Method and apparatus for encrypting data messages after detecting infected VM
First Claim
1. For a host machine on which a set of virtual machines (VMs) execute, an encryption method comprising:
- detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data gathered from an agent installed on the first VM; and
based on the detected malware infection, encrypting data messages transmitted by at least a second VM in the set of VMs executing on the host machine.
1 Assignment
0 Petitions
Accused Products
Abstract
For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.
30 Citations
24 Claims
-
1. For a host machine on which a set of virtual machines (VMs) execute, an encryption method comprising:
detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data gathered from an agent installed on the first VM; and
based on the detected malware infection, encrypting data messages transmitted by at least a second VM in the set of VMs executing on the host machine.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
15. For a host machine on which a set of virtual machines (VMs) execute, an encryption method comprising:
-
detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data from a guest introspection agent installed on the first VM; and based on the detected malware infection, encrypting data messages transmitted by at least a second VM in the set of VMs executing on the host machine. - View Dependent Claims (17)
-
-
16. A non-transitory machine readable medium storing a program for encrypting messages from a virtual machine (VM) in a set of VMs that execute on a host computer, the program comprising sets of instructions for:
- detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data gathered from an agent installed on the first VM; and
based on the detected malware infection, encrypting data messages transmitted by at least a second VM in the set of VMs executing on the host machine. - View Dependent Claims (18, 19, 20, 21, 22, 23)
- detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data gathered from an agent installed on the first VM; and
-
24. A non-transitory machine readable medium storing a program for encrypting messages from a virtual machine (VM) in a set of VMs that execute on a host computer, the program comprising sets of instructions for:
-
detecting that a first VM in the set of VMs executing on the host machine is infected with malware by analyzing introspection data from a guest introspection agent installed on the VM; and based on the detected malware infection, encrypting data messages transmitted by at least a second VM in the set of VMs executing on the host machine.
-
Specification