Processing

Please wait...

Settings

Settings

Goto Application

1. WO2009144602 - PROTECTION AND SECURITY PROVISIONING USING ON-THE-FLY VIRTUALIZATION

Publication Number WO/2009/144602
Publication Date 03.12.2009
International Application No. PCT/IB2009/051682
International Filing Date 24.04.2009
IPC
G06F 21/00 2006.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
CPC
G06F 2009/45587
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
45533Hypervisors; Virtual machine monitors
45558Hypervisor-specific management and integration aspects
45587Isolation or security of virtual machine instances
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 9/45541
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
45533Hypervisors; Virtual machine monitors
45541Bare-metal, i.e. hypervisor runs directly on hardware
G06F 9/45558
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
45533Hypervisors; Virtual machine monitors
45558Hypervisor-specific management and integration aspects
Applicants
  • INTERNATIONAL BUSINESS MACHINES CORPORATION [US]/[US] (AllExceptUS)
  • CARBONE, Martim [BR]/[US] (UsOnly)
  • JANSEN, Bernhard [DE]/[CH] (UsOnly)
  • RAMASAMY, HariGovind V. [IN]/[US] (UsOnly)
  • SCHUNTER, Matthias [DE]/[CH] (UsOnly)
  • TANNER, Axel [DE]/[CH] (UsOnly)
  • ZAMBONI, Diego [MX]/[MX] (UsOnly)
Inventors
  • CARBONE, Martim
  • JANSEN, Bernhard
  • RAMASAMY, HariGovind V.
  • SCHUNTER, Matthias
  • TANNER, Axel
  • ZAMBONI, Diego
Agents
  • MEYER, Michael
Priority Data
12/130,15930.05.2008US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) PROTECTION AND SECURITY PROVISIONING USING ON-THE-FLY VIRTUALIZATION
(FR) FOURNITURE D’UNE PROTECTION ET D’UNE SÉCURITÉ AU MOYEN DE LA VIRTUALISATION INSTANTANÉE
Abstract
(EN) Avirtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least one ofa memory module and a storage module of thecomputer system. At least one ofread access and write access to at least one portion of theat least one of a memory module and a storage moduleis controlled, with thevirtualization layer. The insertion ofthe virtualization layer is accomplished in an on-the-fly manner (that is, without rebooting the computer system). An additional aspect includes controlling installation of a security program from the virtualization layer.
(FR) La présente invention concerne une couche de virtualisation qui est insérée entre (i) un système d’exploitation d’un système informatique et (ii) un module de mémorisation et/ou un module de stockage du système informatique. Un accès pour lecture et/ou un accès pour écriture à au moins une partie du module de mémorisation et/ou du module de stockage est commandé avec la couche de virtualisation. L’insertion de la couche de virtualisation est réalisée suivant une méthode instantanée (c’est-à-dire sans réinitialiser le système informatique). Un autre aspect comprend la commande de l’installation d’un programme de sécurité à partir de la couche de virtualisation.
Related patent documents
Latest bibliographic data on file with the International Bureau