Virtual container storage interface controller
US-12175078-B2 · Dec 24, 2024 · US
Obscuring information in virtualization environment
US2021089340A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2021089340-A1 |
| Application number | US-201916580067-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 24, 2019 |
| Priority date | Sep 24, 2019 |
| Publication date | Mar 25, 2021 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A hardware request of an application is detected. The Application executes on a virtualized computer system. It is determined that the hardware request includes a counter. The counter is to be performed by the virtualized computer system. The counter includes a counter value. The hardware request is intercepted before the it is processed by a hypervisor that hosts the virtualized computer system. The interception is based on the determining the hardware request includes the counter. The counter value is saved in a secure memory. The secure memory is obscured from the hypervisor. A scrambled counter value is generated. The hardware request is updated with the scrambled counter value. After the hardware request is updated it is provided to the hypervisor.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: detecting a hardware request of an application, wherein the application executes on a virtualized computer system; determining the hardware request includes a counter, wherein the counter is to be updated by the virtualized computer system, and wherein the counter includes a counter value; intercepting, based on the determining the hardware request includes the counter, the hardware request before the hardware request is processed by a hypervisor that hosts the virtualized computer system; saving the counter value in a secure memory, the secure memory obscured from the hypervisor; generating a scrambled counter value; updating the hardware request with the scrambled counter value; and providing, after the updating the hardware request, the hardware request to the hypervisor. 2 . The method of claim 1 , further comprising: determining, based on the detecting of the hardware request, one or more data inputs in the hardware request; and obscuring the one or more data inputs. 3 . The method of claim 1 , wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory. 4 . The method of claim 1 , wherein the method is performed by an ultravisor. 5 . The method of claim 4 , wherein the scrambled counter value is generated by a random number generator of the ultravisor. 6 . The method of claim 1 , further comprising: storing, before the providing the hardware request to the hypervisor, the scrambled counter value; identifying a response to the hardware request, the response provided by the hypervisor; determining the response includes an updated scrambled counter value, the updated scrambled counter value based on the scrambled counter value; blocking the response; generating, based on the updated scrambled counter value and based on the scrambled counter value, an update amount; calculating, based on the counter value and based on the update amount, an updated counter value; and providing the updated counter value to the application. 7 . The method of claim 1 , wherein the counter is a decrementer. 8 . A system, the system comprising: a memory, the memory containing one or more instructions; and a processor, the processor communicatively coupled to the memory, the processor, in response to reading the one or more instructions, configured to: detect a hardware request of an application, wherein the application executes on a virtualized computer system; determine the hardware request includes a counter, wherein the counter to be performed by the virtualized computer system, and wherein the counter includes a counter value; intercept, based on the determine the hardware request includes the counter, the hardware request before the hardware request is processed by a hypervisor that hosts the virtualized computer system; save the counter value in a secure memory, the secure memory obscured from the hypervisor; generate a scrambled counter value; update the hardware request with the scrambled counter value; and provide, after the update the hardware request, the hardware request to the hypervisor. 9 . The system of claim 8 , wherein the processor is further configured to: determine, based on the detecting the hardware request, one or more data inputs in the hardware request; and obscure the one or more data inputs. 10 . The system of claim 8 , wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory. 11 . The system of claim 8 , wherein the processor is configured to execute an ultravisor. 12 . The system of claim 11 , wherein the generate the scrambled counter value includes obtaining the scrambled counter value from a trusted platform module in communication with the ultravisor. 13 . The system of claim 8 further comprising: store, before the provide the hardware request to the hypervisor, the scrambled counter value; identify a response to the hardware request, the response provided by the hypervisor; determine the response includes an updated scrambled counter value, the updated scrambled counter value based on the scrambled counter value; generate, based on the updated scrambled counter value and based on the scrambled counter value, an update amount; calculate, based on the counter value and based on the update amount, an updated counter value; and provide the updated counter value to the application. 14 . The system of claim 8 , wherein the counter is a decrementer. 15 . A computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions configured to: detect a hardware request of an application, wherein the application executes on a virtualized computer system; determine the hardware request includes a counter, wherein the counter to be performed by the virtualized computer system, and wherein the counter includes a counter value; intercept, based on the determine the hardware request includes the counter, the hardware request before the hardware request is processed by a hypervisor that hosts the virtualized computer system; save the counter value in a secure memory, the secure memory obscured from the hypervisor; generate a scrambled counter value; update the hardware request with the scrambled counter value; and provide, after the update the hardware request, the hardware request to the hypervisor. 16 . The computer program product of claim 15 , wherein the program instructions further configured to: determine, based on the detecting the hardware request, one or more data inputs in the hardware request; and obscure the one or more data inputs. 17 . The computer program product of claim 15 , wherein the secure memory is encrypted, and wherein the hypervisor does not have access to the secure memory. 18 . The computer program product of claim 15 , wherein the scrambled counter value is generated by a random number generator of an ultravisor. 19 . The computer program product of claim 15 , wherein the program instructions further configured to: store, before the provide the hardware request to the hypervisor, the scrambled counter value; identify a response to the hardware request, the response provided by the hypervisor; determine the response includes an updated scrambled counter value, the updated scrambled counter value based on the scrambled counter value; generate, based on the updated scrambled counter value and based on the scrambled counter value, an update amount; calculate, based on the counter value and based on the update amount, an updated counter value; and provide the updated counter value to the application. 20 . The computer program product of claim 15 , wherein the counter is a decrementer.
Assignees
Inventors
Classifications
Isolation or security of virtual machine instances · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
by anonymising data, e.g. decorrelating personal data from the owner's identification · CPC title
Timestamp · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2021089340A1 cover?
- A hardware request of an application is detected. The Application executes on a virtualized computer system. It is determined that the hardware request includes a counter. The counter is to be performed by the virtualized computer system. The counter includes a counter value. The hardware request is intercepted before the it is processed by a hypervisor that hosts the virtualized computer syste…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Mar 25 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).