-
公开(公告)号:GB2508231A
公开(公告)日:2014-05-28
申请号:GB201221265
申请日:2012-11-27
Applicant: IBM
Inventor: MENCIAS ANGEL NUNEZ , LUECK EINAR , BUENDGEN REINHARD , BACHER UTZ
Abstract: A virtual machine (VM) is executed 200 on a source virtual machine monitor (VMM, e.g. hypervisor) 110 within a logical partition. The VM is allocated certain segments of hardware memory 201 assigned to the partition for exclusive data storage. When the VM is to be migrated to a destination VMM 120, the operation of the machine is suspended 202, and information relating to the configuration of the VM, including the allocated memory segments, is sent to the new VMM 203. The memory segments are then reassigned to the logical partition containing the destination VMM 206. The VM is then shut down 205 on the source VMM, with extended configuration information including descriptions of the assigned memory segments used to recreate the VM at the destination VMM, and the operation of the VM is then resumed on the new VMM 207. This allows the transfer of the data created by the virtual machine without requiring duplication of content and/or excessive processing time.
-
公开(公告)号:AU2020426828A1
公开(公告)日:2022-06-16
申请号:AU2020426828
申请日:2020-12-10
Applicant: IBM
Inventor: BUENDGEN REINHARD , URBAN VOLKER , KISLEY RICHARD , BRADBURY JONATHAN , HENDEL TORSTEN , FREUDENBERGER HARALD , KLOTZ BENEDIKT , WERNER KLAUS , SELVE MARKUS
IPC: G06F21/60
Abstract: A security module, such as a cryptographic adapter, is reserved for a secure guest of a computing environment. The reserving includes binding one or more queues of the security module to the secure guest. The one or more queues are then managed based on one or more actions relating to the reservation.
-
公开(公告)号:ES2863676T3
公开(公告)日:2021-10-11
申请号:ES17780697
申请日:2017-10-02
Applicant: IBM
Inventor: GREINER DAN , SLEGEL TIMOTHY , ZOELLIN CHRISTIAN , JACOBI CHRISTIAN , PAPROTSKI VOLODYMYR , VISEGRADY TAMAS , BUENDGEN REINHARD , BRADBURY JONATHAN , PURANIK ADITYA
Abstract: Un procedimiento para facilitar el procesamiento en un entorno informático, comprendiendo el procedimiento las etapas de: obtener una instrucción (300) para realizar una pluralidad de operaciones, que incluye cifrado y autenticación, siendo la instrucción una instrucción de máquina de arquitectura de hardware única en una interfaz hardware/software y que incluye un campo de código de operación (302) que tiene un código de operación para indicar un mensaje de cifrado con operación de autenticación, y uno o más campos de registro (304, 306, 308) usados para designar uno o más registros para ser usados por la instrucción; y ejecutar la instrucción (300), incluyendo la ejecución: cifrar el único conjunto de datos proporcionados mediante el uso de un registro de uno o más registros (304, 306, 308) de la instrucción para obtener datos cifrados; colocar los datos cifrados en una ubicación designada; autenticar un conjunto de datos adicionales proporcionados por la instrucción, generando la autenticación al menos una parte de una etiqueta de autenticación de mensaje; y almacenar al menos una parte de la etiqueta de autenticación de mensaje en una ubicación seleccionada.
-
公开(公告)号:SG11202105613PA
公开(公告)日:2021-06-29
申请号:SG11202105613P
申请日:2020-02-27
Applicant: IBM
Inventor: BUENDGEN REINHARD , VISEGRADY TAMAS , FRANZKI INGO
Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.
-
公开(公告)号:AU2020233905A1
公开(公告)日:2021-06-10
申请号:AU2020233905
申请日:2020-02-26
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN , BORNTRAEGER CHRISTIAN , BACHER UTZ , BUENDGEN REINHARD
Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/ In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
Patent Agency Ranking
公开(公告)号:DE112014000965T5
公开(公告)日:2015-12-03
申请号:DE112014000965
申请日:2014-03-14
Applicant: IBM
Inventor: BACHER UTZ , BUENDGEN REINHARD , LUECK EINAR
IPC: G06F9/44
Abstract: Die Erfindung betrifft ein Verfahren zum Verarbeiten eines Gastereignisses in einem hypervisorgesteuerten System (10), aufweisend die Schritte: (i) durch das Gastereignis das Auslösen eines ersten, für das Gastereignis speziellen Firmwaredienstes in einer Firmware (70), wobei das Gastereignis einem Gast (20) und einem Gastzustand (52) und einem Gastspeicher (22) zugehörig ist, der mit einem Gastschlüssel (24) verschlüsselt ist; (ii) durch die Firmware (70) das Verarbeiten von Informationen, die zu dem Gastereignis gehören, die Daten des Gastzustands (52) und des Gastspeichers (22) aufweisen, und das Übergeben nur einer Teilmenge der Informationen des Gastzustands (52) und des Gastspeichers (22) in verschlüsselter Form an einen Hypervisor (30), wobei die Teilmenge der Informationen so ausgewählt ist, dass sie für den Hypervisor (30) ausreicht, um das Gastereignis zu verarbeiten; (iii) durch die Firmware (70) das Zurückhalten eines Teils der Informationen des Gastzustands (52) und des Gastspeichers (22), der nicht an den Hypervisor (30) gesendet wird; (iv) durch den Hypervisor (30) das Verarbeiten des Gastereignisses aufgrund der empfangenen Teilmenge der Informationen des Gastzustands (52) und des Gastspeichers (22) und das Senden eines Prozessergebnisses an die Firmware (70), das einen zweiten, für das Gastereignis speziellen Firmwaredienst auslöst; (v) durch die Firmware (70) das Verarbeiten des empfangenen Prozessergebnisses zusammen mit dem Teil der Informationen des Gastzustands (52) und des Gastspeichers (22), der nicht an den Hypervisor (30) gesendet wurde, wodurch eine Zustands- und/oder Speicherveränderung erzeugt wird; (vi) durch die Firmware (70) das Durchführen der zu dem Gastereignis und dem Gastspeicher (22) gehörenden Zustands- und/oder Speicherveränderung in verschlüsselter Form.
