Hypervisor-driven protection of data from virtual machine clones

US 8,832,352 B2
Filed: 05/30/2012
Issued: 09/09/2014
Est. Priority Date: 05/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting to a guest operating system of a first virtual machine, by a hypervisor executed by a processing device, a message that identifies a memory location for storing secure data;

receiving by the hypervisor, after the transmitting of the message, a direct-copy command to clone the first virtual machine; and

in response to the direct-copy command, creating, by the hypervisor, a second virtual machine via direct copy of the first virtual machine, wherein the second virtual machine is not provided access to the memory location during the creating of the second virtual machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting secure data from virtual machine clones are disclosed. In accordance with one embodiment, a hypervisor transmits a message to a guest operating system hosted by a first virtual machine, where the message identifies a memory location for a secure datum. After the transmission of the message, when the hypervisor receives a direct-copy command to clone the first virtual machine, the hypervisor creates a second virtual machine via direct copy, where the second virtual machine is not provided access to the secure memory location during its creation.

42 Citations

View as Search Results

26 Claims

1. A method comprising:
- transmitting to a guest operating system of a first virtual machine, by a hypervisor executed by a processing device, a message that identifies a memory location for storing secure data;
  
  receiving by the hypervisor, after the transmitting of the message, a direct-copy command to clone the first virtual machine; and
  
  in response to the direct-copy command, creating, by the hypervisor, a second virtual machine via direct copy of the first virtual machine, wherein the second virtual machine is not provided access to the memory location during the creating of the second virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the guest operating system stores a secure datum in the memory location after receiving the message.
  - 3. The method of claim 1 wherein the second virtual machine is not provided access to read contents of the memory location until a write operation of a new datum to the memory location.
  - 4. The method of claim 1 wherein, in response to a write operation of a new datum to the memory location, the second virtual machine is not provided access to read the new datum from the memory location.
  - 5. The method of claim 1 wherein a request by the second virtual machine to read contents of the memory location causes the hypervisor to throw an exception.
  - 6. The method of claim 1 wherein the memory location is a location in one of:
    - a random access memory, a storage device, or a physical device to which a virtual device of the first virtual machine is mapped.
  - 7. The method of claim 1 wherein a non-secure datum is written to the memory location during the creating of the second virtual machine.
  - 8. The method of claim 7 wherein the non-secure datum is supplied to the hypervisor by the first virtual machine.
  - 9. The method of claim 7 wherein the creating of the second virtual machine comprises:
    - creating a page that stores the non-secure datum; and
      
      setting, in a page table for the second virtual machine, an entry to point to the page.
  - 10. The method of claim 7 wherein the creating of the second virtual machine comprises setting, in a page table for the second virtual machine, an entry for a non-present page.

11. An apparatus comprising:
- a memory; and
  
  a processing device, coupled to the memory, to;
  
  execute a hypervisor,transmit to a guest operating system of a virtual machine, via the hypervisor, a message that identifies a memory location for storing secure data,receive via the hypervisor, after the transmitting of the message, a direct-copy command to clone the virtual machine, andrefuse, via the hypervisor, to execute the direct-copy command.
- View Dependent Claims (12, 13)
- - 12. The apparatus of claim 11 wherein the processing device is further to throw, via the hypervisor, an exception in response to the direct-copy command.
  - 13. The apparatus of claim 11 wherein the memory is one of a random access memory, a storage device, or a memory of a physical device.

14. A method comprising:
- transmitting to a guest operating system of a virtual machine, by a hypervisor executed by a processing device, a message that identifies a memory location for storing secure data;
  
  receiving by the hypervisor, after the transmitting of the message, a copy-on-write command to clone the virtual machine;
  
  in response to the copy-on-write command, creating, by hypervisor, a pointer to the virtual machine;
  
  receiving, via the pointer, a request to read contents of the memory location; and
  
  refusing, by the hypervisor, to execute the request.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14 wherein the guest operating system stores a secure datum in the memory location after receiving the message.
  - 16. The method of claim 15 further comprising returning, by the hypervisor, a non-secure datum instead of the secure datum.
  - 17. The method of claim 16 wherein the non-secure datum is supplied to the hypervisor by the virtual machine.
  - 18. The method of claim 14 further comprising throwing, by the hypervisor, an exception in response to the request.
  - 19. The method of claim 14 wherein the guest operating system receives a first request to write a new datum to the memory location, and wherein, in response to the first request, the guest operating system writes the new datum to the memory location, and wherein the guest operating system receives, via the pointer, a second request to read the contents of the memory location, and wherein, in response to the second request, the guest operating system returns the new datum.
  - 20. The method of claim 14 wherein the guest operating system receives a first request to write a new datum to the memory location, and wherein, in response to the first request, the guest operating system writes the new datum to the memory location, and wherein the guest operating system receives, via the pointer, a second request to read the contents of the memory location, and wherein the hypervisor refuses to execute the second request.
  - 21. The method of claim 14 further comprising, in response to the copy-on-write command:
    - setting, in a page table associated with the pointer, an entry to point to a page with only non-secure data instead of a page that includes the memory location.
  - 22. The method of claim 14 further comprising, in response to the copy-on-write command:
    - setting, in a page table associated with the pointer, an entry for a non-present page instead of a page that includes the memory location.

23. A non-transitory computer readable storage medium, having instructions stored therein, which when executed, cause a processing device to perform operations comprising:
- transmitting to a guest operating system of a virtual machine, by a hypervisor executed by the processing device, a message that identifies a memory location for storing secure data;
  
  receiving by the hypervisor, after the transmitting of the message, a copy-on-write command to clone the virtual machine; and
  
  refusing, by the hypervisor, to execute the copy-on-write command.
- View Dependent Claims (24, 25, 26)
- - 24. The non-transitory computer readable storage medium of claim 23, wherein the guest operating system stores a secure datum in the memory location after receiving the message.
  - 25. The non-transitory computer readable storage medium of claim 23, wherein the operations further comprise throwing, by the hypervisor, an exception in response to the copy-on-write command.
  - 26. The non-transitory computer readable storage medium of claim 23, wherein the memory location is a location in one of:
    - a random access memory, a storage device, or a physical device to which a virtual device of the virtual machine is mapped.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Original Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Inventors
Tsirkin, Michael, Laor, Dor
Primary Examiner(s)
Gu, Shawn X

Application Number

US13/484,219
Publication Number

US 20130326110A1
Time in Patent Office

832 Days
Field of Search

711/6, 711/163, 711/170
US Class Current

711/6
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 9/45558   Hypervisor-specific managem...

Hypervisor-driven protection of data from virtual machine clones

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Hypervisor-driven protection of data from virtual machine clones

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others