Systems and methods for implementing security in a cloud computing environment

US 8,412,945 B2
Filed: 08/09/2011
Issued: 04/02/2013
Est. Priority Date: 08/09/2011
Status: Active Grant

First Claim

Patent Images

1. A server computer system comprising:

one or more processing units;

a memory, coupled to at least one of the one or more processing units, the memory storing a virtual machine, wherein an agent executive runs within the virtual machine, the agent executive executed by at least one of the one or more processing units, the agent executive comprising instructions for;

(A) obtaining an agent API key from a user or by an automated process when the agent executive is executed a first time;

(B) communicating the API key to a remote grid computer system in a first part of a synchronous process;

(C) receiving, in a second part of the synchronous process and responsive to the first part of the synchronous process, an agent identity token from the remote grid computer system, wherein the remote grid computer system generates the agent identity token through a cryptographic token generation protocol when the API key is deemed valid;

(D) storing the agent identity token in a secure data store associated with the agent executive;

(E) collecting information on the server computer system for an evaluation of integrity of the agent executive using a plurality of agent self-verification factors; and

(F) encrypting the information collected by the collecting (E) thereby creating encrypted information;

(G) signing the encrypted information using the agent identity token thereby creating signed encrypted information; and

(H) communicating the signed encrypted information to the remote grid computer system as part of an asynchronous process in which no network connection between the remote grid computer system and the agent executive is established.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises.

Citations

65 Claims

1. A server computer system comprising:
- one or more processing units;
  
  a memory, coupled to at least one of the one or more processing units, the memory storing a virtual machine, wherein an agent executive runs within the virtual machine, the agent executive executed by at least one of the one or more processing units, the agent executive comprising instructions for;
  
  (A) obtaining an agent API key from a user or by an automated process when the agent executive is executed a first time;
  
  (B) communicating the API key to a remote grid computer system in a first part of a synchronous process;
  
  (C) receiving, in a second part of the synchronous process and responsive to the first part of the synchronous process, an agent identity token from the remote grid computer system, wherein the remote grid computer system generates the agent identity token through a cryptographic token generation protocol when the API key is deemed valid;
  
  (D) storing the agent identity token in a secure data store associated with the agent executive;
  
  (E) collecting information on the server computer system for an evaluation of integrity of the agent executive using a plurality of agent self-verification factors; and
  
  (F) encrypting the information collected by the collecting (E) thereby creating encrypted information;
  
  (G) signing the encrypted information using the agent identity token thereby creating signed encrypted information; and
  
  (H) communicating the signed encrypted information to the remote grid computer system as part of an asynchronous process in which no network connection between the remote grid computer system and the agent executive is established.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The server computer system of claim 1, wherein the agent executive further comprises instructions for:
    - (I) querying a command queue on the remote grid computer system, as part of an asynchronous process, for one or more commands, wherein the command queue is accessed based upon an identity of the agent identity token; and
      
      (J) executing the one or more commands.
  - 3. The server computer system of claim 2, wherein a command in the one or more commands is a firewall policy for the virtual machine.
  - 4. The server computer system of claim 2, wherein a command in the one or more commands is a corrective or proactively protective action.
  - 5. The server computer system of claim 2, wherein a command in the one or more commands is a request to repeat the collecting (E), encrypting (F), signing (G) and communicating (H) at a predetermined time.
  - 6. The server computer system of claim 2, wherein a command in the one or more commands is a request to repeat the collecting (E), encrypting (F), signing (G) and communicating (H) at a predetermined time interval.
  - 7. The server computer system of claim 2, whereina first command in the one or more commands is an update to the plurality of agent self-verification factors, anda second command in the one or more commands is a request to repeat the collecting (E), encrypting (F), signing (G), and communicating (H) at a predetermined time using the update to the plurality of agent self-verification factors.
  - 8. The server computer system of claim 2, whereina first command in the one or more commands is an update to the plurality of agent self-verification factors, anda second command in the one or more commands is a request to repeat the collecting (E) encrypting (F), signing (G), and communicating (H) at predetermined time intervals using the update to the plurality of agent self-verification factors.
  - 9. The server computer system of claim 2, wherein a command in the one or more commands requires (i) re-initialization of the agent executive and (ii) a repeat of the obtaining (A), communicating (B), receiving (C), storing (D), collecting (E), encrypting (F), signing (G), and communicating (H) after re-initialization of the agent executive is complete.
  - 10. The server computer system of claim 2, wherein a command in the one or more commands requires termination of the virtual machine.
  - 11. The server computer system of claim 2, wherein the one or more commands comprises a command set for checking a status of a data structure accessible to the virtual machine or for checking a status of a process running on the virtual machine.
  - 12. The server computer system of claim 2, wherein the one or more commands comprises a command set for checking the status of a setting associated with a file stored in a memory accessible to the virtual machine, a setting of a directory stored in a memory accessible to the virtual machine, or an existence or a status of a process running on the virtual machine.
  - 13. The server computer system of claim 2, wherein the one or more commands comprises a command set for checking a password associated with a user or with a group of users of the virtual machine.
  - 14. The server computer system of claim 2, wherein the one or more commands comprises a command set for validation of a name-value pair in a file in a memory accessible by the virtual machine.
  - 15. The server computer system of claim 2, wherein the one or more commands comprises a command set for checking a status of a network communication port that is associated with the virtual machine.
  - 16. The server computer system of claim 2, wherein the querying (I) and executing (J) are repeated at a predetermined time.
  - 17. The server computer system of claim 2, wherein the querying (I) and executing (J) are repeated at predetermined time intervals.
  - 18. The server computer system of claim 1, wherein the communicating (H) further uses data shared with the remote grid computer system to digitally sign and encrypt the information prior to communicating the information.
  - 19. The server computer system of claim 1, wherein the obtaining (B) communicates the API key over the Internet to the remote grid computer system.
  - 20. The server computer system of claim 1, wherein the receiving (C) receives the agent identity token over the Internet from the remote grid computer system.
  - 21. The server computer system of claim 1, wherein the communicating (H) communicates the information over the Internet to the remote grid computer system.