-
公开(公告)号:GB2522030A
公开(公告)日:2015-07-15
申请号:GB201400378
申请日:2014-01-10
Applicant: IBM
Inventor: BUENDGEN REINHARD , MAYER ULRICH , HUBER MATTHIAS , WERNER KLAUS
IPC: G06F11/30
Abstract: A method for monitoring of a shared hardware resource (100) in a computer system (1) running at least two partitions (P1, P2, ..., Pn) comprising the steps of: collecting measurement data from the hardware resource (100); computing an aggregation of the measurement data over a certain time interval; using a workload dependent heuristic to calculate a noise level value adapted to a workload; generating noise data based on the noise level value; confounding the computed aggregation of measurement data with the generated noise data; and outputting the confounded measurement data to an external interface (220) for monitoring. The shared hardware resource may be a cryptographic adapter or cryptographic engine which handles sensitive or private information. A noise information repository (310) accessible from a measurement component (200) and a noise data generator (300) stores noise data or noise level values as noise information computed by the noise data generator (300). The measurement component (200) may be shielded from external access except through the confounded measurement data available via the external interface (220). The invention seeks to prevent the leakage of usage data between partitions. In particular it prevents usage data from an individual partition being derivable from global performance measurement data.
-
公开(公告)号:GB2515536A
公开(公告)日:2014-12-31
申请号:GB201311430
申请日:2013-06-27
Applicant: IBM
Inventor: BACHER UTZ , BUENDGEN REINHARD , LUECK EINAR
Abstract: A guest event triggers a first service, specific for the guest event, in firmware (70, fig. 3). The guest event is associated with a guest 20, with guest state (52, fig. 3) and guest memory (22, fig. 3) encrypted with guest key 24. The firmware processes guest state and guest memory information and presents only a subset of the information in decrypted form to hypervisor 30, wherein the subset of information is selected to suffice for the hypervisor to process the guest event. The firmware retains a part of the information of the guest state and memory that is not sent to the hypervisor. The hypervisor processes the guest event, based on the received subset of information, and sends a process result to the firmware which triggers a second firmware service specific for the guest event. The firmware processes the received result, together with the part of the guest information not sent to the hypervisor, to generate a state and/or memory modification. The firmware performs the state and/or memory modification associated with the guest event at the guest memory in encrypted form.
-
公开(公告)号:GB2508983B
公开(公告)日:2014-10-29
申请号:GB201319575
申请日:2013-11-06
Applicant: IBM
Inventor: BACHER UTZ , MENCIAS ANGEL NUNEZ , LUECK EINAR , BUENDGEN REINHARD
-
公开(公告)号:GB2508983A
公开(公告)日:2014-06-18
申请号:GB201319575
申请日:2013-11-06
Applicant: IBM
Inventor: BUENDGEN REINHARD , BACHER UTZ , MENCIAS ANGEL NUNEZ , LUECK EINAR
Abstract: A virtual machine (VM) is executed 200 on a source virtual machine monitor (VMM, e.g. hypervisor) 110 within a logical partition. The VM is allocated certain segments of hardware memory 201 assigned to the partition for exclusive data storage. When the VM is to be migrated to a destination VMM 120, the operation of the machine is suspended 202, and information relating to the configuration of the VM, including the allocated memory segments, is sent to the new VMM 203. The memory segments are then reassigned to the logical partition containing the destination VMM 206. The VM is then shut down 205 on the source VMM, with extended configuration information including descriptions of the assigned memory segments used to recreate the VM at the destination VMM, and the operation of the VM is then resumed on the new VMM 207. This allows the transfer of the data created by the virtual machine without requiring duplication of content and/or excessive processing time.
-
-
-
-
-
-
-
-
-
Search Results
41
records
(took 0.019 seconds)
