(19) United States
`(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2015/0033221 A1
`(12) Patent Application Publication (10) Pub. No.: US 2015/0033221 Al
`Jan. 29, 2015
`Chari et al.
`(43) Pub. Date:
`Jan. 29, 2015
`Chari et al.
`(43) Pub. Date:
`
`US 20150.033221A1
`
`(54) SANITIZATION OF VIRTUAL MACHINE
`(54) SANITIZATION OF VIRTUAL MACHINE
`IMAGES
`IMAGES
`
`(71) Applicant: International Business Machines
`(71) Applicant: International Business Machines
`Corporation, Armonk, NY (US)
`Corporation, Armonk, NY (US)
`
`(72) Inventors: Suresh N. Chari, Tarrytown, NY (US);
`Inventors: Suresh N. Chari, Tarrytown, NY (US);
`(72)
`Ashish Kundu, Elmsford, NY (US)
`Ashish Kundu, Elmsford, NY (US)
`(73) Assignee: International Business Machines
`(73) Assignee: stational styhis
`Corporation, Armonk, NY (US)
`orporation, Armonk,
`(US)
`21) Appl. No.: 13/950,014
`(21) Appl. No.: 13/950,014
`(21) Appl. No
`9
`(22) Filed:
`Jul. 24, 2013
`(22) Filed:
`Jul. 24, 2013
`
`Publication Classification
`Publication Classification
`
`(51) Int. Cl.
`(51) Int. Cl.
`G06F 9/455
`GO6F 9/455
`
`(2006.01)
`(2006.01)
`
`(52) U.S. Cl.
`(52) U.S. Cl.
`CPC .................................. G06F 9/45533 (2013.01)
` GO6F 9/45533 (2013.01)
`CPC
`USPC .............................................................. 718/1
`USPC
` 718/1
`
`(57)
`ABSTRACT
`(57)
`ABSTRACT
`Sanitizing a virtual machine image of sensitive data is pro
`Sanitizing a virtual machine image of sensitive data is pro-
`vided. A label for a sensitivity level is attached to identified
`vided. A label for a sensitivity level is attached to identified
`sensitive data contained within each Software component in a
`sensitive data contained within each software component in a
`plurality of software components of a software stack in a
`plurality of software components of a software stack in a
`virtual machine image based on labeling policies. In response
`virtual machine image based on labeling policies. In response
`to receiving an input to perform a sanitization of the identified
`to receiving an input to perform a sanitization of the identified
`sensitive data having attached sensitivity level labels con
`sensitive data having attached sensitivity level labels con-
`tained within software components of the software stack in
`tained within software components of the software stack in
`the virtual machine image, the sanitization of the identified
`the virtual machine image, the sanitization of the identified
`sensitive data having the attached sensitivity level labels con
`sensitive data having the attached sensitivity level labels con-
`tained within the software components of the software stack
`tained within the software components of the software stack
`in the virtual machine image is performed based on sanitiza
`in the virtual machine image is performed based on sanitiza-
`tion policies.
`tion policies.
`
`208
`
`PERSISTENT STORAGE
`
`218
`
`VM IMAGE MANAGER
`
`VM IMAGE
`
`220
`
`DATA PROCESSING
`DATAPROCESSING | STORAGE
`STORAGE
`SYSTEM
`SYSTEM
`DEVICES
`DEVICES
`200
`216
`200
`216
`
`
`
`204
`204
`
`
`
`206
`206
`
`
`
`228
`228
`
`222
`222
`
`LABELER
`LABELER
`
`230
`230
`
`232
`232
`
`LABELING SCRIPTS
`LABELINGSCRIPTS
`
`LABELING POLICIES
`LABELINGPOLICIES
`
`LABELING SCRIPT
`LABELING SCRIPT
`EXECUTION POLICIES
`EXECUTION POLICIES
`
`234
`234
`\
`SANITIZATION
`SANTIZATION
`SCRIPTS
`SCRIPTS
`
`224
`224
`
`SANITIZER
`SANITIZER 236
`236
`/
`
`SANITIZATION
`SANTIZATION
`POLICIES
`POLICIES
`
`238
`238
`/
`SANITIZATION SCRIPT
`SANTIZATIONSCRIPT
`EXECUTION POLICIES
`EXECUTION POLICIES
`
`PROCESSOR UNIT
`PROCESSORUNIT
`
`MEMORY
`MEMORY
`
`SPECIFIC INSTANCE OF A VM IMAGE
`SPECIFIC INSTANCE OF AVMIMAGE
`
` 1 226
`
`226
`
`210 A COMMUNICATIONS UNIT
`210 COMMUNICATIONS UNIT
`
`
`
`202
`202
`COMMUNICATIONS
`COMMUNICATIONS
`FABRIC
`FABRIC
`
`INPUT/OUTPUT UNIT
`INPUTIOUTPUT UNIT
`
`212
`
`DISPLAY
`DISPLAY
`
`
`
`
`K 214
`214
`
`ft
`
`COMPUTER PROGRAM PRODUCT
`COMPUTER PROGRAMPRODUCT
`
`COMPUTER-READABLE STORAGE MEDIA
`PROGRAM CODE
`PROGRAMCODE COMPUTER-READABLESTORAGEMEDIA
`COMPUTER-
`COMPUTER
`242
`READABLE MEDIA 242
`READABLE MEDIA PA
`
`244 -74.
