Intelligent security control system for virtualized ecosystems
First Claim
Patent Images
1. A method for maintaining administrative control over logical assets in a virtualized ecosystem, comprising:
- in response to an attempt to manipulate a subject logical asset of the virtualized ecosystem, evaluating, by a computer-based control system communicatively coupled to an underlying physical, computer-based environment abstracted by the virtualized ecosystem, control information for the subject logical asset of the virtualized ecosystem and of an entity attempting administrative manipulation of the subject local asset, wherein the control information includes contextual, behavioral and environmental attributes of the subject logical asset;
deriving from the evaluation, contextualized properties of the subject logical asset, wherein deriving the contextualized properties comprises determining whether (i) the entity attempting the administrative manipulation of the logical asset has sufficient rights to perform such manipulation, and (ii) the attempted administrative manipulation of the subject logical asset will result in a permissible communicative coupling with other logical assets of the virtualized ecosystem or permissible interaction between the subject logical asset and the underlying physical, computer-based environment, thereby determining whether the administrative manipulation is permissible; and
enforcing, by the control system and according to the determination, controls for the subject logical asset to permit or deny the attempted administrative manipulation.
6 Assignments
0 Petitions
Accused Products
Abstract
Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.
130 Citations
41 Claims
-
1. A method for maintaining administrative control over logical assets in a virtualized ecosystem, comprising:
-
in response to an attempt to manipulate a subject logical asset of the virtualized ecosystem, evaluating, by a computer-based control system communicatively coupled to an underlying physical, computer-based environment abstracted by the virtualized ecosystem, control information for the subject logical asset of the virtualized ecosystem and of an entity attempting administrative manipulation of the subject local asset, wherein the control information includes contextual, behavioral and environmental attributes of the subject logical asset; deriving from the evaluation, contextualized properties of the subject logical asset, wherein deriving the contextualized properties comprises determining whether (i) the entity attempting the administrative manipulation of the logical asset has sufficient rights to perform such manipulation, and (ii) the attempted administrative manipulation of the subject logical asset will result in a permissible communicative coupling with other logical assets of the virtualized ecosystem or permissible interaction between the subject logical asset and the underlying physical, computer-based environment, thereby determining whether the administrative manipulation is permissible; and enforcing, by the control system and according to the determination, controls for the subject logical asset to permit or deny the attempted administrative manipulation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
- 22. A system, comprising one or more computer-based resources hosting a virtualized ecosystem that abstracts physical instantiations of an underlying computer-based environment and a control system communicatively coupled to the one or more computer-based resources hosting the virtualized ecosystem, the control system configured for administratively securing logical assets of the virtualized ecosystem by evaluating attempted manipulations of the logical assets in the context of control information for the subject logical assets and entities attempting administrative manipulation of the subject logical assets, and for determining, for each of the attempted manipulations and subject logical assets within the virtualized ecosystem, whether to permit or deny the attempted manipulation, thereby determining whether the administrative manipulation is permissible, wherein the control information includes, for each subject logical asset, contextual, behavioral and environmental attributes concerning controls for interactions amongst the logical assets and their interactions with the underlying computer-based environment abstracted by the virtualized ecosystem.
Specification