22. A grid computer system comprising:
- one or more processing units;
  
  a memory, coupled to at least one of the one or more processing units, the memory storing a grid node, the grid node executed by at least one of the one or more processing units, the grid node comprising instructions for;
  
  (A) receiving, in a first part of a synchronous process, an API key from an agent executive running on a virtual machine which, in turn, is running on a computer that is remote to the grid computer system;
  
  (B) determining, in a second part of the synchronous process, whether the API key is a valid API key;
  
  (C) generating, in a third part of the synchronous process, a unique agent identity token through a cryptographic token generation protocol when the instructions for determining (B) deem the API key to be valid;
  
  (D) communicating, in a fourth part of the synchronous process and responsive to the first part of the synchronous process, the agent identity token to the virtual machine running on the remote computer;
  
  (E) receiving encrypted information, signed with a cryptographic digital signature, from the virtual machine from an evaluation of the integrity of the agent executive based upon a plurality of agent self-verification factors, wherein the receiving comprises decrypting the information using the agent identity token to form decrypted information and verifying the signature thereby obtaining decrypted, authenticated and integrity-verified information; and
  
  (F) verifying the integrity of the agent executive based on the decrypted, authenticated and integrity-verified information.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The grid computer system of claim 22, the grid node further comprising instructions for:
    - (G) creating, as a function of the agent identity token, a command queue on the grid computer system, wherein the command queue is unique to the agent executive; and
      
      (H) posting to the command queue one or more commands to be executed by the agent executive.
  - 24. The grid computer system of claim 22, wherein the verifying (F) comprises applying the decrypted information against one or more rules stored on the grid computer system, wherein, when a rule in the one or more rules fails, the verifying (F) further comprises posting a corrective or proactively protective action to a command queue on the grid computer system that is uniquely associated with the virtual machine.
  - 25. The grid computer system of claim 23, wherein a command in the one or more commands is a firewall policy for the virtual machine.
  - 26. The grid computer system of claim 23, wherein a command in the one or more commands is a corrective or proactively protective action to be executed by the agent executive running on the virtual machine.
  - 27. The grid computer system of claim 23, wherein a command in the one or more commands is a request that the agent executive running on the virtual machine:
    - (i) collect data for an evaluation of integrity of the agent executive using a plurality of agent self-verification factors; and
      
      (ii) communicate the data to the command queue as part of an asynchronous process in which no network connection between the grid computer system and the agent executive is established.
  - 28. The grid computer system of claim 27, wherein the command further specifies that (i) and (ii) be repeated at a predetermined time.
  - 29. The grid computer system of claim 27, wherein the command further specifies that (i) and (ii) be repeated at predetermined time intervals.
  - 30. The grid computer system of claim 23, wherein(i) a first command in the one or more commands is an update to the plurality of agent self-verification factors;
    - (i) a second command in the one or more commands is a request that the agent executive collect data for an evaluation of integrity of the agent executive using the update to the plurality of agent self-verification factors; and
      