`244
`
`240
`240
`
`246
`246
`
`COMPUTER-READABLE SIGNAL MEDIA I
`COMPUTER-READABLESIGNAL MEDIA
`
`248
`248
`
`WIZ, Inc. EXHIBIT - 1056
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1056
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 1 of 10
`
`US 2015/0033221 Al
`
`100
`
`104
`
`SERVER
`
`CI
`
`106
`
`SERVER
`
`i_
`
`CLIENT
`
`110
`
`102
`
`NETWORK
`
`_I
`i
`CLIENT
`
`-N- 112
`
`108 -
`
`STORAGE
`
`-..
`
`FIG. 1
`
`.,•
`
`,,,,..
`
`I
`-I
`CLIENT
`
`-114
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 1 of 10
`
`US 2015/0033221 Al
`
`
`
`
`
`104 ~]
`
`
`
`
`
`
`
`
`
`
`
`SERVER
`
`
`
`
`
`106 ~|
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CLIENT
`
`
`
`SERVER
`
`
`
`

`

`Patent Application Publication
`
`OI Jo Z WIN SIOZ `6Z '111f
`
`Iv tZZ££00/StOZ SR
`
`208
`
`PERSISTENT STORAGE
`
`218
`
`VM IMAGE MANAGER
`
`VM IMAGE
`
`220
`
`DATA PROCESSING
`SYSTEM
`200
`
`STORAGE
`DEVICES
`216
`
`204
`
`206
`
`228
`
`222
`
`LABELING SCRIPTS
`
`LABELER
`
`230
`/
`LABELING POLICIES
`
`232
`/
`LABELING SCRIPT
`EXECUTION POLICIES
`
`234
`
`SANITIZATION
`SCRIPTS
`
`224
`
`SANITIZER
`
`SANITIZATION
`POLICIES
`
`236
`/
`
`238
`/
`SANITIZATION SCRIPT
`EXECUTION POLICIES
`
`PROCESSOR UNIT
`
`MEMORY
`
`SPECIFIC INSTANCE OF A VM IMAGE
`
` k- 226
` >
`
`<_
`
`210 A COMMUNICATIONS UNIT
`
`/
`202
`COMMUNICATIONS
`FABRIC
`
`INPUT/OUTPUT UNIT -\-212
`
`DISPLAY
`
`k_214
`
`COMPUTER PROGRAM PRODUCT
`
`244 -/.
`
`PROGRAM CODE
`/
`240
`
`COMPUTER-READABLE STORAGE MEDIA
`
`COMPUTER-READABLE SIGNAL MEDIA
`
`/
`246
`
`COMPUTER-
`READABLE MEDIA
`
`242
`
`248
`
`FIG. 2
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 2 of 10
`
`US 2015/0033221 Al
`
`二
`
`%
`
`
`
`
`
`
`
`208
`
`PERSISTENT STORAGE
`
`
`
`218~| VM IMAGE MANAGER | | VM IMAGE 一 220
`
`
`
`
`
`
`228
`\
`
`222
`
`LABELER
`
`[230
`/
`
`
`
`
`
`
`
`232
`/
`LABELING SCRIPT
`LABELING SCRIPTS
`LABELING POLICIES
`EXECUTION POLICIES
`
`
`
`
`
`
` 204
`234
`ee
`SANITIZER
`236
`238
`2
`2
`\
`SANITIZATION SCRIPT
`SANITIZATION
`SANITIZATION
`
`EXECUTION POLICIES
`POLICIES
`SCRIPTS
`
`
`
`
`
`
`
`
`
`
`
`DATA PROCESSING | STORAGE
`SYSTEM
`DEVICES
`
`200
`
`216
`
`204
`\
`
`206
`\
`
`
`
`MEMORY
`
`
`
`
`
`SPECIFIC INSTANCE OF A VM IMAGE
`
`
`NX 296
`
`
`
`
`
`
`
`
`
`
`
`PROCESSOR UNIT
`
`
`
`一
`
`此
`
`4
`
`2
`
`%
`
`
`
`
`210- 一 COMMUNICATIONS UNIT
`COMMUNICATIONS
`INPUT/OUTPUT UNIT -212
`DISPLAY
`
`
`FABRIC
`
`
`
`
`
`
`
`214
`
`
`
`
`COMPUTER PROGRAM PRODUCT
`
`
`
`
`
`yy
`
`244
`
`
`
`PROGRAM CODE || COMPUTER-READABLE STORAGE MEDIA || COMPUTER-READABLE SIGNAL MEDIA
`
`
`
`
`\
`COMPUTER-
`7
`7
`READABLE MEDIA 242
`248
`246
`240
`
`
` FIG, 2
`
`
`
`

`

`Patent Application Publication
`
`OI Jo £ WIN SIOZ `6Z '111f
`
`Iv IZZ££00/SIOZ SR
`
`DATA PROCESSING
`SYSTEM
`320C
`
`FIG. 3
`
`DATA PROCESSING
`SYSTEM
`320N
`
`\
`
`/
`/
`
`1
`\
`\
`\
`\
`
``,,,
`\
``‘
`\,.
