Methods and systems for secure storage segmentation based on security context in a virtual environment
First Claim
Patent Images
1. A method comprising:
- identifying, by a processing device, a request to place a workload in a hypervisor-based host server;
identifying a security level of the workload;
scanning, by the processing device, a storage device associated with the hypervisor-based host server to detect a security level of one or more contents of the storage device;
identifying, by the processing device, a lowest security level from the detected security level of the one or more contents of the storage device;
assigning, by the processing device, a security level of the storage device at or below the lowest security level;
granting, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device;
denying, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload does not correspond to the security level of the storage device; and
causing the workload to be placed in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
10 Citations
20 Claims
-
1. A method comprising:
-
identifying, by a processing device, a request to place a workload in a hypervisor-based host server; identifying a security level of the workload; scanning, by the processing device, a storage device associated with the hypervisor-based host server to detect a security level of one or more contents of the storage device; identifying, by the processing device, a lowest security level from the detected security level of the one or more contents of the storage device; assigning, by the processing device, a security level of the storage device at or below the lowest security level; granting, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device; denying, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload does not correspond to the security level of the storage device; and causing the workload to be placed in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory; and a processing device coupled with the memory to; identify a request to place a workload in a hypervisor-based host server; identify a security level of the workload; scan a storage device associated with the hypervisor-based host server to detect a security level of one or more contents of the storage device; identify a lowest security level from the detected security level of the one or more contents of the storage device; assign a security level of the storage device at or below the lowest security level; grant the request to place the workload in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device; deny the request to place the workload in the hypervisor-based host server when the security level of the workload does not correspond to the security level of the storage device; and cause the workload to be placed in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
identifying a request to place a workload in a hypervisor-based host server; identifying a security level of the workload; scanning, by a processing device, a storage device associated with the hypervisor-based host server to detect a security level of one or more contents of the storage device; identifying, by the processing device, a lowest security level from the detected security level of the one or more contents of the storage device; assigning, by the processing device, a security level of the storage device at or below the lowest security level; granting, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device; denying, by the processing device, the request to place the workload in the hypervisor-based host server when the security level of the workload does not correspond to the security level of the storage device; and causing the workload to be placed in the hypervisor-based host server when the security level of the workload corresponds to the security level of the storage device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification