Undefeatable transformation for virtual machine I/O operations
First Claim
1. A non-transitory medium embodying a computer program, the computer program controlling input/output (I/O) operations of a user'"'"'s computer, the user'"'"'s computer being implemented as a virtual machine (VM) in a physical computer system, the physical computer system including at least one device, the computer program comprising:
- an interface software component interfacing with the VM and the physical computer system, the interface software component causing a central processing unit (CPU) of the physical computer system to perform the following operations;
sensing a request for an I/O operation between the VM and the device; and
performing a transformation of I/O data passing between the VM and the device, said transformation changing contents of the I/O data and being adjunct to complete servicing of the request, as issued, for the I/O operation;
the transformation of the I/O data thereby being undefeatable by any user action via the VM.
0 Assignments
0 Petitions
Accused Products
Abstract
I/O operations between a virtual machine (VM) and a device external to the VM are monitored by a virtual machine monitor (VMM). Data passing between the VM and the external device is transformed by the VMM, in some cases only when a predetermined filtering or triggering condition is met. Because the VMM, and thus the transformation operation, is transparent to the VM, the transformation cannot be prevented or undone or even affected by any action by a user of the VM. Examples of the non-defeatable transformation of I/O data include generating display overlays such as banners, masking out portions of a display, encryption, compression and network shaping such as bandwidth limiting.
-
Citations
32 Claims
-
1. A non-transitory medium embodying a computer program, the computer program controlling input/output (I/O) operations of a user'"'"'s computer, the user'"'"'s computer being implemented as a virtual machine (VM) in a physical computer system, the physical computer system including at least one device, the computer program comprising:
an interface software component interfacing with the VM and the physical computer system, the interface software component causing a central processing unit (CPU) of the physical computer system to perform the following operations; sensing a request for an I/O operation between the VM and the device; and performing a transformation of I/O data passing between the VM and the device, said transformation changing contents of the I/O data and being adjunct to complete servicing of the request, as issued, for the I/O operation; the transformation of the I/O data thereby being undefeatable by any user action via the VM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
13. The non-transitory medium of 11, wherein:
-
the requested I/O operation is a transfer of the I/O data between the VM and the network connection device; and the transformation is a time delay of the transfer.
-
-
27. A non-transitory medium embodying a computer program, the computer program controlling input/output (I/O) of a user'"'"'s computer, the user'"'"'s computer being implemented as a virtual machine (VM) in a physical computer system, the physical computer system including at least one device that carries out an I/O operation on the basis of device control data, the computer program causing a central processing unit (CPU) of a physical computer system to perform the following steps:
-
loading an interface software component that interfaces with the VM and the physical computer system; storing the device control data associated with the VM in a buffer; and upon sensing a transformation command from an administrative system external to the VM, causing the interface software component to change contents of the device control data by entering replacement data into at least a portion of the buffer, said replacement data being entered as a processing step that is adjunct to completion of the I/O operation, the entry of the replacement data thereby being undefeatable by any action initiated via the VM. - View Dependent Claims (28, 29, 30, 31, 32)
-
Specification