`
`\\\
`
`V
`/\
`
`/
`
`1 \
`\
`\
`%
`\
`\
`
`,
`1
`1
`1
`1
`1
`I
`
`\ (--->c)\
`, \
`, , ,
`,
`,
`‘
`, I
`,
`„
`\ \ _, ,
`,.,;, ,
`I I
`7- L1-1/'
`
`ci•
`
`.7\
`
`\
`
`_ _
`
`I /
`
`7
`
`DATA
`PROCESSING
`SYSTEM
`320B
`
`DATA PROCESSING
`SYSTEM
`
`310
`CLOUD
`COMPUTING NODES
`
`300
`CLOUD COMPUTING
`ENVIRONMENT
`
`ul l
`/EliVaiagale
`M &Veda'
`re., 11W,.‘
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 3 of 10
`
`US 2015/0033221 Al
`
`
`
`
`
`ONISSADONd VLYO
`
`€ Ol
`
`
`
`
`
`ONISSAOONd VLVG
`AlLSAS) §&{_
`90z¢ |
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`vivd
`ONISSAOONd
`WALSAS
`g0ce
`
`VOcE
`ONISSIOONd VLVG
`WALSAS
`
`OLE
`qnon19
`S3CON 9NllndWoo
`
`00€
`ONLLNdWOO qnoro
`JN3NNOJIAN3
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`OI Jo 17 WIN SIOZ `6Z '111f
`
`Iv tZZ££00/StOZ SR
`
` j]
`
`VIRTUAL
`MACHINES
`
` J J I
`
`NETWORKING NETWORK
`APPLICATION
`SERVER DATABASE
`SOFTWARE SOFTWARE
`
`404
`
`402
`
`FIG. 4
`
`VIRTUAL
`SERVERS
`
`LL_
`L_
`
`VIRTUAL
`STORAGE
`
`L-ih_-1
`
`VIRTUAL NETWORKS VIRTUAL APPLICATIONS
`AND OPERATING SYSTEMS
`I
`
`O
`
`VIRTUALIZATION LAYER
`IBM ®
`BLADECENTER ®
`SYSTEMS
`
`RISC
`ARCHITECTURE
`MAINFRAMES SERVERS
`
`/
`
`IBM ®
`xSERIES ®
`SYSTEMS
`
`STORAGE
`
`r 1
`
`l_
`
`L
`HARDWARE AND SOFTWARE LAYER
`
`
`
`ABSTRACTION LAYERS OF A CLOUD COMPUTING ENVIRONMENT
`400
`A
`
`/MAPPING AND
`
`NAVIGATION
`
`SOFTWARE
`DEVELOPMENT
`AND LIFECYCLE
`MANAGEMENT
`
`VIRTUAL
`CLASSROOM
`EDUCATION
`DELIVERY
`
`/
`
`DATA
`ANALYTICS
`PROCESSING
`
`TRANSACTION
`PROCESSING
`
`RESOURCE
`PROVISIONING
`
` I/ METERING
`
`AND PRICING
`
`WORKLOAD LAYER
`
`/
`
`
`
`/
`
` USERC URPI TYOR AT AN LD
`
`/
`
`
`
`/ SERVICEB AL EEVNETL
`
`/
`
`MANAGEMENT LAYER
`
`GENERATING AND
`MANAGING SPECIFIC
`INSTANCES OF
`VIRTUAL MACHINES
`
`/ VIRTUAL MACHINE/
`
`MANAGEMENT
`
`408
`
`406
`
`//
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 4 of 10
`
`US 2015/0033221 Al
`
`404
`
`402
`
`RISC
`ARCHITECTURE
`SERVERS
`
`M
`
`AINFRAMES
`
`
`
`iam ®
`xSERIES ®
`SYSTEMS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ABSTRACTION LAYERS OF
`
`ACLOUD COMPUTING ENVIRONMENT
`400
`
` f
`
`
`
`
`
`MAPPING AND
`NAVIGATION
`
`SOFTWARE
`DEVELOPMENT
`AND LIFECYCLE
`MANAGEMENT
`
`VIRTUAL
`CLASSROOM
`EDUCATION
`DELIVERY
`
`DATA
`
`ANALYTICS
`PROCESSING
`
`TRANSACTION
`PROCESSING
`
`GENERATING AND
`MANAGING SPECIFIC
`INSTANCES OF
`VIRTUAL MACHINES
`
`408
`
`
`
`WORKLOAD LAYER
`
`
`
`
`
`RESOURCE
`PROVISIONING
`
`METERING
`AND PRICING
`
`SECURITY AND
`USER PORTAL
`
`SERVICE LEVEL
`MANAGEMENT
`
`VIRTUAL MACHINE
`MANAGEMENT
`
`406
`
`
`
`MANAGEMENT LAYER
`
`
`
`VIRTUAL
`SERVERS
`[一 一
`
`VIRTUAL
`STORAGE
`
`VIRTUAL NETWORKS — VIRTUAL APPLICATIONS
`AND OPERATING SYSTEMS
`
`
`
`
`
`(oS! pc
`
`
`
`
`
`
`
`
`
`
`
`VIRTUAL
`MACHINES
`eH
`
`—A
`
`
`
`
`
`
`
`[Bair
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`STORAGE
`
`
`
`
`
`
`VIRTUALIZATION LAYER
`Mee
`BLADECENTER
`SYSTEMS
`
`NETWORK
`NETWORKING
`“4 APPLICATION
`SERVER
`DATABASE
`SOFTWARE SOFTWARE
`
`
`
`
`
`
`
`圖 na
`
`
`
`
`HARDWARE AND SOFTWARE LAYER
`
`FIG. 4
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 5 of 10
`
`US 2015/0033221 Al
`
`.---
`---'
`
`..,'
`
`-••••-'"
`
`.---
`
