system, comprising:
-
a processor; a hard drive; a computer readable storage medium operatively coupled to the processor and the hard drive, the computer readable storage medium including instructions that upon execution by the processor cause the computer system to; run a host operating system including a virtual machine monitor, an encryption program, and an encryption plug-in, wherein the encryption plug-in is configured to interface with the encryption program; interface, via an encryption-application program interface, the virtual machine monitor with the encryption plug-in thereby interfacing the virtual machine monitor with the encryption program; execute a virtual machine that includes a virtual hard drive; encrypt, by the virtual machine using the encryption program, a file including the virtual hard drive thereby providing sector-level encryption for virtual hard drive; and store the encrypted file on the hard drive. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A memory device including processor executable instructions, the memory device comprising instructions that upon execution by a processor cause the processor to:
-
host, by a virtual machine monitor, a first partition and a second partition, wherein the first partition includes a virtual machine, the virtual machine including a virtual hard drive; execute an encryption program in a second partition; interface the virtual machine monitor to an encryption plug-in via an encryption-application program interface, wherein the encryption plug-in is configured to interface the virtual machine monitor with the encryption program; encrypt, by the virtual machine using the encryption program, a file including the virtual hard drive thereby providing sector-level encryption for the virtual hard drive; and store the encrypted file on a hard drive. - View Dependent Claims (20, 21, 22)
-
Specification