Systems and methods for implementing security in a cloud computing environment
First Claim
1. A server computer system comprising:
- one or more processing units;
a memory, coupled to at least one of the one or more processing units, the memory storing a virtual machine, wherein an agent executive runs within the virtual machine, the agent executive executed by at least one of the one or more processing units, the agent executive comprising instructions for;
receiving an agent identity token from a grid computer system, wherein the agent identity token includes a unique cryptographic key assigned to the agent executive;
collecting information about the server computer system for an evaluation of integrity of the agent executive, according to a plurality of agent self-verification factors;
encrypting the collected information using the cryptographic key;
transmitting the encrypted information to the grid computer system;
retrieving an encrypted first set of commands from the grid computer system;
decrypting the encrypted first set of commands using the cryptographic key; and
executing, at the server computer system, each command in the first set of commands.
4 Assignments
0 Petitions
Accused Products
Abstract
Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises.
92 Citations
40 Claims
-
1. A server computer system comprising:
-
one or more processing units; a memory, coupled to at least one of the one or more processing units, the memory storing a virtual machine, wherein an agent executive runs within the virtual machine, the agent executive executed by at least one of the one or more processing units, the agent executive comprising instructions for; receiving an agent identity token from a grid computer system, wherein the agent identity token includes a unique cryptographic key assigned to the agent executive; collecting information about the server computer system for an evaluation of integrity of the agent executive, according to a plurality of agent self-verification factors; encrypting the collected information using the cryptographic key; transmitting the encrypted information to the grid computer system; retrieving an encrypted first set of commands from the grid computer system; decrypting the encrypted first set of commands using the cryptographic key; and executing, at the server computer system, each command in the first set of commands. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A grid computer system comprising:
-
one or more processing units; a memory, coupled to at least one of the one or more processing units, the memory storing a grid node, the grid node executed by at least one of the one or more processing units, the grid node comprising instructions for; receiving a request from an agent executive running on a virtual machine that is running on a computer other than the grid computer system; generating a unique agent identity token, which includes a cryptographic key; transmitting the agent identity token to the agent executive running on the virtual machine; receiving encrypted information, signed with a cryptographic digital signature, from the virtual machine for an evaluation of the integrity of the agent executive based upon a plurality of agent self-verification factors; decrypting the received encrypted information using the cryptographic key to form decrypted information; and verifying the integrity of the agent executive based on the decrypted information. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer program product for use in conjunction with a computer system, the computer program product comprising a non-transitory computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising a virtual machine running an agent executive, the agent executive comprising the instructions for:
-
receiving an agent identity token from a grid computer system, wherein the agent identity token includes a unique cryptographic key assigned to the agent executive; collecting information for an evaluation of integrity of the agent executive according to a plurality of agent self-verification factors; encrypting the collected information using the cryptographic key; transmitting the encrypted information to the grid computer system; retrieving an encrypted first set of commands from the grid computer system; decrypting the encrypted first set of commands using the cryptographic key; and executing, at the server computer system, each command in the first set of commands.
-
-
40. A computer program product for use in conjunction with a first computer system, the computer program product comprising a non-transitory computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising instructions for:
-
(A) receiving a request from an agent executive running on a virtual machine that is running on a second computer system, wherein the request includes a unique identifier of the agent executive; generating an agent identity token, which includes a cryptographic key; transmitting the agent identity token to the agent executive running on the virtual machine; receiving encrypted information from the virtual machine for an evaluation of integrity of the agent executive based upon a plurality of agent self-verification factors; decrypting the received encrypted information using the cryptographic key to form decrypted information; and verifying the integrity of the agent executive based on the decrypted information.
-
Specification