`VM IMAGE
`500
`
`VM IMAGE
`SOFTWARE STACK
`502
`
`APPLICATIONS
`
`MIDDLEWARE
`
`GUEST OS
`
`VIRTUAL STORAGE
`
`FIG. 5
`
`✓- 504
`
`__
`
`- 506
`
`--
`
`--
`
`- 508
`
`- 510
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 5 of 10
`
`US 2015/0033221 Al
`
`VM IMAGE
`SOFTWARE STACK
`502
`
`
`
`二 -一
`
`VM IMAGE
`
`Pan 人
`
`
`
`APPLICATIONS
`
`504
`
`
`J、 一 506
`
`MIDDLEWARE
`
`
`
`500
`
`™~ 、、 、
`
`~、_
`
`
`GUEST OS
`VIRTUAL STORAGE
`
`
`
`
`
`
`
`十 508
`
`t 549
`
`FIG. 5
`
`

`

`Patent Application Publication
`
`OI Jo 9 WIN SIOZ `6Z '111f
`
`Iv tZZ££00/StOZ SR
`
`FIG. 6
`
`VM IMAGE LIFECYCLE
`600
`
`606
`
`MASTER CATALOG
`OF VM IMAGES
`
`602
`
`604
`
`GENERATE
`VM IMAGE r
`
`---/
`
`PUBLISH
`VM IMAGE
`TO CLOUD
`
`H
`
`H CATALOG OF
`
`THIRD-PARTY
`VM IMAGES
`
`608
`
`612
`/
`USER
`CREDENTIALS
`
`GENERATE
`SPECIFIC
`INSTANCE OF
`VM IMAGE
`610
`
`GENERATE
`SPECIFIC INSTANCE
`OF VM IMAGE CLONE
`620
`/
`
`CATALOG OF
`VM IMAGE
`CLONES
`618
`
`616
`CLONE SPECIFIC
`INSTANCE OF VM IMAGE
`
`N. -S/
`614
`GENERATE SNAPSHOT OF
`SPECIFIC INSTANCE OF
`VM IMAGE FOR ROLLBACK
`
`622
`GENERATE
`VIRTUAL
`STORAGE BLOCK
`
`624
`626
`ATTACH TO
`ALLOCATE TO
`SPECIFIC INSTANCE SPECIFIC INSTANCE
`OF VM IMAGE
`OF VM IMAGE
`
`628
`DETACH FROM
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`630
`DELETE VIRTUAL
`STORAGE BLOCK
`
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 6 of 10
`
`US 2015/0033221 Al
`
`FIG. 6
`
`VM IMAGE LIFECYCLE
`
`品
`
`
`
`
`
`GENERATE
`SPECIFIC INSTANCE
`OF VM IMAGE CLONE
`620
`/
`
`圖
`
`
`
`
`
`602
`
`604
`
`GENERATE
`VM IMAGE
`
`PUBLISH
`VM IMAGE
`TO CLOUD
`
`606
`、
`
`MASTER CATALOG
`OF VM IMAGES
`
`
`
`
`
`
`
`
`CATALOG OF
`THIRD-PARTY
`VM IMAGES
`7
`608
`
`612
`
`USER
`CREDENTIALS
`
`GENERATE
`SPECIFIC
`INSTANCE OF
`VM IMAGE
`610
`
`616
`CLONE SPECIFIC
`INSTANCE OF VM IMAGE
`
`ee,
`aS
`614
`GENERATE SNAPSHOT OF
`SPECIFIC INSTANCE OF
`VM IMAGE FOR ROLLBACK
`
`
`
`
`
`GENERATE
`VIRTUAL
`STORAGE BLOCK
`
`624
`ALLOCATE TO
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`626
`ATTACH TO
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`628
`DETACH FROM
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`630
`DELETE VIRTUAL
`STORAGE BLOCK
`
`CATALOG OF
`VM IMAGE
`CLONES
`618
`
`
`
`S
`
`各
`
`
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 7 of 10
`
`US 2015/0033221 Al
`
`LABELING
`SCRIPT
`EXECUTION
`POLICIES
`
`y- 708
`
`710
`
`LABELED SPECIFIC
`INSTANCE OF VM IMAGE
`
`LABEL FILE
`
`712
`
`706
`
`704
`
`LABELING
`SCRIPTS
`
`LABELING
`POLICIES
`
`702
`
`SPECIFIC
`INSTANCE OF
`VM IMAGE
`
`LABELER
`700
`
`FIG. 7
`
`806
`
`804
`
`SANITIZATION
`SCRIPTS
`
`SANITIZATION
`POLICIES
`
`802
`
`LABELED
`SPECIFIC
`INSTANCE OF
`VM IMAGE
`
`SANITIZER
`800
`
`FIG. 8
`
`SANITIZATION
`SCRIPT
`EXECUTION
`POLICIES
`
`y - 808
`
`810
`
`SANITIZED
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 8 of 10
`
`US 2015/0033221 Al
`
`FIG. 9
`
`GENERATE VM IMAGE
`
`VM IMAGE LABELING AND
`SANITIZATION PROCESS
`900
`
`LABEL AND SANITIZE VM IMAGE
`
`PUBLISH VM IMAGE TO A
`CATALOG ON A CLOUD
`
`902 1
`
`904 1
`
`906
`H
`
`9081
`
`GENERATE SPECIFIC
`INSTANCE OF VM IMAGE
`
`910 -N1
`
`LABEL AND SANITIZE SPECIFIC
`INSTANCE OF VM IMAGE
`
`912 -- .
