-
公开(公告)号:GB2594225A
公开(公告)日:2021-10-20
申请号:GB202112113
申请日:2020-01-31
Applicant: IBM
Inventor: UTZ BACHER , REINHARD BUENDGEN , PETER MORJAN , JANOSCH FRANK
Abstract: A computer-implemented method for creating a secure software container may be provided. The method comprises providing a first layered software container image,transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.
-
公开(公告)号:GB2548268B
公开(公告)日:2018-02-21
申请号:GB201707993
申请日:2015-10-20
Applicant: IBM
Inventor: UTZ BACHER , REINHARD THEODOR BUENDGEN
-
公开(公告)号:GB2530225B
公开(公告)日:2016-10-19
申请号:GB201600172
申请日:2014-03-14
Applicant: IBM
Inventor: UTZ BACHER , REINHARD BUENDGEN , EINAR LUECK
-
公开(公告)号:GB2532415A
公开(公告)日:2016-05-25
申请号:GB201420046
申请日:2014-11-11
Applicant: IBM
Inventor: REINHARD BUENDGEN , UTZ BACHER
Abstract: The invention relates to a method of processing guest events in a hypervisor controlled system (10), comprising the steps of triggering a first firmware service on a guest event, it being associated with a guest (20) and with a guest state (52) and a protected guest memory (22) accessible only by the guest (20) and the firmware (70), and a guest key (24). The firmware (70) processes information associated with the guest event, comprising information of the guest state (52) and the protected guest memory (22), and presents only a subset of the information of the guest state (52) and the protected guest memory (22) to a hypervisor (30), wherein the subset of the information is selected to suffice for the hypervisor (30) to process the guest event. Note that the firmware (70) retains part of the information of the guest state (52) and the protected guest memory (22) that is not sent to the hypervisor (30). The hypervisor (30) processes the guest event based on the received subset of the information and sends a process result to the firmware (70) triggering a second firmware service being specific for the guest event. The firmware (70) processes the result together with the part of the information of the guest state (52) and the protected guest memory (22) that was not sent to the hypervisor (30), generating a state and/or memory modification. Then the firmware (70) performs the state and/or memory modification associated with the guest event at the protected guest memory (22).
-
公开(公告)号:GB2596024A
公开(公告)日:2021-12-15
申请号:GB202113906
申请日:2020-03-06
Applicant: IBM
Inventor: UTZ BACHER , REINHARD BUENDGEN , JONATHAN BRADBURY , LISA HELLER , FADI BUSABA
IPC: G06F9/455
Abstract: A computer implemented method is disclosed, which includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system (1505). The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values (1510). The secure interface control can return a response to the query indicative of the amount of storage as a response to the query (1515). A donation of storage to secure for use by the secure interface control can be received based on the response to the query (1520).
-
Patent Agency Ranking
公开(公告)号:IL285013D0
公开(公告)日:2021-09-30
申请号:IL28501321
申请日:2021-07-20
Applicant: IBM , JONATHAN D BRADBURY , LISA CRANTON HELLER , UTZ BACHER , FADI Y BUSABA
Inventor: JONATHAN D BRADBURY , LISA CRANTON HELLER , UTZ BACHER , FADI Y BUSABA
Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.
-
公开(公告)号:GB2548268A
公开(公告)日:2017-09-13
申请号:GB201707993
申请日:2015-10-20
Applicant: IBM
Inventor: UTZ BACHER , REINHARD THEODOR BUENDGEN
Abstract: A method for processing a guest event in a hypervisor-controUed system (lO), comprising the steps: (i) the guest event triggering a first firmware service being specific for the guest event in a firmware (70), the guest event being associated with a guest ( 20) and with a guest state (52) and a protected guest memory (22) accessible only by the guest (20) and the firmware (70), and a guest key (24); (ii) the firmware (70) processing information associated with the guest event, comprising information of the guest state (52) and the protected guest memory (22), and presenting only a subset of the information of the guest state (52) and the protected guest memory (22) to a hypervisor (30), wherein the subset of the information is selected to suffice for the hypervisor(30) to process the guest event; (iii) the firmware(70) retaining a part of the information of the guest state (52) and the protected guest memory (22) that is not being sent to the hypervisor(30); (iv) the hypervisor (30) processing the guest event based on the received subset of the information of the guest state (52) and the protected guest memory (22) and sending a process result to the firmware (70) triggering a second firmware service being specific for the guest even; (v)the firmware (70) processing the received process result together with the part of the information of the guest state (52) and the protected guest memory (22) that was not sent to the hypervisor (30),generating a state and/or memory modification; (vi) the firmware (70) performing the state and/or memory modification associated with the guest event at the protected guest memory (22).
-
公开(公告)号:GB2531037A
公开(公告)日:2016-04-13
申请号:GB201417780
申请日:2014-10-08
Applicant: IBM
Inventor: THOMAS SPATZIER , UTZ BACHER , EINAR LUECK , STEFAN RASPL
Abstract: The invention relates to a computer system comprising a pattern composer (108) operatively coupled to a source IT-infrastructure (130) and to a target IT-infrastructure (116, 118, 120). The source IT-infrastructure hosts a composite application (128) comprising multiple functional modules (C1-04) connected to each other via communication links. An abstract pattern comprises first nodes and first links representing the functional module and communication links and lacks resource-related data enabling a deployment engine (110) to instantiate said resource for providing a runtime environment for the functional modules and communication links. The target IT-infrastructures has assigned a resource catalogue (RC1-RC3) comprising, for each resource available in said target IT-infrastructure, a specification of said resource's capabilities, and comprises second nodes and links each second node being a representation of one or more of the resources of the target IT-infrastructure and comprising an indication the capabilities of said one or more resources represented by said second node. The pattern composer is configured for iteratively supplementing the first nodes and links of the abstract pattern by the second nodes and second links. Thereby, the requirements of any supplemented first and second nodes and links are inherited to the supplementing nodes and links in each iteration.
-
公开(公告)号:GB2631508A
公开(公告)日:2025-01-08
申请号:GB202310251
申请日:2023-07-04
Applicant: IBM
Inventor: MANSURA HABIBA , SHYAMAL KUMAR SAHA , UTZ BACHER
Abstract: A method and system for deploying an application in a software environment, the method comprising: analysing an input 300 to extract at least one keyword 302; generating a list of at least one service for the input based on at least one keyword, preferably by associating the keyword with a functional requirement and identifying an available service which satisfies the functional requirement 304; generating a template to satisfy the input request using the list of at least one service 310; and deploying the application by applying the template. There can be a relationship model between available services, wherein the model includes information of how the available services are configured with respect to each other. The method may further include integration mapping between available services, based on the relationship model, wherein the template codifies the mapping. The template can be validated by deploying the application and running it with sample data which is analysed to measure service level indicators (SLIs). The software environment may be a no-code or low-code development platform (NCDP or LCDP).
-
公开(公告)号:GB2596024B
公开(公告)日:2022-04-27
申请号:GB202113906
申请日:2020-03-06
Applicant: IBM
Inventor: UTZ BACHER , REINHARD BUENDGEN , JONATHAN BRADBURY , LISA HELLER , FADI BUSABA
IPC: G06F9/455
Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.
-
-
-
-
-
-
-
-
-
Search Results
14
records
(took 0.045 seconds)
