Method for monitoring the security of a virtual machine in a cloud computing architecture
US-2017124326-A1 · May 4, 2017 · US
Security application for a guest operating system in a virtual computing environment
US2017192801A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017192801-A1 |
| Application number | US-201514986533-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 31, 2015 |
| Priority date | Dec 31, 2015 |
| Publication date | Jul 6, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Hypervisors and guest operating systems/virtual machines communicate in virtual environments to enable applications and other services. Security measures are a concern in implementing a secure environment. One feature may include at least one of identifying a session initiation request from a guest operation system at a hypervisor component of a server and receiving periodic messages from the guest operating system, and establishing and maintaining a session and connection between the hypervisor and the guest operating system responsive to receiving the periodic messages from the guest operating system.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: identifying a session initiation request from a guest kernel module at a hypervisor component of a server; initializing a session between the guest kernel module and the hypervisor component; receiving periodic messages from the guest kernel module; and maintaining the session between the hypervisor component and the guest kernel module responsive to receiving the periodic messages from the guest kernel module. 2 . The method of claim 1 , further comprising transmitting an agent application to the guest operating system responsive to receiving the session initiation request. 3 . The method of claim 1 , wherein the hypervisor component of the server is a hypervisor management component (HMC). 4 . The method of claim 1 , further comprising at least one of: determining a prolonged period of no periodic messages received; and notifying an administrator device of a security alert. 5 . The method of claim 4 , further comprising attempting to reinstall the guest kernel module responsive to determining the prolonged period of no periodic messages received. 6 . The method of claim 1 , wherein the periodic messages received from the guest kernel module are heartbeat messages which are periodically transmitted from the guest kernel module to the hypervisor component according to a predetermined time interval. 7 . The method of claim 6 , further comprising at least one of: applying frequency criteria to the heartbeat messages; and monitoring whether the heartbeat messages are received according to the frequency criteria. 8 . An apparatus, comprising: a processor configured to: identify a session initiation request from a guest kernel module at a hypervisor component of a server; and initialize a session between the guest kernel module and the hypervisor component; and a receiver configured to receive periodic messages from the guest kernel module; wherein the processor is further configured to maintain the session between the hypervisor component and the guest kernel module responsive to the periodic messages received from the guest kernel module. 9 . The apparatus of claim 8 , further comprising a transmitter configured to transmit an agent application to the guest operating system responsive to the session initiation request being received. 10 . The apparatus of claim 8 , wherein the hypervisor component of the server is a hypervisor management component (HMC). 11 . The apparatus of claim 8 , wherein the processor is further configured to determine a prolonged period of no periodic messages received, and notify an administrator device of a security alert. 12 . The apparatus of claim 11 , wherein the processor is further configured to attempt to reinstall the guest kernel module responsive to the prolonged period of no periodic messages received being identified. 13 . The apparatus of claim 8 , wherein the periodic messages received from the guest kernel module are heartbeat messages which are periodically transmitted from the guest kernel module to the hypervisor component according to a predetermined time interval. 14 . The apparatus of claim 13 , wherein the processor is further configured to apply frequency criteria to the heartbeat messages, and monitor whether the heartbeat messages are received according to the frequency criteria. 15 . A non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform: identifying a session initiation request from a guest kernel module at a hypervisor component of a server; initializing a session between the guest kernel module and the hypervisor component; receiving periodic messages from the guest kernel module; and maintaining the session between the hypervisor component and the guest kernel module responsive to receiving the periodic messages from the guest kernel module. 16 . The non-transitory computer readable storage medium of claim 15 , wherein the processor is further configured to perform transmitting an agent application to the guest operating system responsive to receiving the session initiation request. 17 . The non-transitory computer readable storage medium of claim 15 , wherein the hypervisor component of the server is a hypervisor management component (HMC). 18 . The non-transitory computer readable storage medium of claim 15 , wherein the processor is further configured to perform at least one of: determining a prolonged period of no periodic messages received; and notifying an administrator device of a security alert. 19 . The non-transitory computer readable storage medium of claim 18 , wherein the processor is further configured to perform attempting to reinstall the guest kernel module responsive to determining the prolonged period of no periodic messages received. 20 . The non-transitory computer readable storage medium of claim 15 , wherein the periodic messages received from the guest kernel module are heartbeat messages which are periodically transmitted from the guest kernel module to the hypervisor component according to a predetermined time interval and wherein frequency criteria is applied to the heartbeat messages, and used to monitor whether the heartbeat messages are received according to the frequency criteria.
Assignees
Inventors
Classifications
where tasks reside in different layers, e.g. user- and kernel-space · CPC title
Isolation or security of virtual machine instances · CPC title
Hypervisors; Virtual machine monitors · CPC title
Message passing systems or structures, e.g. queues · CPC title
Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available (error or fault processing without redundancy G06F11/0703; error detection or correction by redundancy in data representation G06F11/08; error detection or correction of the data by redundancy in operations G06F11/14; error detection or correction by redundancy in hardware G06F11/16) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017192801A1 cover?
- Hypervisors and guest operating systems/virtual machines communicate in virtual environments to enable applications and other services. Security measures are a concern in implementing a secure environment. One feature may include at least one of identifying a session initiation request from a guest operation system at a hypervisor component of a server and receiving periodic messages from the g…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F9/455. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jul 06 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).