`
`DELIVER LABELED AND
`SANITIZED SPECIFIC INSTANCE
`OF VM IMAGE TO USER
`
`GENERATE CLONE OF
`SPECIFIC INSTANCE
`OF VM IMAGE
`
`/
`920
`LABEL AND SANITIZE
`CLONED SPECIFIC
`INSTANCE OF VM IMAGE
`/
`922 v
`STORE LABELED AND
`SANITIZED CLONE OF
`SPECIFIC INSTANCE
`OF VM IMAGE
`/
`924
`
`DYNAMICALLY LABEL AND
`SANITIZE RUNNING
`INSTANCES OF VM IMAGE
`
`GENERATE SNAPSHOT
`OF SPECIFIC INSTANCE
`OF VM IMAGE
`
`926
`MONITOR LABELED AND
`SANITIZED RUNNING
`INSTANCES OF VM IMAGE
`
`914
`LABEL AND SANITIZE
`SNAPSHOT OF SPECIFIC
`INSTANCE OF VM IMAGE
`
`928
`
`916
`STORE LABELED AND
`SANITIZED SNAPSHOT
`OF SPECIFIC INSTANCE
`OF VM IMAGE
`
`918
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 9 of 10
`
`US 2015/0033221 Al
`
`C START )
`RECEIVE, BY A COMPUTER, AN INPUT TO
`GENERATE A VIRTUAL MACHINE IMAGE
`GENERATE, BY THE COMPUTER, THE VIRTUAL MACHINE IMAGE
`
`1002--
`
`1004-H
`
`1006-\_
`
`IDENTIFY, BY THE COMPUTER, A SPECIFICATION LANGUAGE THAT DEFINES
`WHEN THE VIRTUAL MACHINE IMAGE IS SANITIZED, THE SOFTWARE
`COMPONENTS OF THE VIRTUAL MACHINE IMAGE THAT ARE LABELED AND
`SANITIZED, A FIRST SET OF POLICIES ASSOCIATED WITH LABELING AND
`SANITIZING THE VIRTUAL MACHINE IMAGE, AND A SECOND SET OF POLICIES
`ASSOCIATED WITH EXECUTION OF LABELING AND SANITIZATION PROGRAMS
`
`1008-' -
`
`1010-
`
`1012-/-
`
`INSERT, BY THE COMPUTER, A LABELER MODULE AND A SANITIZER MODULE
`
`INTO EACH SOFTWARE COMPONENT IN A PLURALITY OF SOFTWARE
`COMPONENTS OF A SOFTWARE STACK IN THE VIRTUAL MACHINE IMAGE
`IDENTIFY, BY THE COMPUTER, LABELING DEPENDENCIES BETWEEN
`
`SOFTWARE COMPONENTS IN THE PLURALITY OF SOFTWARE COMPONENTS
`OF THE SOFTWARE STACK IN THE VIRTUAL MACHINE IMAGE BASED ON
`LABELING SCRIPT EXECUTION POLICIES LOCATED IN THE LABELER MODULE
`EXECUTE, BY THE COMPUTER, A LABELING PROGRAM IN EACH
`
`SOFTWARE COMPONENT IN THE PLURALITY OF SOFTWARE
`COMPONENTS OF THE SOFTWARE STACK IN THE VIRTUAL
`MACHINE IMAGE BASED ON LABELING EXECUTION POLICIES
`I\A)
`TO FIG. 10B
`FIG. 10A
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 10 of 10
`
`US 2015/0033221 Al
`
`FROM FIG. 10B
`A
`
`1014-N_
`
`USE, BY THE COMPUTER, THE LABELING SCRIPTS TO ATTACH A
`SENSITIVITY LEVEL LABEL TO IDENTIFIED SENSITIVE DATA
`CONTAINED WITHIN EACH SOFTWARE COMPONENT IN THE
`PLURALITY OF SOFTWARE COMPONENTS OF THE SOFTWARE STACK
`IN THE VIRTUAL MACHINE IMAGE BASED ON LABELING POLICIES
`
`1016-N,
`
`RECEIVE, BY THE COMPUTER, AN INPUT TO PERFORM A SANITIZATION
`OF THE IDENTIFIED SENSITIVE DATA HAVING ATTACHED SENSITIVITY
`LEVEL LABELS CONTAINED WITHIN THE SOFTWARE COMPONENTS OF
`THE SOFTWARE STACK IN THE VIRTUAL MACHINE IMAGE
`
`1018-
`
`1020-'-
`
`1022-
`
`IDENTIFY, BY THE COMPUTER, SANITIZATION DEPENDENCIES
`BETWEEN THE SOFTWARE COMPONENTS IN THE PLURALITY OF
`SOFTWARE COMPONENTS OF THE SOFTWARE STACK IN THE
`VIRTUAL MACHINE IMAGE BASED ON SANITIZATION SCRIPT
`EXECUTION POLICIES LOCATED IN THE SANITIZER MODULE
`
`EXECUTE, BY THE COMPUTER, SANITIZATION SCRIPTS IN EACH
`SOFTWARE COMPONENT IN THE PLURALITY OF SOFTWARE
`COMPONENTS OF THE SOFTWARE STACK IN THE VIRTUAL
`MACHINE IMAGE BASED ON THE IDENTIFIED SANITIZATION
`DEPENDENCIES BETWEEN THE SOFTWARE COMPONENTS
`
`USE, BY THE COMPUTER, THE SANITIZATION SCRIPTS TO PERFORM
`THE SANITIZATION OF THE IDENTIFIED SENSITIVE DATA HAVING THE
`ATTACHED SENSITIVITY LEVEL LABELS CONTAINED WITHIN THE
`SOFTWARE COMPONENTS OF THE SOFTWARE STACK IN THE
`VIRTUAL MACHINE IMAGE BASED ON SANITIZATION POLICIES
`
`( END
`
`FIG. 10B
`
`

`

`US 2015/0033221 Al
`
`1
`
`Jan. 29, 2015
`
`SANITIZATION OF VIRTUAL MACHINE
