Certification of virtual machine images in cloud computing environments

US 8,601,583 B1
Filed: 04/14/2011
Issued: 12/03/2013
Est. Priority Date: 04/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method of certifying a virtual machine image in a cloud computing environment, the method comprising:

installing an anti-malware in a virtual machine;

using the anti-malware to scan the virtual machine for presence of malware;

finding that the virtual machine is free of malware;

in response to finding that the virtual machine is free of malware, removing the anti-malware from the virtual machine and generating an original fingerprint of the virtual machine;

storing the original fingerprint in the virtual machine;

saving the virtual machine as a virtual machine image after removing the anti-malware from the virtual machine and storing the original fingerprint in the virtual machine; and

listing the virtual machine image in a catalog of a public cloud computing environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Virtual machine images in a cloud computing environment may be certified using a validator machine image. The validator machine image is configured to boot a validator virtual machine, which boots a virtual machine off a virtual machine image from among virtual machine images available in the catalog of the cloud computing environment. The validator virtual machine may scan the virtual machine for malware, including computer viruses. A virtual machine image from among the virtual machine images may be packaged to include a certifier agent that verifies the virtual machine image upon execution. Reputation of virtual machine images may be stored in a virtual machine image reputation database and made available by way of a portal.

79 Citations

View as Search Results

15 Claims

1. A method of certifying a virtual machine image in a cloud computing environment, the method comprising:
- installing an anti-malware in a virtual machine;
  
  using the anti-malware to scan the virtual machine for presence of malware;
  
  finding that the virtual machine is free of malware;
  
  in response to finding that the virtual machine is free of malware, removing the anti-malware from the virtual machine and generating an original fingerprint of the virtual machine;
  
  storing the original fingerprint in the virtual machine;
  
  saving the virtual machine as a virtual machine image after removing the anti-malware from the virtual machine and storing the original fingerprint in the virtual machine; and
  
  listing the virtual machine image in a catalog of a public cloud computing environment.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - after listing the virtual machine image in the catalog;
      
      a) booting the virtual machine from the virtual machine image,b) re-computing a new fingerprint of the virtual machine, andc) verifying that the virtual machine image is in a certified condition by comparing the new fingerprint to the original fingerprint.
  - 3. The method of claim 2 wherein the original fingerprint is encrypted as stored in the virtual machine.
  - 4. The method of claim 2 wherein booting the virtual machine from the virtual machine image comprises executing the virtual machine image from a customer console.

5. A method of certifying a virtual machine image in a cloud computing environment, the method comprising:
- booting a validator virtual machine from a validator virtual machine image;
  
  the validator virtual machine booting a target virtual machine from a target virtual machine image;
  
  the validator virtual machine injecting a security module into the target virtual machine;
  
  the security module scanning the target virtual machine for malware; and
  
  removing the security module from the target virtual machine after scanning the target virtual machine for malware.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5 wherein the security module scans the target virtual machine for computer viruses.
  - 7. The method of claim 5 wherein the security module sends a result of scanning the target virtual machine for malware to the security module before the security module is removed from the target virtual machine.
  - 8. The method of claim 5 wherein the validator virtual machine image is listed in a catalog of a public cloud computing environment along with other publicly accessible virtual machine images.
  - 9. The method of claim 8 wherein the validator virtual machine image is executed from a customer console.
  - 10. The method of claim 5 wherein the validator virtual machine does not run continuously.
  - 11. The method of claim 10 wherein the validator virtual machine image is executed only when a new virtual machine image is made available in a customer console.
  - 12. The method of claim 5 wherein the security module is configured to automatically self-terminate after scanning the target virtual machine for malware.

13. A computer system comprising:
- one or more computers that provide (a) a plurality of virtual machine images available for public access from a catalog of a public cloud computing environment and (b) a validator virtual machine image available for public access from the catalog, the validator virtual machine image being configured to be executed by the one or more computers to boot a validator virtual machine, the validator virtual machine being configured to boot a virtual machine from a virtual machine image in the plurality of virtual machine images, and to inject a security module into the virtual machine, to scan the virtual machine for malware, and to remove the security module from the virtual machine after scanning the virtual machine for malware.
- View Dependent Claims (14, 15)
- - 14. The computer system of claim 13 wherein the security module is configured to automatically self-terminate after scanning the virtual machine for malware.
  - 15. The computer system of claim 13 wherein the security module scans the virtual machine for computer viruses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Kodukula, Narasimham, Chandrasekhar, Bharath Kumar
Primary Examiner(s)
Hirl, Joseph P.
Assistant Examiner(s)
King, John B

Application Number

US13/087,186
Time in Patent Office

964 Days
Field of Search

726 22- 24
US Class Current

726/24
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/54   by adding security routines...

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/45558   Hypervisor-specific managem...

Certification of virtual machine images in cloud computing environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Certification of virtual machine images in cloud computing environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links