      (ii) a third command in the one or more commands is a request that the agent executive communicate the data to the command queue as part of an asynchronous process in which no network connection may be initiated from the server computer system to the agent executive, but may only be initiated from the agent executive to the server computer system.
  - 31. The grid computer system of claim 23, wherein a command in the one or more commands requires (i) re-initialization of the agent executive and (ii) a repeat of the receiving (A), determining (B), generating (C), communicating (D), receiving (E), and verifying (F).
  - 32. The grid computer system of claim 23, wherein a command in the one or more commands requires termination of the virtual machine.
  - 33. The grid computer system of claim 23, wherein the one or more commands comprises a command set for checking a status of a data structure accessible to the virtual machine or for checking a status of a process running on the virtual machine.
  - 34. The grid computer system of claim 23, wherein the one or more commands comprises a command set for checking the status of a setting associated with a file stored in a memory accessible to the virtual machine, a setting of a directory stored in a memory accessible to the virtual machine, or an existence or a status of a process running on the virtual machine.
  - 35. The grid computer system of claim 23, wherein the one or more commands comprises a command set for checking a password associated with a user or with a group of users of the virtual machine.
  - 36. The grid computer system of claim 23, wherein the one or more commands comprises a command set for validation of a name-value pair in a file in a memory accessible by the virtual machine.
  - 37. The grid computer system of claim 23, wherein the one or more commands comprises a command set for checking a status of a network communication port that is associated with the virtual machine.
  - 38. The grid computer system of claim 22, wherein the decrypting the information further uses data shared with the agent executive running on the virtual machine.
  - 39. The grid computer system of claim 22, wherein the receiving (A) receives the API key over the Internet from the agent executive.
  - 40. The grid computer system of claim 22, wherein the communicating (D) communicates the agent identity token over the Internet to the virtual machine.
  - 41. The grid computer system of claim 22, wherein the receiving (E) receives the encrypted information over the Internet from the virtual machine.
  - 42. The grid computer system of claim 22, wherein the grid computer system comprises a plurality of computers networked to each other by a network connection.

43. A grid computer system comprising:
- one or more processing units;
  
  a memory, coupled to at least one of the one or more processing units, the memory storing a grid node, the grid node executed by at least one of the one or more processing units, the grid node comprising instructions for;
  
  (A) receiving an alert from a first agent executive running on a first virtual machine running on a computer that is remote to the grid computer system, the alert (i) indicating that the first agent executive has started running on the first virtual machine and (ii) including a first agent identity token associated with the first agent executive;
  
  (B) determining whether the first agent identity token is valid;
  
  (C) determining whether the first agent identity token is being used by a second agent executive running on a second virtual machine;
  
  (D) generating a second agent identity token through a cryptographic token generation protocol when (i) the first agent identity token is deemed valid by the determining (B) and (ii) the determining (C) determines that the first agent identity token is being used by a second agent executive running on a second virtual machine;
  
  (E) communicating the second agent identity token to the first virtual machine;
  
  (F) receiving encrypted information signed by a digital signature from the first virtual machine from an evaluation of the integrity of the first agent executive based upon a plurality of agent self-verification factors, wherein the receiving comprises decrypting the information using the second agent identity token in order to form decrypted information and validating the signature; and
  
  (G) verifying the integrity of the first agent executive based on the decrypted information when the signature has been validated.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 44. The grid computer system of claim 43, the grid node further comprising instructions for:
    - (H) creating, as a function of the second agent identity token, a command queue on the grid computer system, wherein the command queue is unique to the first agent executive; and
      
      (I) posting one or more commands to be executed by the first agent executive to the command queue.
  - 45. The grid computer system of claim 43, wherein the verifying (G) comprises applying the information received by the receiving (F) against one or more rules stored on the grid computer system, wherein, when a rule in the one or more rules fails, the verifying (G) further comprises posting a corrective or proactively protective action to a command queue on the grid computer system that is uniquely associated with the first agent executive.
  - 46. The grid computer system of claim 44, wherein a command in the one or more commands is a firewall policy for the first virtual machine.
  - 47. The grid computer system of claim 44, wherein a command in the one or more commands is a corrective or proactively protective action to be executed by the first agent executive.
  - 48. The grid computer system of claim 44, wherein a command in the one or more commands is a request that the first agent executive:
    - (i) collect information for an evaluation of integrity of the agent executive using the plurality of agent self-verification factors; and
      
      (ii) communicate the information to the grid computer system as part of an asynchronous process in which no network connection between the first agent executive and the grid computer system is established.
  - 49. The grid computer system of claim 48, wherein the command further specifies that (i) and (ii) be repeated at a predetermined time.
  - 50. The grid computer system of claim 48, wherein the command further specifies that (i) and (ii) be repeated at predetermined time intervals.
  - 51. The grid computer system of claim 44, wherein(i) a first command in the one or more commands is an update to the plurality of agent self-verification factors;
    - (i) a second command in the one or more commands is a request that the agent executive collect information for an evaluation of integrity of the agent executive using the update to the plurality of agent self-verification factors; and
      