`IMAGES
`
`BACKGROUND
`
`[0001] 1. Field
`[0002] The disclosure relates generally to virtual machines
`and more specifically to sanitizing a virtual machine image of
`sensitive data contained within a plurality of different soft-
`ware components of a software stack installed on the virtual
`machine image.
`[0003] 2. Description of the Related Art
`[0004] The concept of virtual machines has been used in
`computing for decades. For example, mainframe computers
`take advantage of their computing power by running multiple
`instances of the same or different operating systems within
`multiple virtual machines on the same computer. Virtual
`machines are desirable due to their ability to isolate specific
`applications, tasks, or users. For example, an individual want-
`ing to manage his or her personal finances may use a virtual
`machine that is specifically equipped with personal account-
`ing software and a variety of sensitive personal finance data
`associated with that individual. Virtual machines are typically
`stored as a set of files.
`
`SUMMARY
`
`[0005] According to one illustrative embodiment, a com-
`puter-implemented method for sanitizing a virtual machine
`image of sensitive data is provided. A computer attaches a
`sensitivity level label to identified sensitive data contained
`within each software component in a plurality of software
`components of a software stack in a virtual machine image
`based on labeling policies. In response to the computer
`receiving an input to perform a sanitization of the identified
`sensitive data having attached sensitivity level labels con-
`tained within software components of the software stack in
`the virtual machine image, the computer performs the saniti-
`zation of the identified sensitive data having the attached
`sensitivity level labels contained within the software compo-
`nents of the software stack in the virtual machine image based
`on sanitization policies. According to other illustrative
`embodiments, a computer system and a computer program
`product for sanitizing a virtual machine image of sensitive
`data also are provided.
`
`BRIEF DESCRIPTION OF THE SEVERAL
`VIEWS OF THE DRAWINGS
`
`[0006] FIG. 1 is a pictorial representation of a network of
`data processing systems in which illustrative embodiments
`may be implemented;
`[0007] FIG. 2 is a diagram of a data processing system in
`which illustrative embodiments may be implemented;
`[0008] FIG. 3 is a diagram illustrating a cloud computing
`environment in which illustrative embodiments may be
`implemented;
`[0009] FIG. 4 is a diagram illustrating an example of
`abstraction layers of a cloud computing environment in
`accordance with an illustrative embodiment;
`[0010] FIG. 5 is a diagram illustrating an example of a
`virtual machine image in accordance with an illustrative
`embodiment;
`[0011] FIG. 6 is a diagram illustrating an example of a
`lifecycle of a virtual machine image in accordance with an
`illustrative embodiment;
`
`[0012] FIG. 7 is a diagram illustrating a labeler in accor-
`dance with an illustrative embodiment;
`[0013] FIG. 8 is a diagram illustrating a sanitizer in accor-
`dance with an illustrative embodiment;
`[0014] FIG. 9 is a diagram illustrating an example of a
`virtual machine image labeling and sanitization process in
`accordance with an illustrative embodiment; and
`[0015] FIG. 10A and FIG. 10B are a flowchart illustrating a
`process for sanitizing a virtual machine image of sensitive
`data in accordance with an illustrative embodiment.
