Methods and apparatus for locating an unauthorized virtual machine

US 9,292,666 B2
Filed: 03/20/2013
Issued: 03/22/2016
Est. Priority Date: 11/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method for detecting an unauthorized use of a virtual machine, the method comprising:

storing a virtual machine on a physical machine at a first time, the virtual machine including a boot pointer, the boot pointer pointing to a locator code at the first time; and

starting a boot process of booting the virtual machine at a second time after the first time, the boot process including at least one of;

responsive to the virtual machine being in an authorized environment, which exists when the physical machine and the virtual machine are both registered with a management system and associated with each other by the management system, which manages at least one physical machine and at least one virtual machine, bypassing the locator code, at a third time after the second time, by adjusting the boot pointer, from pointing to the locator code, to pointing to a boot code of the virtual machine, andresponsive to the virtual machine being in an unauthorized environment, which exists when the virtual machine is not in an authorized environment, executing the locator code, at a fourth time after the second time, wherein the locator code gathers information indicative of a location of the unauthorized environment, and transmits a message including the information indicative of the location.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus of locating an unauthorized virtual machine are disclosed. A virtual machine is registered with a management system. When the virtual machine is requested to start, the system determines whether the virtual machine is in an authorized environment. In an authorized environment, the virtual machine is enabled to operate normally. In an unauthorized environment, the virtual machine is disabled. The disabled virtual machine gathers information about the unauthorized environment and transmits the information to the virtual machine owner.

125 Citations

14 Claims

1. A method for detecting an unauthorized use of a virtual machine, the method comprising:
- storing a virtual machine on a physical machine at a first time, the virtual machine including a boot pointer, the boot pointer pointing to a locator code at the first time; and
  
  starting a boot process of booting the virtual machine at a second time after the first time, the boot process including at least one of;
  
  responsive to the virtual machine being in an authorized environment, which exists when the physical machine and the virtual machine are both registered with a management system and associated with each other by the management system, which manages at least one physical machine and at least one virtual machine, bypassing the locator code, at a third time after the second time, by adjusting the boot pointer, from pointing to the locator code, to pointing to a boot code of the virtual machine, andresponsive to the virtual machine being in an unauthorized environment, which exists when the virtual machine is not in an authorized environment, executing the locator code, at a fourth time after the second time, wherein the locator code gathers information indicative of a location of the unauthorized environment, and transmits a message including the information indicative of the location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the physical machine includes a management layer, wherein the management layer determines whether to enable the virtual machine in response to a request to start the virtual machine.
  - 3. The method of claim 1, wherein the physical machine includes a virtualization subsystem, the virtualization subsystem supporting a plurality of virtual machines.
  - 4. The method of claim 1, wherein the physical machine includes a management agent, wherein the management agent adjusts the boot pointer of the virtual machine.
  - 5. The method of claim 1, wherein the authorized environment includes a first managed physical machine, which is registered with the management system, and a first managed virtual machine, which is registered with the management system.
  - 6. The method of claim 5, wherein the first managed physical machine and the first managed virtual machine are associated with each other to create the authorized environment.
  - 7. The method of claim 1, wherein the unauthorized environment includes a first managed physical machine, which is registered with the management system, and an-a first unmanaged virtual machine, which is not registered with the management system.
  - 8. The method of claim 1, wherein the unauthorized environment includes an-a first unmanaged physical machine, which is not registered with the management system, and a first managed virtual machine, which is registered with the management system.
  - 9. The method of claim 1, wherein the unauthorized environment includes a first managed physical machine, which is registered with the management system, and a first managed virtual machine, which is registered with the management system, wherein the first managed physical machine and the first managed virtual machine are not associated with each other to create the authorized environment.
  - 10. The method of claim 1, wherein the information indicative of the location of the unauthorized environment includes an IP address associated with the physical machine.
  - 11. The method of claim 1, wherein the message including the information indicative of the location is transmitted via an internet.
  - 12. The method of claim 1, wherein the virtual machine shuts down after the message including the information indicative of the location has been transmitted.

13. An apparatus for detecting an unauthorized use of a virtual machine, the apparatus comprising:
- a physical machine;
  
  the physical machine storing a virtual machine at a first time;
  
  at least one of the physical machine and the virtual machine storing a software program to cause the virtual machine to;
  
  point a boot pointer to a locator code at the first time;
  
  start a boot process of booting the virtual machine at a second time after the first time, the boot process including at least one of;
  
  responsive to the virtual machine being in an authorized environment, which exists when the physical machine and the virtual machine are both registered with a management system and associated with each other by the management system, which manages at least one physical machine and at least one virtual machine, bypass the locator code, at a third time after the second time, by adjusting the boot pointer, from pointing to the locator code, to pointing to a boot code of the virtual machine, andresponsive to the virtual machine being in an unauthorized environment, which exists when the virtual machine is not in an authorized environment, execute the locator code, at a fourth time after the second, wherein the locator code gathers information indicative of a location of the unauthorized environment, and transmits a message including the information indicative of the location.

14. A non-transitory computer readable media storing software instructions to detect an unauthorized use of a virtual machine, the software instructions causing a computing device to:
- store a virtual machine on a physical machine at a first time, the virtual machine including a boot pointer;
  
  point the boot pointer to a locator code at the first time;
  
  start a boot process of booting the virtual machine at a second time after the first time, the boot process including at least one of;
  
  responsive to the virtual machine being in an authorized environment, which exists when the physical machine and the virtual machine are both registered with a management system and associated with each other by the management system, which manages at least one physical machine and at least one virtual machine, bypass the locator code, at a third time after the second time, by adjusting the boot pointer, from pointing to the locator code, to pointing to a boot code of the virtual machine, andresponsive to the virtual machine being in an unauthorized environment, which exists when the virtual machine is not in an authorized environment, execute the locator code, at a fourth time after the second time, wherein the locator code gathers information indicative of a location of the unauthorized environment, and transmits a message including the information indicative of the location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
ManageIQ, Inc. (International Business Machines Corporation)
Inventors
Fitzgerald, Joseph, Barenboim, Oleg, Oliveri, Richard
Primary Examiner(s)
AN, MENG AI T
Assistant Examiner(s)
Teets, Bradley

Application Number

US13/847,911
Publication Number

US 20130232586A1
Time in Patent Office

1,098 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/121 Restricting unauthorised ex...

G06F 21/52 during program execution, e...

Methods and apparatus for locating an unauthorized virtual machine

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for locating an unauthorized virtual machine

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links