Securely terminating processes in a cloud computing environment

US 8,832,459 B2
Filed: 08/28/2009
Issued: 09/09/2014
Est. Priority Date: 08/28/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a processor, a first process to be terminated from a plurality of computing systems;

identifying a first computing system in the plurality of computing systems, the first computing system supporting the first process;

identifying other processes supported by the first computing system sharing information associated with and supporting the first process, wherein the other processes are not to be terminated;

identifying specific locations in a computer readable storage device storing the shared information on the first computing system;

migrating the other process to a second computing system of the plurality of computing systems;

instructing, by the processor, a network management system to provide a command to retrieve an eraser agent to the first computing system;

receiving, by the processor, the command from the first computing system to provide the first computing system with the eraser agent; and

transmitting after migrating, by the processor, the eraser agent to the first computing system to securely terminate the first process and erase the shared information associated with the first process and stored in the specific locations on the first computing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When terminating a process instantiated in a cloud, a cloud management system can provide and interact with an eraser agent on the computing systems supporting the process. The process can be any type of process that can exits in the cloud such a virtual machine, software appliance, or software instance. The eraser agent can execute on the computing systems to erase information stored on physical storage devices of the computing systems and associated with the process. In particular, the eraser agent can utilize secure algorithms to alter and obscure the information stored on the physical storage devices of the computing systems and associated with the process.

114 Citations

View as Search Results

13 Claims

1. A method comprising:
- identifying, by a processor, a first process to be terminated from a plurality of computing systems;
  
  identifying a first computing system in the plurality of computing systems, the first computing system supporting the first process;
  
  identifying other processes supported by the first computing system sharing information associated with and supporting the first process, wherein the other processes are not to be terminated;
  
  identifying specific locations in a computer readable storage device storing the shared information on the first computing system;
  
  migrating the other process to a second computing system of the plurality of computing systems;
  
  instructing, by the processor, a network management system to provide a command to retrieve an eraser agent to the first computing system;
  
  receiving, by the processor, the command from the first computing system to provide the first computing system with the eraser agent; and
  
  transmitting after migrating, by the processor, the eraser agent to the first computing system to securely terminate the first process and erase the shared information associated with the first process and stored in the specific locations on the first computing system.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising instructing the first computing system to power down and restart to cause the eraser agent to terminate the first process and erase the shared information stored on the first computing system.
  - 3. The method of claim 2, wherein instructing the first computing system to power down and restart further comprises instructing a power management system to power down the first computing system.
  - 4. The method of claim 1, wherein the first process comprises a virtual machine, a software appliance, or a software instance.
  - 5. The method of claim 1, wherein the eraser agent utilizes a secure algorithm to terminate the first process and erase the shared information.

6. A non-transitory computer readable storage medium comprising instruction to cause a processor to perform operations comprising:
- identifying, by the processor, a first process to be terminated from a plurality of computing systems;
  
  identifying a first computing system in the plurality of computing systems, the first computing system supporting the first process;
  
  identifying other processes supported by the first computing system sharing information associated with and supporting the first process, wherein the other processes are not to be terminated;
  
  identifying specific locations in a computer readable storage device storing the shared information on the first computing system;
  
  migrating the other process to a second computing system of the plurality of computing systems; and
  
  instructing, by the processor, a network management system to provide a command to retrieve an eraser agent to the first computing system;
  
  receiving, by the processor, the command from the first computing system to provide the first computing system with the eraser agent; and
  
  transmitting after migrating, by the processor, the eraser agent to the first computing system to securely terminate the first process and erase the shared information associated with the first process and stored in the specific locations on the first computing system.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer readable storage medium of claim 6, further comprising instructing the first computing system to power down and restart to cause the eraser agent to terminate the first process and erase the shared information stored on the first computing system.
  - 8. The non-transitory computer readable storage medium of claim 7, wherein instructing the one computing system to power down and restart comprises instructing a power management system to power down the first computing system.
  - 9. The non-transitory computer readable storage medium of claim 6, wherein the first process comprises a virtual machine, a software appliance, or a software instance.
  - 10. The non-transitory computer readable storage medium of claim 6, wherein the eraser agent utilize a secure algorithm to terminate the first process and erase the shared information.

11. A system comprising:
- a computing system comprising memory and a processor coupled to the memory to;
  
  identify a first process to be terminated from a plurality of computing systems;
  
  identify a first computing system of the plurality of computing systems, the first computing system supporting the first process;
  
  identify other processes supported by the first computing system sharing information associated with and supporting the first process, wherein the other processes are not to be terminated;
  
  identify specific locations in a computer readable storage device storing the shared information on the first computing system;
  
  migrate the other processes to a second computing system of the plurality of computing systems;
  
  instruct a network management system to provide a command to retrieve an eraser agent to the first computing system;
  
  receive the command from the first computing system to provide the first computing system with the eraser agent; and
  
  transmit after migrating the eraser agent to the first computing system to securely terminate the first process and erase the shared information associated with the first process and stored in the specific locations on the first computing system.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the processor instructs the first computing system to power down and restart to cause the eraser agent to terminate the first process and erase the shared information stored on the first computing system.
  - 13. The system of claim 11, wherein processor identifies specific locations in computer readable storage devices storing the information on the first computing system, and configures the eraser agent with the specific locations to securely terminate the first process and erase the shared information stored in the specific locations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
DeHaan, Michael Paul
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Alata, Ayoub

Application Number

US12/550,157
Publication Number

US 20110055588A1
Time in Patent Office

1,838 Days
Field of Search

713/189, 713/310, 709/223, 709/226, 718/1
US Class Current

713/189
CPC Class Codes

G06F 1/3209   Monitoring remote activity,...

G06F 21/6245   Protecting personal data, e...

G06F 9/485   Task life-cycle, e.g. stopp...

Securely terminating processes in a cloud computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Securely terminating processes in a cloud computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others