`
`DETAILED DESCRIPTION
`
`[0016] As will be appreciated by one skilled in the art,
`aspects of the illustrative embodiments may be embodied as
`a computer system, computer-implemented method, or com-
`puter program product. Accordingly, aspects of the illustra-
`tive embodiments may take the form of an entirely hardware
`embodiment, an entirely software embodiment (including
`firmware, resident software, micro-code, etc.), or an embodi-
`ment combining software and hardware aspects that may all
`generally be referred to herein as a "circuit," "module," or
`"system." Furthermore, aspects of the illustrative embodi-
`ments may take the form of a computer program product
`embodied in one or more computer readable medium(s) hav-
`ing computer readable program code embodied thereon.
`[0017] Any combination of one or more computer readable
`medium(s) may be utilized. The computer readable medium
`may be a computer readable signal medium or a computer
`readable storage medium. A computer readable storage
`medium may be, for example, but not limited to, an elec-
`tronic, magnetic, optical, or semiconductor system, appara-
`tus, or device, or any suitable combination of the foregoing.
`More specific examples (a non-exhaustive list) of the com-
`puter readable storage medium would include the following:
`a portable computer diskette, a hard disk, a random access
`memory (RAM), a read-only memory (ROM), an erasable
`programmable read-only memory (EPROM or Flash
`memory), a portable compact disc read-only memory (CD-
`ROM), an optical storage device, a magnetic storage device,
`or any suitable combination of the foregoing. In the context of
`this document, a computer readable storage medium may be
`any tangible medium that can store a program for use by or in
`connection with an instruction execution system, apparatus,
`or device. In addition, a computer readable storage medium
`excludes all propagation media, such as signals and carrier
`waves.
`[0018] A computer readable signal medium may include a
`propagated data signal with computer readable program code
`embodied therein, for example, in baseband or as part of a
`carrier wave. Such a propagated signal may take any of a
`variety of forms, including, but not limited to, electro-mag-
`netic, infra-red, or any suitable combination thereof. A com-
`puter readable signal medium may be any computer readable
`medium that is not a computer readable storage medium and
`that can communicate, propagate, or transport a program for
`use by or in connection with an instruction execution system,
`apparatus, or device.
`[0019] Program code embodied on a computer readable
`medium may be transmitted using any appropriate medium,
`including but not limited to wireless, wireline, optical fiber
`cable, RF, etc., or any suitable combination of the foregoing.
`[0020] Computer program code for carrying out operations
`for aspects of the illustrative embodiments may be written in
`any combination of one or more programming languages,
`
`

`

`US 2015/0033221 Al
`
`Jan. 29, 2015
`
`2
`
`including an object oriented programming language such as
`Java, Smalltalk, C++ or the like and conventional procedural
`programming languages, such as the "C" programming lan-
`guage or similar programming languages. The program code
`may execute entirely on the user's computer, partly on the
`user's computer, as a stand-alone software package, partly on
`the user's computer and partly on a remote computer or
`entirely on the remote computer or server. In the latter sce-
`nario, the remote computer may be connected to the user's
`computer through any type of network, including a local area
`network (LAN) or a wide area network (WAN), or the con-
`nection may be made to an external computer (for example,
`through the Internet using an Internet Service Provider).
`[0021] Aspects of the
`illustrative embodiments are
`described below with reference to flowchart illustrations and/
`or block diagrams of computer-implemented methods, com-
`puter systems, and computer program products according to
`illustrative embodiments. It will be understood that each
`block of the flowchart illustrations and/or block diagrams,
`and combinations of blocks in the flowchart illustrations and/
`or block diagrams, can be implemented by computer program
`instructions. These computer program instructions may be
`provided to a processor of a general purpose computer, spe-
`cial purpose computer, or other programmable data process-
`ing apparatus to produce a machine, such that the instruc-
`tions, which execute via the processor of the computer or
`other programmable data processing apparatus, create means
`for implementing the functions/acts specified in the flowchart
`and/or block diagram block or blocks.
`[0022] These computer program instructions may also be
`stored in a computer readable storage medium that can direct
`a computer, other programmable data processing apparatus,
`or other devices to function in a particular manner, such that
`the instructions stored in the computer readable storage
`medium produce an article of manufacture including instruc-
`tions which implement the function/act specified in the flow-
`chart and/or block diagram block or blocks.
`[0023] The computer program instructions may also be
`loaded onto a computer, other programmable data processing
`apparatus, or other devices to cause a series of operational
`steps to be performed on the computer, other programmable
`apparatus or other devices to produce a computer imple-
`mented process such that the instructions which execute on
`the computer or other programmable apparatus provide pro-
`cesses for implementing the functions/acts specified in the
`flowchart and/or block diagram block or blocks.
`[0024] With reference now to the figures, and in particular,
`with reference to FIGS. 1-4, diagrams of data processing
`environments are provided in which illustrative embodiments
`may be implemented. It should be appreciated that FIGS. 1-4
`are only meant as examples and are not intended to assert or
`imply any limitation with regard to the environments in which
`different embodiments may be implemented. Many modifi-
`cations to the depicted environments may be made.