      (ii) a third command in the one or more commands is a request that the agent executive communicate the information to the command queue as part of an asynchronous process in which no network connection between the server computer system and the agent executive is established.
  - 52. The grid computer system of claim 44, wherein a command in the one or more commands requires (i) re-initialization of the agent executive and (ii) a repeat of the receiving (A), determining (B), generating (C), communicating (D), receiving (E), and verifying (G).
  - 53. The grid computer system of claim 44, wherein a command in the one or more commands requires termination of the first virtual machine.
  - 54. The grid computer system of claim 44, wherein the one or more commands comprises a command set for checking a state of security, compliance or integrity of a data structure accessible to the first virtual machine or for checking a state of security, compliance or integrity of a process running on the first virtual machine.
  - 55. The grid computer system of claim 44, wherein the one or more commands comprises a command set for checking the status of a setting associated with a file stored in a memory accessible to the first virtual machine, a setting of a directory stored in a memory accessible to the first virtual machine, or an existence or a status of a process running on the first virtual machine.
  - 56. The grid computer system of claim 44, wherein the one or more commands comprises a command set for checking a password associated with a user or with a group of users of the first virtual machine.
  - 57. The grid computer system of claim 44, wherein the one or more commands comprises a command set for validation of a name-value pair in a file in a memory accessible by the first virtual machine.
  - 58. The grid computer system of claim 44, wherein the one or more commands comprises a command set for checking a status of a network communication port that is associated with the first virtual machine.
  - 59. The grid computer system of claim 43, wherein the decrypting the encrypted information further uses data shared with the first agent executive running on the first virtual machine.
  - 60. The grid computer system of claim 43, wherein the receiving (A) receives the alert over the Internet from the first agent executive running on the first virtual machine.
  - 61. The grid computer system of claim 43, wherein the communicating (E) communicates the second agent identity token over the Internet to the first virtual machine.
  - 62. The grid computer system of claim 43, wherein the receiving (E) receives the encrypted information over the Internet from the first virtual machine.
  - 63. The grid computer system of claim 43, wherein the grid computer system comprises a plurality of computers networked to each other by a network connection.

64. A computer program product for use in conjunction with a computer system, the computer program product comprising a non-transitory computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising a virtual machine running an agent executive, the agent executive comprising the instructions for:
- (A) obtaining an agent API key from a user or by an automated process when the agent executive is executed a first time;
  
  (B) communicating the API key over the Internet to a remote grid computer system in a first part of a synchronous process;
  
  (C) receiving, over the Internet in a second part of the synchronous process and responsive to the first part of the synchronous process, an agent identity token from the remote grid computer system, wherein the remote grid computer system generates the agent identity token through a cryptographic token generation protocol when the API key is deemed valid;
  
  (D) storing the agent identity token in a secure data store associated with the agent executive;
  
  (E) collecting information for an evaluation of integrity of the agent executive using a plurality of agent self-verification factors; and
  
  (F) encrypting the information collected by the collecting (E) thereby creating encrypted information;
  
  (G) signing the encrypted information using the agent identity token thereby creating signed encrypted information; and
  
  (H) communicating the signed encrypted information to the remote grid computer system as part of an asynchronous process in which no network connection between the remote grid computer system and the agent executive is established.

65. A computer program product for use in conjunction with a computer system, the computer program product comprising a non-transitory computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising instructions for:
- (A) receiving over the Internet, in a first part of a synchronous process, an API key from an agent executive running on a virtual machine which, in turn, is running on a remote computer system;
  
  (B) determining, in a second part of the synchronous process, whether the API key is a valid API key;
  
  (C) generating, in a third part of the synchronous process, an agent identity token through a cryptographic token generation protocol when the instructions for determining (B) deem the API key to be valid;
  
  (D) communicating over the Internet, in a fourth part of the synchronous process and responsive to the first part of the synchronous process, the agent identity token to the virtual machine running on the remote computer system;
  
  (E) receiving over the Internet encrypted information from the virtual machine from an evaluation of the integrity of the agent executive based upon a plurality of agent self-verification factors, wherein the receiving comprises decrypting the information to form decrypted information and verifying a digital signature associated with the information; and
  
  (F) verifying the integrity of the agent executive based on the decrypted information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Runway Growth Finance Corporation
Original Assignee
CloudPassage Inc.
Inventors
Sweet, Carson, Geraymovych, Vitaliy
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US13/205,948
Publication Number

US 20130042115A1
Time in Patent Office

602 Days
Field of Search

None
US Class Current

713/176
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Systems and methods for implementing security in a cloud computing environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing security in a cloud computing environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links