`[0025] FIG. 1 depicts a pictorial representation of a net-
`work of data processing systems in which illustrative embodi-
`ments may be implemented. Network data processing system
`100 is a network of computers and other data processing
`devices in which the illustrative embodiments may be imple-
`mented. Network data processing system 100 contains net-
`work 102, which is the medium used to provide communica-
`tions links between the computers and the other data
`processing devices connected together within network data
`processing system 100. Network 102 may include connec-
`
`tions, such as wire communication links, wireless communi-
`cation links, or fiber optic cables.
`[0026]
`In the depicted example, server 104 and server 106
`connect to network 102, along with storage 108. Server 104
`and server 106 may be, for example, server computers with
`high-speed connections to network 102. In addition, server
`104 and/or server 106 may provide one or more services to
`client devices connected to network 102. For example, server
`104 and/or server 106 may generate and manage a plurality of
`different virtual machine (VM) images for the client devices.
`[0027] A virtual machine image is a software implementa-
`tion of a computing environment in which a guest operating
`system (OS) can be installed and run. A virtual machine
`image typically emulates a physical computing environment,
`but requests for central processing unit (CPU), memory, hard
`disk drive, network interface card, and other hardware
`resources are managed by a virtualization layer that translates
`these requests to the underlying physical hardware. Virtual
`machines are generated within a virtualization layer, such as
`a virtual machine manager or hypervisor that runs on top of an
`operating system. This operating system is known as the host
`operating system, as opposed to the guest operating systems
`running in the different virtual machine images. The virtual-
`ization layer can be used to create many individual, isolated
`virtual machine images.
`[0028] Clients 110, 112, and 114 also connect to network
`102. Clients 110, 112, and 114 are clients to server 104 and/or
`server 106. In the depicted example, server 104 and/or server
`106 may provide information, such as boot files, operating
`system images, and applications to clients 110, 112, and 114.
`Users of clients 110, 112, and 114 may utilize clients 110,
`112, and 114 to access the services provided by server 104
`and/or server 106.
`[0029] Clients 110, 112, and 114 may be, for example,
`mobile data processing systems, such as cellular telephones,
`smart phones, personal digital assistants, gaming devices, or
`handheld computers, with wireless communication links to
`network 102. In addition, clients 110, 112, and 114 may be
`personal computers, network computers, set-top boxes, and/
`or portable computers, such as laptop computers, with wire
`and/or wireless communication links to network 102. It
`should be noted that clients 110, 112, and 114 may represent
`any combination of computers and mobile data processing
`systems connected to network 102.
`[0030] Storage 108 is a network storage device capable of
`storing data in a structured or unstructured format. Storage
`108 may provide, for example, storage of: a plurality of
`different virtual machine images; names and identification
`numbers of a plurality of users; and account information
`associated with each of the plurality of users. Furthermore,
`storage unit 108 may store other data, such as authentication
`or credential data that may include user names, passwords,
`and/or biometric data associated with the plurality of users
`and/or system administrators.
`[0031] Also, it should be noted that network data process-
`ing system 100 may include any number of additional server
`devices, client devices, and other devices not shown. Program
`code located in network data processing system 100 may be
`stored on a computer readable storage medium and down-
`loaded to a computer or other data processing device for use.
`For example, program code may be stored on a computer
`readable storage medium on server 104 and downloaded to
`client 110 over network 102 for use on client 110.
`
`

`

`US 2015/0033221 Al
`
`Jan. 29, 2015
`
`3
`
`In the depicted example, network data processing
`[0032]
`system 100 is the Internet with network 102 representing a
`worldwide collection of networks and gateways that use the
`Transmission Control Protocol/Internet Protocol (TCP/IP)
`suite of protocols to communicate with one another. At the
`heart of the Internet is a backbone of high-speed data com-
`munication lines between major nodes or host computers,
`consisting of thousands of commercial, governmental, edu-
`cational, and other computer systems that route data and
`messages. Of course, network data processing system 100
`also may be implemented as a number of different types of
`networks, such as for example, an intranet, a local area net-
`work (LAN), or a wide area network (WAN). FIG. 1 is
`intended as an example, and not as an architectural limitation
`for the different illustrative embodiments.
`[0033] With reference now to FIG. 2, a diagram of a data
`processing system is depicted in which illustrative embodi-
`ments may be implemented. Data processing system 200 is an
`example of a computer, such as server 104 or client 110 in
`FIG. 1, in which computer readable program code or instruc-
`tions implementing processes of illustrative embodiments
`may be located. In addition, data processing system 200 may
`be implemented in a distributed cloud computing environ-
`ment where tasks are performed by remote devices linked via
`a communication network, such as network 102 in FIG. 1. In
`this illustrative example, data processing system 200 includes
`communications fabric 202, which provides communications
`between processor unit 204, memory 206, persistent storage
`208, communications unit 210, input/output (I/O) unit 212,
`and display 214.
`[0034] Processor unit 204 serves to execute instructions for
`software applications or programs that may be loaded into
`memory 206. Processor unit 204 may be a set of one or more
`processors or may be a multi-processor core, depending on
`the particular implementation. Furt